Privacy Policy
Steady Path is a private habit recovery companion that helps users reflect, delay urges, write journals, record relapses without shame, view progress, and manage optional subscriptions. This Privacy Policy explains what information the app handles, why it is used, how it is protected, and what choices you have.
This policy is specific to Steady Path users, and it does not copy the text of any third-party privacy policy.
Important wellness and safety notice: Steady Path is a self-support and habit reflection tool. It is not a medical, therapy, diagnosis, emergency, or crisis-response service. If you may harm yourself or someone else, or if you need urgent help, contact local emergency services or a qualified professional immediately.
1. Who we are and scope
In this policy, "Steady Path", "we", "us", and "our" refer to Nanjing Baoluan Information Technology Co., Ltd., the publisher and operator of the Steady Path app. "You" means the person using the app in guest mode, with Apple sign-in, with Google sign-in, or with a paid entitlement.
This policy covers information handled by the mobile app, local device storage, optional sign-in providers, app store purchases, RevenueCat subscription entitlement services, and support or feedback channels. Third-party services are governed by their own privacy policies.
2. Information we may collect or process
The exact information depends on which features you use. The current local-first build is designed to keep core recovery data on your device. If future builds enable cloud sync or backend APIs, the same categories may be transmitted to provide account synchronization, reports, support, and subscription features.
Account and identity information Guest identifier, app session token, provider type, Apple or Google account identifier, optional email, optional display name, locale, first login time, and last login time. We use this to create sessions, support Apple/Google sign-in, keep your app state available, and show your profile.
Recovery and progress information Check-in dates, streak values, sober time, relapse dates, risk level, goals, progress summaries, and trigger factor counts. We use this to display Home, Progress, calendars, insights, and non-shaming recovery feedback.
Journals and reflection content Journal title, journal body, mood, urge intensity, trigger factors, private tags, related urge or relapse identifiers, timestamps, and local drafts. We use this to save your reflections and help you review patterns you choose to record.
Urge rescue and relapse records Urge intensity, trigger factors, selected location context, whether you were alone, action used, reflection, outcome status, relapse scene, feelings, warning signals, and recovery plan. We use this to run rescue flows, match reviewed coping strategies, generate progress summaries, and support relapse review without punishment or shame.
Routine, learning, and game activity Breathing or Kegel routine sessions, duration, cycles, game sessions, scores, moves, result feeling, learning progress, and completed content. We use this to record self-support exercises and show usage history.
Purchases and entitlements RevenueCat app user identifier, store type, product identifier, transaction identifier, original transaction identifier, purchase and expiration times, currency, active entitlement state, and environment. We use this to show paywalls, complete purchases, restore purchases, unlock paid features, list local order history, and handle billing support.
Feedback and support information Feedback message, optional contact information, optional order context, app name, app version, platform, user type, and any information you include in an email. We use this to respond to support requests and investigate issues.
Device, app, and configuration information Platform, app version, language/region preference, notification preferences, local database state, secure-storage keys, feature configuration, and API/store configuration. We use this to run the app correctly, support language switching, schedule local reminders, troubleshoot issues, and meet platform requirements.
3. Sensitive recovery content
Your journals, relapse records, urge logs, trigger factors, feelings, and recovery plans may reveal sensitive wellness or behavioral information. We treat this information as sensitive and use it only for features you request, such as keeping your history, showing summaries, matching reviewed rescue strategies, or restoring your local app state.
You control what you write. Please avoid entering information that you do not want stored on your device or shared through support email. Do not enter emergency medical information, protected health information, or information about another person unless you have the right to do so.
4. Local storage and on-device processing
The current local-first Steady Path build stores core app data on your device, including profiles, check-ins, journals, relapses, urges, routine sessions, game sessions, feedback drafts, and purchase snapshots. The app uses secure storage for session tokens and local identifiers where the platform supports it, and uses a local SQLite database for recovery records. The app configuration enables SQLCipher support for the local database in builds where it is available.
Local data can still be visible to anyone who can unlock your device, restore device backups, inspect developer builds, or access operating system storage. Protect your device with a strong passcode or biometric lock. Uninstalling the app, deleting app data, or using the in-app deletion flow may remove local records from the device, but app store purchase records remain controlled by Apple, Google, and RevenueCat.
5. How we use information
- Provide guest mode, Apple sign-in, Google sign-in, and local account continuity.
- Save and display check-ins, streaks, sober time, goals, journal entries, urge records, relapse reviews, routines, games, and learning progress.
- Generate progress summaries, calendars, trigger-factor rankings, and non-shaming next-step suggestions.
- Run rescue flows, including locally matched or reviewed strategies when backend recommendations are unavailable.
- Process purchases, restore purchases, maintain entitlements, and show order or subscription status.
- Schedule optional local reminders and milestone notifications if you grant notification permission.
- Respond to feedback, support, privacy, account deletion, and billing questions.
- Maintain security, debug issues, prevent misuse, enforce terms, and comply with law or app store requirements.
We do not use your private recovery content to provide medical diagnosis or treatment. We also do not intentionally write private journal content to diagnostic logs.
6. Permissions and optional features
Notifications
If you enable daily check-in, evening journal, or milestone reminders, the app may request notification permission and schedule local notifications. You can turn these reminders off in the app or through device settings.
Camera
The emergency rescue screen may request front camera access so you can see yourself and pause before acting. The current implementation uses a live preview only. Steady Path does not intentionally save or upload camera images or video from this feature.
Microphone
The current app functionality does not intentionally record audio. If a build or platform manifest includes microphone permission, Steady Path will not access the microphone unless a future feature clearly explains the purpose and you grant permission through the operating system.
Email composer
Support and feedback may open your email app. Email is sent only when you choose to send it. The email may include app diagnostics such as app name, app version, platform, and user type, plus any text you write.
7. Third-party services and disclosures
We do not sell your personal information. We may share or allow processing of limited information only where needed to operate the app, complete a feature you choose, comply with law, prevent misuse, or handle support. Third-party services have their own terms and privacy practices.
- Apple: Sign in with Apple, App Store purchases, subscriptions, refunds, and device platform services.
- Google: Google sign-in, Google Play purchases, subscriptions, refunds, and Android platform services.
- RevenueCat: Subscription offerings, purchase and restore flows, entitlement status, and purchase synchronization.
- Email and support providers: Support, feedback, account deletion, privacy requests, and purchase issue handling.
- Hosting, infrastructure, analytics, or crash reporting providers: Public compliance pages, APIs if enabled, security monitoring, error diagnosis, and app reliability. We avoid including private journal content in logs.
8. Purchases, subscriptions, and refunds
Paid digital features, if offered, are purchased through Apple App Store or Google Play and managed through RevenueCat entitlement services. Apple and Google control payment processing, renewal, cancellation, taxes, receipts, and refunds. Steady Path receives or stores only the purchase and entitlement metadata needed to unlock features, restore purchases, display local order history, and provide support.
Deleting your Steady Path account or uninstalling the app does not cancel an Apple App Store or Google Play subscription. You must cancel subscriptions through your Apple or Google account settings.
9. Retention and deletion
Local recovery records remain on your device until you delete them, use the in-app account deletion flow, clear app data, or uninstall the app. If cloud sync or backend services are enabled, server-side account data is kept only for as long as reasonably necessary to provide app functionality, maintain subscriptions and support, meet security needs, resolve disputes, prevent fraud, comply with tax/accounting obligations, and satisfy legal or app store requirements.
When you request account deletion, we take reasonable steps to delete or anonymize app-managed account data associated with the account, subject to retention required for legal, financial, security, dispute, anti-abuse, or store transaction obligations. De-identified or aggregated data that no longer identifies you may be retained for product safety and improvement.
10. Your choices and privacy rights
- You can use guest mode for core app exploration where available.
- You can choose whether to sign in with Apple or Google.
- You can choose what to write in journals, urge records, relapse reflections, feedback, and support emails.
- You can turn reminders and permissions off in the app or in device settings.
- You can request account deletion in the app or through the support contact below.
- Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of personal information.
To exercise privacy rights, contact us using the details in the “Contact us” section. We may need to verify your request before acting on it. Some requests may be limited by law, security, purchase records, or technical constraints of local-only device storage.
11. Legal bases for processing in the EEA/UK
Where GDPR or UK GDPR applies, we rely on one or more of these legal bases: performance of a contract to provide the app features you request; consent for optional permissions, reminders, or certain communications where required; legitimate interests for security, fraud prevention, reliability, support, and product improvement; and legal obligations for tax, accounting, dispute, store, and compliance requirements.
12. International transfers
Steady Path may be available in multiple countries. Third-party services such as Apple, Google, RevenueCat, hosting providers, and support email providers may process information in countries other than where you live. When required, we use reasonable safeguards intended to protect personal information during these transfers.
13. Security
We use reasonable technical and organizational measures designed to protect information, including secure storage for tokens where available, platform data protection, limited logging of sensitive content, local database protections where supported, and restricted use of third-party services. No method of storage or transmission is completely secure. You are responsible for protecting your device, operating system account, app store account, and email account.
14. Children and age requirements
Steady Path is intended for users who are old enough to consent to use the app and to the processing of their data under the laws of their location. We do not knowingly collect personal information from children where parental consent is required. If you believe a child has provided personal information without appropriate consent, contact us and we will take reasonable steps to review and delete it where required.
15. Advertising, sale of personal information, and tracking
Steady Path does not sell personal information. The current local-first build is not designed to show third-party behavioral advertising or to share private recovery content for cross-app advertising tracking. If we add advertising, tracking, or materially different analytics in the future, we will update this policy and request consent where required by platform rules or law.
16. Changes to this policy
We may update this Privacy Policy when the app, legal requirements, platform rules, or third-party services change. The updated version will show a new effective date. If changes materially affect your rights or how sensitive recovery content is handled, we will provide a reasonable notice method, such as an in-app notice, app listing update, website notice, or email where appropriate.
17. Contact us
For privacy, account deletion, support, or billing questions, contact us at:
Email: njbaoluan2025@gmail.com
Suggested subject lines: “Steady Path Privacy Request”, “Steady Path Account Deletion”, or “Steady Path Purchase Support”. Please do not include unnecessary sensitive journal or recovery details in your email.
中文摘要
Steady Path 是一个习惯恢复、自我反思、冲动急救、日记、复发记录和进度查看工具,不是医疗、心理治疗、诊断或危机干预服务。当前 local-first 版本会优先把恢复记录保存在你的设备上;如果你使用 Apple/Google 登录、RevenueCat/应用商店订阅、通知、相机急救预览或邮件支持,相应第三方可能处理完成这些功能所需的有限信息。
你的日记、冲动记录、触发因素、复发复盘和恢复计划可能非常敏感。请只记录你愿意保存在设备或通过支持渠道提供的信息。你可以使用游客模式、关闭通知、拒绝相机权限、选择不提交反馈,并可通过应用内入口或上方邮箱请求账号/数据删除。应用账号删除不会自动取消 Apple 或 Google 订阅,订阅需在对应商店账号设置中取消。
如英文正文与中文摘要存在差异,以英文正文为准;中文摘要仅用于帮助中文用户理解重点。