Privacy Policy

1. Introduction

Sudo Ego, Inc. ("Company," "we," "us," or "our") operates the sudo ego mobile application ("App" or "Service"). This Privacy Policy explains how we collect, use, store, and protect personal information from users ("you" or "User") of the App.

Operator Information

Age Restriction

sudo ego is available to users aged 16 and older only. Account registration is conditioned on your attestation that you are 16 years of age or older. If we learn that a user is under 16, we will immediately delete that account and all associated data.

Scope

This Privacy Policy applies to all personal information processed through the sudo ego App, our website at https://sudoego.app, and all related services. Third-party services linked within the App are governed by their own privacy policies, which we do not control.

2. Information We Collect

We collect only the minimum personal information necessary to provide the Service. Items we do not collect are expressly identified below.

A. Account Data

Data we do not collect: Raw passwords (Supabase Auth hashes passwords and we have no direct access), full legal name, phone number, physical address.

B. Identity Card Data

Image Storage: Card images are stored on a content delivery network (CDN) at unique, hard-to-guess URLs. Anyone who possesses such a URL can access the image — including images attached to private cards. Directory listing (browsing of file lists) is blocked. We recommend not uploading sensitive images.

C. Voice Data

How Voice Processing Works:

sudo ego does not collect, store, or transmit raw voice audio. When you use Voice Mode for Ritual authentication, your voice is processed in real time by your device's operating system speech recognition engine — Apple's SFSpeechRecognizer on iOS and Google Speech Services on Android. We receive only the transcribed text result from the OS. That text is compared against your pre-set affirmation phrase and then immediately discarded from memory. The transcribed text is never transmitted to our servers.

For information about how Apple and Google process your voice, please review their respective privacy policies. For Illinois residents, see Section 15 (Illinois Biometric Information Notice).

D. App Usage Data

E. Ritual Activity Data

F. Social / Pulse Data

G. Technical Data

About device identifiers: The device identifier we collect is Apple's IDFV (Identifier for Vendor) on iOS and the Android ID on Android. These are vendor-scoped identifiers limited to our own app. They are not advertising identifiers (IDFA/GAID), are not shared with advertising networks or other apps, and cannot be used for cross-app tracking.

Data we do not collect: Precise location data (GPS coordinates, exact addresses), contacts, photo library (except images you explicitly upload for a card), Bluetooth identifiers, advertising identifiers (IDFA/GAID).

Error monitoring (Sentry): Crash logs and error events (stack traces, timestamps, device model/OS version, app version, and an internal pseudonymous user ID) are transmitted to and processed by our error-monitoring service provider Sentry (Functional Software, Inc., USA) to maintain service stability. Direct identifiers such as your name or email address are not sent. See 5.1 Service Providers and 6. International Data Transfers. For product usage analytics (PostHog), see J. Analytics & Usage Data.

H. Payment Data

Data we do not collect: Credit card numbers, card expiration dates, CVV codes, or any other payment instrument details. Payment processing is handled entirely by Apple App Store or Google Play Store. We have no direct access to that information.

I. Regional & Language Data

We collect coarse regional and language information reported by your device for service operation and analytics purposes. This data is categorically different from precise location data (GPS, exact coordinates).

When this data is collected:

• Device locale and country code: automatically collected on first login, refreshed on app launch
• UI language: determined automatically from the device OS language; the user may change it at any time in Settings → Language
• Payment country: on first subscription, or when RevenueCat customerInfo synchronizes

How this data is collected: This information is collected automatically through standard operating system APIs (iOS Locale.current, Android Locale.getDefault(), Apple App Store / Google Play Store billing region). We do not request location permissions from the user and do not employ any positioning technology based on GPS, Wi-Fi, or cellular signals.

Important notice:

• Accuracy is at the country level (margin of error up to several hundred kilometers). State, city, district, or street-level information is not included.
• If a user employs a VPN or modifies their system region settings, the collected value may differ from their actual country of residence. We do not validate this.
• This information is not used for targeted advertising, location-based recommendations, or sharing with third-party advertising networks.
• Users may request deletion of all personal information, including this data, via Settings → Account → Delete Account.

J. Analytics & Usage Data

We use a third-party product analytics tool (PostHog) to collect app usage data for product improvement.

Important notice:

• Analytics events do not include your email address, nickname, Identity Card affirmation text, or any other content or directly identifying information.
• We do not collect advertising identifiers (IDFA/GAID), do not perform cross-app tracking, and do not use analytics data for advertising purposes.
• Analytics data is stored and processed in PostHog's European Union (EU) region (eu.i.posthog.com). See Section 6 (International Data Transfers).

3. Sensitive Information

3.1 Sensitive Content in Identity Cards

Affirmation phrases users enter into Identity Cards may, depending on what the user writes, contain sensitive personal information, including:

• Religious beliefs or worldview
• Health conditions or medical information
• Sexual orientation or gender identity
• Political opinions
• Other sensitive personal matters

We do not analyze, classify, or use the content of these phrases for any purpose other than performing the matching function required to unlock the Ritual. You are solely responsible for the content you enter. If you set a card to Public, that content will be visible to other users of the App. We strongly recommend keeping cards that contain sensitive content set to Private.

Under applicable US state privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and others — we obtain your opt-in consent before processing sensitive data in Identity Cards. Under GDPR Article 9, processing of special category data (including data revealing religious or philosophical beliefs, health data, or data concerning sexual orientation) requires your explicit consent; this consent is obtained in-app and can be withdrawn at any time through your account settings.

3.2 Voice Data Processing

Raw voice audio is never collected. Please see Section 2, Category C (Voice Data) for a full explanation of how voice authentication is processed. For Illinois residents, see also Section 15 (Illinois Biometric Information Notice).

4. App Usage Data & System Permissions

4.1 Android System Permissions

PACKAGE_USAGE_STATS (App Usage Statistics)

• Why we need it: To detect when an app on your locked-app list has been launched, so that we can display the lock screen overlay.
• What we access: We check only whether a specific app you have configured is running in the foreground. We do not collect usage duration, usage frequency, or any other statistics.
• Server transmission: None. All processing occurs on your device.
• What we do not access: Usage data for any app not on your locked-app list, screen content, typed text.

AccessibilityService (Android)

• Why we need it: To detect in real time when a locked app moves to the foreground, allowing us to display the lock screen immediately rather than relying on polling.
• What we access: We monitor only whether a specific app you have configured has become the active foreground app.
• What we do not access: Screen content, typed text, passwords, any content from apps not on your locked-app list.
• Server transmission: None. All processing occurs on your device.

We configure canRetrieveWindowContent=false, explicitly disabling any ability to read screen content.

SYSTEM_ALERT_WINDOW (Draw Over Other Apps)

• Why we need it: To display the lock screen overlay on top of the blocked app when its launch is detected.
• What we access: This permission is used solely to render the overlay UI. We do not use it to read or interact with underlying app content.

FOREGROUND_SERVICE

• Why we need it: To keep the app-lock detection service running while the App is in the background, so that the lock screen appears even when sudo ego is not in the foreground.
• Notification: The operating system requires a visible notification while this service is active. A persistent notification will be displayed in your notification tray.

4.2 iOS System Permissions

Family Controls / Screen Time API

• Why we need it: To restrict access to the apps you have selected until your daily Ritual is complete.
• What we access: Only the apps you select through the FamilyActivityPicker interface.
• Server transmission: None. The entire process is handled locally within Apple's Screen Time framework.
• What we do not access: Actual usage time, usage frequency, or any other Screen Time statistics for any app.

Microphone Permission (NSMicrophoneUsageDescription)

• Why we need it: To receive your voice input when you use Voice Mode for Ritual authentication.
• How it is processed: Audio received through the microphone is immediately converted to text by the device OS (SFSpeechRecognizer). The raw audio is never stored. See Section 2, Category C for full details.

5. Third-Party Sharing

We do not sell your personal information to third parties. We do not share your personal information with third parties for targeted advertising purposes. We share personal information with service providers only to the extent necessary to operate the Service.

5.1 Service Providers

5.2 Other Circumstances for Disclosure

We may disclose personal information in the following limited circumstances:

• Legal obligations: In response to a court order, subpoena, government request, or other legal process, or to comply with applicable law.
• Protection of users: When disclosure is necessary to protect the life, safety, or property of any person.
• Business transfers: In connection with a merger, acquisition, asset sale, or similar transaction, subject to prior notice to you and subject to any acquirer being bound by terms no less protective than this Privacy Policy.

6. International Data Transfers

6.1 Transfers from the United States

Our primary servers are located in the United States (Virginia, AWS us-east-1, operated by Supabase). Subscription data is processed by RevenueCat, Inc. (US) and crash diagnostics by Functional Software, Inc. (Sentry, US). Product analytics data is processed by PostHog, Inc. in the European Union (EU region, eu.i.posthog.com) and is not transferred to the United States. If you access the App from outside these regions, your personal information will be transferred to and processed in them. US privacy laws may differ from the laws of your country of residence.

6.2 Transfers from the EU/EEA (GDPR, Chapter V)

For users located in the European Economic Area, transfers of personal information from the EU/EEA to the United States (Supabase, RevenueCat, Sentry) are made pursuant to Standard Contractual Clauses (SCCs) incorporated into our data processing agreements with those providers. Product analytics data processed by PostHog remains within the EU (eu.i.posthog.com) and does not leave the EEA. For information on whether a provider has obtained EU-US Data Privacy Framework certification, please see that provider's privacy page (linked in 5.1).

6.3 Transfers from Other Jurisdictions

For users located in the Republic of Korea, personal information is transferred internationally as described in the tables below.

(1) Supabase, Inc.

(2) Functional Software, Inc. (Sentry)

(3) RevenueCat, Inc.

(4) PostHog, Inc.

You have the right to refuse consent to international transfer; however, if you do so, you will not be able to use the Service.

7. Data Retention & Deletion

7.1 Retention Periods

7.2 Account Deletion Procedure

When you request deletion of your account, we process the request as follows:

1. Submit request: Via in-app Settings → Account → Delete Account, or by emailing contact@sudoego.app.
2. Processing time: All personal information is deleted within 30 days of receiving your request.
3. Scope of deletion: Account, Identity Cards, uploaded images, Ritual records, social activity records, technical data.
4. Exceptions: Data that we are legally required to retain, or the minimum data necessary to resolve an ongoing dispute, is retained until the applicable obligation or dispute is resolved.
5. Supabase backup: After we process your deletion request, Supabase's internal backup systems will fully purge your data within an additional maximum of 7 days.

7.3 Voice Data Automatic Disposal Policy

Raw voice audio is not collected. STT transcribed text is discarded from memory immediately after the matching check is complete and is never sent to any server. There is no retention period because there is no stored data.

8. Your Rights

8.1 Rights Available to All Users

Regardless of where you live, you may exercise the following rights with respect to your personal information:

8.2 Additional Rights for EU/EEA Users (GDPR)

If you are located in the EU or EEA, you also have:

• Right to Object (Art. 21): You may object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
• Right to Object to Automated Decision-Making (Art. 22): We do not make decisions with legal or similarly significant effects about you based solely on automated processing.
• Right to Withdraw Consent (Art. 7(3)): Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
• Right to Lodge a Complaint: You have the right to file a complaint with the data protection supervisory authority of your EU/EEA member state. A list of EU DPAs is available at edpb.europa.eu.

8.3 US State-Specific Rights

Rights Available to Residents of Virginia, Colorado, Connecticut, Texas, Delaware, New Hampshire, New Jersey, Tennessee, Minnesota, Nebraska, Indiana, Kentucky, Rhode Island, Iowa, Montana, Oregon, Utah, and Other States with Enacted Privacy Laws

• Right to access personal data we hold about you
• Right to correct inaccurate personal data
• Right to delete personal data
• Right to data portability
• Right to opt out of the sale of personal data — We do not sell your personal data
• Right to opt out of targeted advertising — We do not engage in targeted advertising
• Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects — We do not engage in such profiling
• Right to opt in before we process sensitive personal data (applicable in Virginia, Colorado, Connecticut, and other states with opt-in requirements for sensitive data)

Global Privacy Control (GPC): We recognize the Global Privacy Control signal as required by Colorado (CPA), Oregon (OCPA), and other laws that mandate recognition of a Universal Opt-Out Mechanism (UOOM). If we receive a GPC signal from your browser or device, we will treat it as a request to opt out of the sharing of your personal information.

Response Time: We will respond to rights requests within 45 days of receipt. If we require additional time (up to 45 additional days), we will notify you in advance.

Appeals: If we deny your request, you may appeal by contacting us at contact@sudoego.app. We will respond to your appeal within 60 days.

Maryland (MODPA) — Data Minimization: In compliance with Maryland's data minimization requirements, we collect only data that is reasonably necessary to provide the Service. We do not collect precise location data (GPS), contacts, photo libraries (beyond images you explicitly select for a card), Bluetooth identifiers, or advertising identifiers. Coarse country-level regional data (ISO 3166-1) is collected for analytics — see 2.I.

9. Children's Privacy

9.1 Age Restriction

sudo ego is available only to users who are 16 years of age or older. We do not knowingly collect personal information from anyone under the age of 16.

9.2 Age Confirmation

Account registration is conditioned on your attestation that you are 16 years of age or older. We do not separately collect your date of birth or other age source data.

9.3 Handling of Minor Data

If we become aware that personal information has been collected from a user under the age of 16, we will delete that information without delay. If you believe that a child under 16 has provided personal information to our Service, please contact us immediately at contact@sudoego.app.

9.4 Applicable Law

A minimum age of 16 is at or above the age thresholds at which major privacy laws require parental consent, so no parental-consent mechanism applies to the Service.

• COPPA (US): The Children's Online Privacy Protection Act applies to services directed at children under 13. Because sudo ego restricts users to age 16 and above and requires an age attestation at sign-up, COPPA does not apply; the age gate is designed to prevent collection of data from children under 13.
• Korea (PIPA): Under Article 22-2 of the Korean Personal Information Protection Act, processing the personal information of children under 14 requires legal-guardian consent. Because the Service is restricted to users 16 and older, this requirement does not apply.
• EU GDPR Article 8: Member states set the age of digital consent for information society services between 13 and 16. A minimum age of 16 meets or exceeds the threshold in every member state, so parental consent is not required.
• California AADC: The California Age-Appropriate Design Code Act addresses online services likely to be accessed by minors. We apply the same high default privacy protections to all users regardless of age: no targeted advertising, no behavioral profiling, no precise geolocation tracking, and no sale of personal information.
• Users aged 16–17: Minor users receive the same privacy protections as adults under this policy.

10. Cookies & Similar Technologies

10.1 Mobile App

The sudo ego mobile App does not use third-party tracking cookies or advertising identifiers (IDFA / GAID). We store a Supabase authentication token in your device's secure storage to maintain your login session. This token is deleted when you log out or delete your account.

10.2 Website (sudoego.app)

Our website at sudoego.app uses only essential functional cookies required for basic site operation (e.g., session management). We do not use advertising cookies or cross-site tracking cookies. A cookie notice is presented separately when you visit the website.

11. Security Measures

We implement technical and organizational measures to protect your personal information against unauthorized access, loss, alteration, or destruction.

11.1 Technical Safeguards

11.2 Organizational Safeguards

• Access to personal information is restricted to personnel who need it to perform their job functions.
• Personnel handling personal information receive regular security training.
• Internal procedures governing the handling of personal information are established and maintained.

11.3 Data Breach Response

In the event of a personal data breach:

• Within 72 hours: We will notify the relevant supervisory authority (where required under GDPR or applicable US state law) if the breach is likely to result in a risk to the rights and freedoms of individuals.
• Without undue delay: We will notify affected users directly if the breach is likely to result in a high risk to their rights and freedoms.
• Notification channel: Notification will be sent to the email address associated with your account, and/or via in-app notice.

12. Changes to This Policy

12.1 How We Notify You

We will notify you of changes to this Privacy Policy as follows:

• Minor changes: Update the "Last Modified" date at the top of this document, with a notice posted within the App.
• Material changes: Email notice to the address associated with your account plus an in-app pop-up notice, provided at least 30 days before the changes take effect.
• Examples of material changes: Adding new categories of data collected, adding new third-party service providers, or changing the purposes for which data is used.

12.2 Continued Use

If you continue to use the Service after a revised policy takes effect, that constitutes your acceptance of the revised policy. For material changes, we will request your affirmative consent before the change takes effect. If you do not consent, you may stop using the Service or delete your account.

13. Contact Information

13.1 Privacy Officer / Data Protection Officer

For questions about this Privacy Policy, to exercise your privacy rights, or to submit a complaint, please contact:

We will respond to privacy rights requests within 45 days of receipt. For GDPR requests, we will respond within the one-month period required by applicable law (extendable by two additional months for complex requests, with prior notice).

13.2 Supervisory Authorities

If you are not satisfied with our response to your privacy concern, you have the right to contact the applicable supervisory authority:

14. California Privacy Notice (CCPA/CPRA)

14.1 Categories of Personal Information Collected — CCPA Mapping

14.2 Sale or Sharing of Personal Information

sudo ego does not sell California residents' personal information and does not share California residents' personal information with third parties for cross-context behavioral advertising purposes.

Because we do not sell or share personal information as defined under CCPA/CPRA, a "Do Not Sell or Share My Personal Information" opt-out link is not legally required. Nonetheless, to ensure you can exercise your rights, you may submit any opt-out request at any time by emailing contact@sudoego.app.

14.3 California Residents' Rights

14.4 Automated Decision-Making Technology (ADMT)

The sudo ego app-lock feature operates based solely on conditions you configure in advance (your list of locked apps and your Ritual schedule). We do not use algorithmic profiling to analyze your behavior and make automated decisions. Users retain full control over their settings at all times.

14.5 How to Exercise Your California Rights

California residents may submit up to two free requests per 12-month period. To exercise your rights:

• Email: contact@sudoego.app
• In-app: Settings → Account (for deletion and certain other rights)

We will verify your identity before processing your request and respond within 45 days. If additional time is needed (up to a 45-day extension), we will notify you.

15. Illinois Biometric Information Notice (BIPA)

15.1 Non-Collection of Biometric Data

sudo ego does not collect, capture, purchase, receive through trade, or otherwise obtain biometric identifiers or biometric information as defined under BIPA.

When you use the Voice Mode feature for Ritual authentication, your voice is processed entirely by your device's operating system speech recognition engine — Apple's SFSpeechRecognizer on iOS and Google Speech Services on Android. The App receives only the text result produced by the OS; it does not directly access, record, or store your raw voice audio. Accordingly, the App does not collect "biometric identifiers" (including voiceprints or retina or iris scans) or "biometric information" as those terms are defined in BIPA.

Because we do not collect biometric data, we do not have a written policy governing its retention and destruction schedule as described in 740 ILCS 14/15(a), as that provision applies only to entities that do collect such data.

15.2 Texas Biometric Data Notice (CUBI)

For users in Texas, with respect to the Texas Capture or Use of Biometric Identifier Act (CUBI, Tex. Bus. & Com. Code § 503.001 et seq.): because we do not capture or use any biometric identifier (including voice prints or retina or iris scans), CUBI does not apply to our processing activities.

15.3 Other State Biometric Laws

The same principle applies to users in Washington State (RCW Chapter 19.375), Arkansas (Ark. Code Ann. § 4-110-103), and any other jurisdiction with laws governing biometric data: we do not collect raw voice audio or any other biometric identifier, so those laws' collection, consent, and retention requirements are not triggered.

15.4 Contact for BIPA Inquiries

For any questions related to this notice or BIPA compliance, please contact us at contact@sudoego.app.

Appendix: Data Category Summary