Privacy Policy

Effective Date: March 20, 2026

Odyssey by Phantom Labs ("we," "our," or "us") provides an AI-powered life coaching application. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

1. Information We Collect

Account Information

• Name and email address (provided at signup or via Apple/Google sign-in)
• Profile photo URL (if signing in with Google)
• Authentication credentials (passwords are hashed and never stored in plain text)

Coaching Data

• Goals, descriptions, and target values you set
• Motivations, future vision, and personal reflections you share
• Life satisfaction scores across areas like health, career, relationships, finances, and mindset
• Milestones, tasks, and progress tracking
• Belief reframes (old and new beliefs you identify)

Chat Messages

• Messages you send to your AI coach and the coach's responses
• AI-generated coaching notes about patterns, breakthroughs, and strategies that work for you

Check-ins & Wellbeing Data

• Daily mood and energy ratings (1-5 scale)
• Free-text reflections on how you're feeling
• Daily plans and completion status
• Streak and activity data

Device & Usage Information

• Device type, operating system, and app version
• App usage events (e.g., screens visited, features used)
• Session duration and engagement patterns
• We do not collect location data, advertising identifiers, or contacts

2. How We Use Your Information

• Personalized coaching: Your goals, reflections, and chat history are used to provide tailored AI coaching responses and track your progress
• Coach memory: The AI maintains notes about your patterns and preferences to deliver more relevant guidance over time
• Service operation: Account management, authentication, subscription processing, and rate limiting
• Product improvement: Aggregated, anonymized usage analytics to understand how people use the app and improve the experience
• Notifications: Scheduled locally on your device for check-in reminders and streak alerts (no notification data is sent to external servers)

3. Third-Party Services

We use the following services to operate Odyssey. Each processes your data under their own privacy policies:

Supabase (Backend & Database)

• Stores your account, goals, chat messages, check-ins, and coaching data
• Handles authentication and session management
• Hosted on AWS infrastructure
• Privacy policy: supabase.com/privacy

Anthropic (AI Coaching)

• Your chat messages and goal context are sent to Anthropic's Claude API to generate coaching responses
• Data is processed via a secure server-side function — your device never communicates directly with Anthropic
• Anthropic's API data retention policies apply
• Privacy policy: anthropic.com/privacy

RevenueCat (Subscriptions)

• Manages subscription status, purchase history, and billing
• Receives your user ID, device identifier, and purchase data
• Does not receive your coaching data or chat messages
• Privacy policy: revenuecat.com/privacy

PostHog (Analytics)

• Tracks anonymized usage events (e.g., "onboarding completed," "message sent")
• Receives your user ID, device type, and app version
• Does not receive your chat messages, goals, or personal reflections
• US-based servers
• Privacy policy: posthog.com/privacy

Apple (Authentication & Payments)

• Processes in-app purchases and manages Apple Sign-In
• Privacy policy: apple.com/privacy

4. Data Storage & Security

• Your data is stored on Supabase's cloud infrastructure with encryption at rest and in transit
• A copy of your data is also cached locally on your device for offline access, protected by your device's built-in encryption
• Authentication tokens are short-lived and automatically refreshed
• We use row-level security policies to ensure users can only access their own data

5. Data Retention

• Your data is retained as long as your account is active
• Chat history, goals, and check-ins are stored indefinitely while your account exists
• Daily plans older than 30 days are automatically cleaned up on your device
• If you delete your account, we will delete all associated data from our servers within 30 days

6. Your Rights

You have the right to:

• Access your personal data — all your data is visible within the app
• Delete your account and all associated data — contact us at the email below
• Opt out of notifications at any time via the app's settings
• Export your data — contact us to request a copy

7. Children's Privacy

Odyssey is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by email. Continued use of Odyssey after changes constitutes acceptance of the updated policy.

9. Contact Us