Privacy Policy

Last updated — [ EFFECTIVE DATE ]

This Privacy Policy explains how [LEGAL ENTITY NAME] (“Already,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use the Already mobile application and related services (the “App”).

Already lets you upload a photo of yourself and uses artificial intelligence to generate photorealistic images of your “future self” living the life you’re working toward, then guides you through a short daily visualization practice built around those images. Because the App processes images of your face, please read the section on Facial Images and AI Generation carefully.

Plain-language summary (not a substitute for the full policy): You upload a selfie. We send it to a third-party AI image service to generate pictures of your future self. We store your reference photo and generated images securely so the App can create new images for you each day. We do not sell your personal information, we do not use your photos to build a face-recognition database, and you can delete your data at any time. You must be 18 or older to use Already.

1. Who we are and how to contact us

The App is operated by [LEGAL ENTITY NAME], located in [STATE/COUNTRY]. For any privacy question or request, contact us at [[email protected]].

For users in the EEA/UK, [LEGAL ENTITY NAME] is the “controller” of your personal data for the purposes of applicable data-protection law.

2. Age requirement — 18 and over only

Already is intended only for adults aged 18 or older. We do not knowingly collect personal information from anyone under 18. Because the App processes facial images, this age restriction is strict. If we learn that we have collected information from a person under 18, we will delete it. If you believe a minor has provided us information, contact [[email protected]].

3. Information we collect

a. Facial and body images you provide

When you use the core feature, you upload a photo of your face (and, optionally, a full-body photo). These are used to generate your future-self images. See Section 5 for how we handle them.

b. Images we generate

The AI-generated images of your future self that the App creates for you, including the daily variations.

c. Information you give us during onboarding

To personalize your experience, the App asks for things such as your first name, age range, gender, a mood check-in, what you’d like to work on or are struggling with, people who matter to you, your prior experience with manifestation, and—if you choose the “specific goal” path—a free-text description of a goal, a timeline, and an achievement moment. Some of this can be sensitive (for example, references to wellbeing, relationships, or personal struggles). We use it only to tailor your images, sessions, and notes.

d. Account and subscription information

A device-based anonymous identifier created when you first open the App, and—if you choose to sign in—your Sign in with Apple identifier. Subscription status, plan, and purchase history are managed through Apple and our subscription provider (RevenueCat). We never receive or store your full payment-card details; Apple processes payments.

e. Usage, device, and analytics data

App interactions, screens viewed, features used, session length, streak activity, device type, operating-system version, language, time zone, and general diagnostics.

f. Attribution and advertising identifiers

If you grant permission through Apple’s App Tracking Transparency (ATT) prompt, we and our partners may use your device’s advertising identifier and similar data to measure where installs come from and how our marketing performs. You can decline, and you can change this anytime in your device settings.

g. Notification preferences

The time of day you choose for reminders and whether you’ve allowed push notifications.

We do not ask for or intentionally collect government IDs, precise GPS location, contacts, or health records.

4. How we use your information

We use your information to:

generate your future-self images and daily variations;
deliver the guided daily visualization sessions, future-self notes, widgets, and lock-screen content;
personalize content based on your onboarding responses;
operate subscriptions, entitlements, and usage limits;
send the reminders and re-engagement notifications you’ve enabled;
moderate content for safety (see Section 7);
measure and improve the App, fix bugs, and understand usage;
measure marketing performance and attribution (only with your ATT permission, where required);
comply with law and enforce our Terms.

Legal bases (EEA/UK users): we rely on your consent (for facial-image processing, tracking, and notifications), performance of a contract (to provide the App and your subscription), and our legitimate interests (to secure, maintain, and improve the App), as applicable.

5. Facial images and AI generation — how we handle your photos

This is the most sensitive data the App handles, so we treat it specifically:

What we do with your photo. Your uploaded photo is used as a visual reference to generate images of your future self. To create the images, your photo is transmitted to our AI image-generation provider, Google (Gemini API), through our secure backend. We use these services under terms that do not permit your content to be used to train the providers’ models. (Verify against your provider agreements before publishing.)
What we do NOT do. We do not use your photo to identify you, we do not create a facial-recognition template or “faceprint” for identification purposes, and we do not sell or share your images with advertisers or data brokers, or add them to any public or searchable database.
Storage and retention. Your reference photo and generated images are stored securely (encrypted in transit and at rest) in our backend ([Supabase]). Because features like daily auto-generation and regeneration rely on your reference image, we retain it while your account is active. You can delete your images and reference photo at any time in the App, and we delete your data when you close your account (see Section 9). (Confirm the exact retention behavior matches the build — if the App discards the source photo immediately after the first generation, we will tighten this language.)
Consent. By uploading a photo, you give us your express consent to process it as described here. You can withdraw consent at any time by deleting your photo or your account; this won’t affect processing already carried out.
State biometric laws. Certain U.S. states (for example, Illinois, Texas, and Washington) regulate “biometric identifiers.” While we use your photo to generate art rather than to identify you, we provide this notice, obtain your consent, and apply the retention and deletion practices above to respect those protections.

6. How we share information

We share information only with service providers who help us run the App, and only as needed:

Google (Gemini API) — AI image generation.
[Supabase] — backend hosting, database, file storage, and authentication.
RevenueCat and Apple — subscription management and payment processing.
[ElevenLabs / Apple Text-to-Speech] — voice narration for guided sessions.
[PostHog or similar] — product analytics.
[Crash/performance and attribution providers] — diagnostics and marketing measurement.

We may also disclose information to comply with law, enforce our Terms, protect rights and safety, or in connection with a business transfer (e.g., merger or acquisition), with notice where required.

We do not sell your personal information for money. Certain advertising/attribution activity (only if you allow tracking) may be considered “sharing” or a “sale” under some U.S. state laws; see Section 10 for your choices.

7. Content moderation

To keep the App safe and lawful, the free-text goals you submit are automatically screened (including by an automated model). We may decline to generate content and instead show a gentle redirect when a request involves, for example, harm to yourself or others, sexual content, content involving minors, demands about another identifiable person’s choices, or guarantees of specific financial or medical outcomes.

8. Security

We use technical and organizational measures—including encryption in transit and at rest, access controls, and a backend that keeps AI-provider credentials server-side—to protect your information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your choices and rights

You can, at any time:

access, edit, or delete your photos and generated images in the App;
delete your account, which removes your reference photo, generated images, and associated personal data within [30] days, except where we must retain limited records for legal, tax, or fraud-prevention purposes;
manage notifications and tracking in your device settings;
manage your subscription through your Apple account.

Depending on where you live, you may also have rights to access, correct, delete, port, or restrict processing of your personal data, to withdraw consent, and to not be discriminated against for exercising these rights. To make a request, contact [[email protected]]. We will verify your request and respond within the time required by applicable law.

10. U.S. state privacy rights

If you are a resident of a U.S. state with a privacy law (such as California, Colorado, Virginia, and others), you may have the rights described in Section 9, including the right to opt out of “sharing” or “sale” for cross-context behavioral advertising. The simplest way to opt out is to decline the App Tracking Transparency prompt or disable tracking in your device settings. You may also contact us at [[email protected]]. We do not knowingly process the sensitive data of, or “sell”/“share” data about, anyone under 18.

11. International users

We are based in [STATE/COUNTRY] and process data there and in the locations of our service providers. If you use the App from outside that country, you understand your information may be transferred to and processed in countries with different data-protection laws. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date and, where appropriate, notify you in the App. Your continued use after an update means you accept the revised policy.

13. Contact

[LEGAL ENTITY NAME]
[Address, optional]
[[email protected]]

[ PLACEHOLDER — LEGAL REVIEW REQUIRED ]
Not legal advice. Complete every [ bracketed ] placeholder — legal entity, jurisdiction, contact email, effective date, named sub-processors, and the [30]-day deletion window — and have counsel review before publishing. Verify two claims first: that your Google Gemini API agreement does not permit training on your content, and the exact selfie-retention behavior in the build.