PRIVACY POLICY
Effective Date: January 21, 2026
Last Updated: January 21, 2026
Developer
Cooper James Blackburn
ABN 75 772 778 194
Queensland, Australia
Contact Email: beboldapps@gmail.com
1. Introduction
BeBOLD ("we," "us," "our," or "the App") is a social confidence-building application operated by Cooper James Blackburn, a sole trader registered in Queensland, Australia (ABN 75 772 778 194). This Privacy Policy explains:
- What personal information we collect
- How we use, store, and protect your information
- Your rights regarding your data
- How to contact us with privacy concerns
By using BeBOLD, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.
Jurisdiction: This policy is governed by Australian privacy law, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). As we serve users globally, we also comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the California Consumer Privacy Act (CCPA) where applicable.
Age Restriction: BeBOLD is intended for users aged 17 and older. We do not knowingly collect information from individuals under 17.
2. Information We Collect
2.1 Account and Authentication Information
When you create a BeBOLD account, we collect:
| Data Type | Purpose | Required? |
|---|---|---|
| Email address | Account authentication and identity verification | Yes |
| Display name | Personalization of app experience (optional field) | No |
| User ID | Unique system-generated identifier (UUID) | Yes (automatic) |
| Authentication method | Email/password, Google Sign-In, or Apple Sign-In | Yes |
Storage: Managed by Supabase (our authentication provider). See Section 4.2 for details.
2.2 Profile and Personalization Data
You provide the following information to customize your experience:
| Data Type | Details | Character Limit |
|---|---|---|
| Personal boundaries | Text describing your comfort zones, topics to avoid, and personal limits | No fixed limit |
| Insights about situations | Your observations about specific social contexts before attempting approaches | 5-500 characters |
| Self-reviews after interactions | Your reflection on how an interaction went | Up to 1000 characters |
| Focus area selections | Specific social skills you're working to improve (e.g., "Eye Contact," "Starting Conversations") | System-defined options |
Purpose: This data is used to generate personalized AI conversation approaches and feedback tailored to your goals and boundaries.
2.3 Behavioral and Progress Data
We automatically collect and calculate data about your app usage:
| Data Type | Details | How It's Used |
|---|---|---|
| Confidence score | Numerical rating (0-100) | Tracks progress, unlocks contexts, personalizes difficulty |
| Context-specific confidence | Separate scores for each social context (cafe, queue, campus, etc.) | Personalizes approaches per context |
| Approach attempts | Records of each time you attempt a social interaction | Progress tracking, AI personalization |
| Attempt timestamps | When you started each approach | Activity tracking, no time-based scoring |
| Outcomes | Whether you achieved your goal (yes/no/pulled-out) | Confidence calculation, progress tracking |
| Focus success ratings | Your 0-100 self-assessment of how well you executed your current skill focus | Determines when to advance to new focus areas |
| Exit strategy usage | Which conversation exit you selected (good exit vs. graceful abort) | Tracking only, not sent to AI |
| Exit reasons | Optional text explaining why you exited | Tracking only, not sent to AI |
| Interaction history | Past approaches including AI-generated opener text, talking points, physical approach steps, and exit strategies | Used to avoid repetitive suggestions, show progress |
| AI-generated feedback | Post-interaction feedback created by our AI ("what you did well," "overall assessment") | Stored for your review, used to personalize future approaches |
Storage: All behavioral data is stored in our PostgreSQL database hosted by Supabase and retained for the lifetime of your account.
2.4 Technical and Operational Data
| Data Type | Purpose | Retention |
|---|---|---|
| Idempotency keys | Prevent duplicate API requests (e.g., if you submit a review twice due to network issues) | 24 hours, then auto-deleted |
| Request timestamps | Track when API calls are made | 24 hours (tied to idempotency keys) |
| Cached responses | Store API responses temporarily to avoid re-processing | 24 hours (tied to idempotency keys) |
Note: Idempotency data is automatically purged after 24 hours and also deleted immediately if you delete your account.
3. Information We Do NOT Collect
BeBOLD explicitly does not collect the following:
- ❌ Location data (GPS coordinates, precise location, or city-level location)
- ❌ Contacts from your device
- ❌ Photos, videos, or camera access
- ❌ Microphone or audio recordings (we do not record your voice)
- ❌ Health or fitness data
- ❌ Payment information (handled entirely by Apple for subscriptions)
- ❌ Device identifiers for advertising (IDFA, Android Advertising ID)
- ❌ Cross-app tracking data
- ❌ Browsing history
- ❌ Biometric data (Face ID/Touch ID used only for local device authentication)
Future Changes: If we add location data collection in a future update, we will update this policy and request your explicit permission before collecting such data.
4. How We Use Your Information
4.1 Primary Uses
We use your information for the following purposes:
| Purpose | Legal Basis (GDPR) | Data Used |
|---|---|---|
| Account authentication | Contractual necessity | Email, user ID, authentication tokens |
| App functionality | Contractual necessity | All profile and behavioral data |
| AI content generation | Legitimate interest + consent | Profile boundaries, confidence scores, recent attempts, insights, reviews |
| Progress tracking | Contractual necessity | Confidence scores, attempt history, outcomes |
| Personalization | Legitimate interest | Display name, boundaries, focus areas, attempt history |
| Service improvement | Legitimate interest | Aggregated, anonymized usage patterns (not linked to individuals) |
4.2 Confidence Score Calculation (Algorithmic Decision-Making)
Your confidence score is a core feature of BeBOLD. It is calculated automatically using a rules-based algorithm with limited AI input. Here's exactly how it works:
Base Score Changes (Rules-Based)
| Outcome | Global Confidence Change | Context-Specific Change |
|---|---|---|
| Goal achieved (positive outcome) | +3 points | +5 points |
| Goal not achieved (negative outcome) | -2 points | -3 points |
| Pulled out / graceful exit | 0 points (no penalty) | 0 points (no penalty) |
AI Sentiment Adjustment (Applied After Base Change)
Our AI analyzes your self-review text and may add a small adjustment:
| Sentiment Detected | Adjustment |
|---|---|
| Exceptional courage or positive self-reflection | +1 additional point |
| Harsh self-judgment or discouragement | -1 additional point |
| Neutral or balanced reflection | 0 additional points |
Score Bounds and Limits
- Range: 0-100 (hard minimum and maximum enforced)
- Maximum change per attempt: +4 (positive outcome + exceptional courage) or -3 (negative outcome + harsh self-judgment)
- Time decay: None. Your score never decreases due to inactivity.
What Your Score Unlocks
| Confidence Level | Unlocked Contexts |
|---|---|
| 0-29 | Coffee Shop, Waiting in Line (always available) |
| 30+ | College Campus |
| Future updates | Additional contexts at higher thresholds |
AI Approach Calibration:
Your confidence score also influences the style of AI-generated approaches:
- Lower scores (0-30): Safer, less direct, low-pressure approaches
- Mid scores (31-70): Balanced approaches with moderate directness
- Higher scores (71-100): Bolder, more direct, confident approaches
Your Rights: Under GDPR Article 22, you have the right to object to automated decision-making. However, the confidence score is a core feature of the app and opting out would prevent the app from functioning. If you wish to disable confidence tracking, please contact us at beboldapps@gmail.com.
5. Third-Party Service Providers
We share your data with the following third-party services to operate BeBOLD:
5.1 Supabase (Database and Authentication)
- Provider: Supabase Inc. (US-based company)
- Services: User authentication, database hosting, data storage
- Data Shared: All data collected (email, user ID, profile, behavioral data)
- Location: AWS Asia Pacific (Sydney, Australia)
- Retention: Data stored for the lifetime of your account
- Privacy Policy: https://supabase.com/privacy
- Security: Supabase provides Encryption at rest (AES-256), Encryption in transit (TLS 1.2+), SOC 2 Type II compliance, and ISO 27001 certification.
5.2 OpenAI (Artificial Intelligence Processing)
- Provider: OpenAI, L.L.C. (US-based company)
- Services: AI-generated conversation approaches and post-interaction feedback
- Model Used: GPT-4o (version: gpt-4o-2024-08-06)
Data Sent to OpenAI
For Approach Generation: Confidence score, personal boundaries, insight about situation, last 3 approach attempts, context information. (NOT sent: Email, display name, user ID).
For Post-Interaction Feedback: Self-review text, outcome, focus success rating, base confidence change, current focus area, last 3 approach attempts. (NOT sent: Email, display name, user ID, exit strategy, exit reason).
OpenAI Data Retention
Important: We have NOT configured OpenAI's zero data retention option. OpenAI's default policies apply:
- Retention period: 30 days (for abuse and misuse monitoring)
- Training data: Your data may be used to improve OpenAI's models unless you opt out directly with OpenAI
- API request logging: OpenAI logs API requests for 30 days
Your Control: If you do not want your data potentially used for AI training, you must contact us at beboldapps@gmail.com to request we implement zero-retention with OpenAI, OR contact OpenAI directly to opt out of training data usage.
Privacy Policy: https://openai.com/policies/privacy-policy
5.3 Apple (Subscription Processing - When Implemented)
- Provider: Apple Inc.
- Services: In-app subscription processing and billing
- Data Shared: None directly from us. Apple handles payment entirely through their App Store infrastructure.
- What Apple Collects: Your Apple ID, payment method, purchase history.
- Our Access: We receive only: subscription status (active/expired), subscription tier, and renewal dates. We do NOT receive your payment information.
- Privacy Policy: https://www.apple.com/legal/privacy/
Note: Subscriptions are not yet active in BeBOLD but will be added in a future update.
5.4 No Analytics or Advertising Services
We do NOT use:
- Google Analytics, Mixpanel, Amplitude, or similar analytics services
- Facebook Pixel, Google Ads, or advertising networks
- Crash reporting tools like Sentry or Bugsnag
- Social media integrations
If we add any such services in the future, we will update this policy and notify you.
6. Data Storage, Security, and International Transfers
6.1 Where Your Data Is Stored
| Data Type | Storage Location | Provider |
|---|---|---|
| Authentication data | Supabase servers (AWS Asia Pacific (Sydney, Australia)) | Supabase |
| Database (all user data) | Supabase PostgreSQL (AWS Asia Pacific (Sydney, Australia)) | Supabase |
| Temporary AI requests | OpenAI servers (United States) | OpenAI |
International Data Transfers: If you are located in the European Economic Area (EEA), United Kingdom, or Australia, your data may be transferred to and processed in the United States where Supabase and OpenAI operate servers.
- Standard Contractual Clauses (SCCs): Supabase and OpenAI use EU-approved Standard Contractual Clauses to protect data transferred outside the EEA.
- Adequacy Decisions: We rely on the EU-US Data Privacy Framework where applicable.
6.2 Security Measures
We implement industry-standard security measures to protect your data:
| Security Layer | Implementation |
|---|---|
| Encryption in transit | TLS 1.2+ for all API communications |
| Encryption at rest | AES-256 encryption for database storage |
| Authentication | JWT-based tokens with secure storage (iOS Keychain) |
| Access control | Role-based access; users can only access their own data |
| Database security | PostgreSQL row-level security (RLS) policies |
| API security | Rate limiting, request validation, idempotency checks |
No Absolute Security: While we take reasonable steps to protect your data, no internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.
6.3 Data Breaches
In the event of a data breach that compromises your personal information, we will:
- Notify you via email within 72 hours of discovering the breach (as required by GDPR)
- Notify relevant authorities (Australian Information Commissioner, EU Data Protection Authorities)
- Provide details about what data was affected and steps you can take to protect yourself
7. Data Retention and Deletion
7.1 How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Account and profile data | For the lifetime of your account |
| Behavioral data (attempts, reviews, confidence history) | For the lifetime of your account |
| Idempotency keys | 24 hours, then auto-deleted |
| Deleted account data | Immediately and permanently deleted (hard delete) |
No Automatic Purging: We do not automatically delete your data after a period of inactivity. Your account and data remain until you delete your account.
7.2 Account Deletion (Your Right to Erasure)
You can delete your account and all associated data at any time directly within the app.
How to Delete Your Account:
- Open BeBOLD
- Go to Settings → Account
- Tap "Delete Account"
- Confirm deletion (this action is permanent and cannot be undone)
What Gets Deleted Immediately:
- User account (email, user ID)
- Profile (display name, boundaries, confidence score)
- All approach attempts and history
- All reviews and AI-generated feedback
- All confidence score history
- All context-specific metrics
- All idempotency keys
- All focus area history
Deletion Method: Hard delete. Data is permanently removed via PostgreSQL CASCADE constraints.
What Is NOT Deleted:
- Aggregated, anonymized statistics
- Backup archives (remain in encrypted backups for up to 30 days)
- OpenAI's records (up to 30 days retention)
Irreversibility: Account deletion cannot be undone. You cannot recover your data after deletion.
8. Your Privacy Rights
Depending on your location, you have the following rights:
8.1 Rights Under GDPR (EEA/UK Users)
| Right | What It Means | How to Exercise |
|---|---|---|
| Access | Request a copy of your personal data | Contact beboldapps@gmail.com |
| Rectification | Correct inaccurate data | Edit in-app or contact beboldapps@gmail.com |
| Erasure | Delete your account and data | Use in-app "Delete Account" feature |
| Portability | Receive your data in a machine-readable format | Contact beboldapps@gmail.com |
| Object | Object to processing based on legitimate interests | Contact beboldapps@gmail.com |
| Restrict Processing | Limit how we use your data | Contact beboldapps@gmail.com |
| Withdraw Consent | Withdraw consent for optional processing | Contact beboldapps@gmail.com |
| Lodge a Complaint | Complain to a supervisory authority | Contact your local Data Protection Authority |
Data Portability: We currently do not offer an automated data export feature. To request a copy of your data, email beboldapps@gmail.com and we will provide a JSON file within 30 days.
Objection to Automated Decision-Making: You can object to the confidence score algorithm, but this would prevent core app functionality. Contact us to discuss alternatives.
8.2 Rights Under Australian Privacy Act
Australian users have rights under the Australian Privacy Principles (APPs):
- Right to access your personal information
- Right to correct inaccurate information
- Right to complain to the Office of the Australian Information Commissioner (OAIC)
Contact: Office of the Australian Information Commissioner - https://www.oaic.gov.au/
8.3 Rights Under CCPA (California Users)
California residents have the following rights:
- Right to Know: What personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the "sale" of personal information (Note: We do NOT sell your data)
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
How to Exercise Rights: Contact beboldapps@gmail.com or use the in-app account deletion feature.
Response Time: We will respond to requests within 45 days.
9. Children's Privacy
BeBOLD is not intended for use by individuals under 17 years of age. We do not knowingly collect personal information from anyone under 17. The App Store age rating is set to 17+. If you are a parent or guardian and believe your child under 17 has provided us with personal information, please contact us immediately at beboldapps@gmail.com. We will delete such information promptly.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, new features, or legal requirements.
How We Notify You:
- Material changes: We will notify you via email and/or a prominent notice in the app at least 30 days before changes take effect
- Minor changes: Updated "Last Updated" date at the top of this policy
Your Continued Use: By continuing to use BeBOLD after changes take effect, you accept the updated Privacy Policy.
Version History: You can request previous versions of this policy by contacting beboldapps@gmail.com.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
Response Time: We aim to respond to privacy inquiries within 7 business days.
For GDPR Requests: If you are in the EEA/UK, you also have the right to lodge a complaint with your local Data Protection Authority.
For Australian Privacy Complaints: You may also contact the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au/
12. Additional Information
12.1 Cookies and Tracking Technologies
BeBOLD does not use cookies or tracking technologies. We do not track your activity across other apps or websites.
12.2 Do Not Track Signals
We do not respond to "Do Not Track" browser signals because we do not track users across websites or apps.
12.3 Third-Party Links
BeBOLD may contain links to third-party websites or services (e.g., links in educational content). We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing them with your information.
12.4 User-Generated Content Ownership
You retain all ownership rights to the content you create in BeBOLD (insights, reviews, boundaries). However, by using the app, you grant us a limited, worldwide, royalty-free license to:
- Store your content on our servers
- Process your content through AI services (OpenAI) to generate personalized approaches and feedback
- Use aggregated, anonymized data derived from your content to improve our services
This license terminates when you delete your account. Upon account deletion, we will delete your content as described in Section 7.2.
END OF PRIVACY POLICY