Privacy Policy

Effective date: April 22, 2026 · Last updated: April 22, 2026

CalmMessage is an iMessage extension that helps you rewrite emotionally charged text messages before you send them. This policy explains exactly what data we collect, what we never collect, who we share it with, and how long we keep it.

At a glance

We collect

Identifiers: Email address (via sign-in)
Usage Data: Rewrite counts & timestamps
Security Data: One-way hash of submitted messages
Account Status: Subscription tier

We don't keep

Your message text long-term (see Diagnostic Logs)
Message history or archives
Payment or card details
Advertising or tracking data tied to your identity

We do not sell, rent, or share your personal data with advertisers or third-party marketers.

What we collect and why

Account Identifiers

When you sign in, Firebase Authentication (operated by Google) verifies your identity and provides us with your Firebase user ID and email address. We store these in our database to manage your account and subscription.

Usage Data

We record how many rewrites you have performed, which rewrite mode was used (de-escalate, shorten, or set-boundary), and when each rewrite occurred. This is used to enforce free-tier limits and provide usage summaries.

Message Fingerprint (One-way hash)

For each submitted message, we store a SHA-256 hash, a fixed-length fingerprint of the original text. SHA-256 is a one-way function, so the hash can't be directly reversed into your message. For very short messages it isn't perfectly opaque either, so we treat the hash as sensitive data and protect it with the same controls we apply to the message text itself. The hash is used strictly for abuse detection and to prevent API spam.

Data Category	Storage Location	Retention	Reversible?
Firebase UID / Email	Our database (VPS)	Until account deleted	N/A
Rewrite counts / Mode	Our database (VPS)	Until account deleted	N/A
SHA-256 hash of message	Our database (VPS)	Until account deleted	No
Full Message Text	Diagnostic logs only	7-day rolling purge	Not stored long-term
Full Rewrite Text	Diagnostic logs only	7-day rolling purge	Not stored long-term

Diagnostic Log Files

Our server maintains a diagnostic log that temporarily includes the full text of submitted messages and rewrites for stability monitoring. This log is stored only on our private VPS, is never transmitted to other parties, and is automatically deleted every 7 days.

In plain terms: Your message text passes through our server to reach the AI and back. It exists briefly in a rolling 7-day log for debugging and is never written to our long-term database.

Third-party data processors

The following services process your data. We have no control over their own internal data retention policies — please review them directly.

Anthropic (Claude AI)

Your message text is sent to Anthropic's Claude API to generate the rewrite. Important: We use the Anthropic API, which does not use submitted data to train its global models. We do not send your name, email, or account identifiers to Anthropic — only the message text.

Google Firebase (Auth)

Sign-in is handled by Firebase Authentication. Google verifies your identity and issues an authentication token. We receive your Firebase UID and email; we do not handle your password.

The CalmMessage app contains no advertising networks, analytics SDKs, or tracking pixels, and your in-app activity is never used for advertising. We do plan to add advertising and analytics tools on our marketing site (calmmessage.com) later in 2026. See our Cookie Policy for details. Those tools will never have access to your in-app activity, message content, or account data.

Data retention

Account & Usage Data: Kept for as long as your account is active.
Diagnostic Logs: Automatically purged every 7 days.
Account Deletion: All associated records are permanently deleted from our database within 30 days of a deletion request.

Your rights

Access and export

You can request a copy of the data we hold about you (email, tier, usage counts). Requests are fulfilled within 30 days.

Deletion

You may delete your account and all associated data at any time via the "Delete Account" option in the app settings, or by emailing us (see below). We will permanently delete your records within 30 days.

Regional Rights (GDPR / CCPA)

Depending on your location, you have the right to access, rectify, erase, and port your data. We process your personal data as necessary to perform our contract with you. This means we use your information to fulfill our obligations, including delivering products or services you have requested, processing payments, and managing your account. This processing is essential for the establishment and performance of our contractual relationship.

We do not "sell" personal information as defined by the CCPA. To exercise any of these rights, contact us below.

Security

All communication between the CalmMessage app and our server is encrypted in transit via HTTPS/TLS. Our database is stored on a private VPS with restricted access. Firebase Authentication tokens are verified server-side on every request.

No system is perfectly secure. In the event of a data breach, we will notify affected users within 72 hours of discovery.

Children's privacy

CalmMessage is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us information, please contact us and we will delete it promptly.

Changes to this policy

If we make material changes to this policy, we will update the effective date above and notify users via the app or email. Continued use of CalmMessage constitutes acceptance of the updated policy.

Contact us

For privacy questions, data requests, or account deletion:

CalmMessage Privacy
Email: privacy@calmmessage.com
We aim to respond to all privacy inquiries within 5 business days.