Mantria
Mantria

Privacy Policy

Effective: May 13, 2026 · Last updated: May 13, 2026

This Privacy Policy describes how Mantria ("we", "us", "the App") collects, uses, and protects information when you use our iOS application.

Mantria is built and operated by Alican Basak, an indie developer based in Istanbul, Türkiye.

1 · What we collect

We collect the minimum data necessary to operate Mantria.

1.1 Account identifier

To open Mantria you sign in with Apple or Google. From the sign-in we receive only:

  • The provider's opaque subject identifier (sub) — a string Apple/Google use to identify you in their system
  • The provider name (apple or google)

We do not store the email address, name, profile picture, or any other claim returned in the id_token. We bind this sub to a Mantria-internal random UUID; that internal UUID is what every other table references.

1.2 Generated content

When you receive a daily card or use Find My Word, the AI-generated output (a feeling name and observation) is stored on our servers, linked to your Mantria-internal UUID. This ensures you never receive the same card twice and backs up your saved cards across devices.

1.3 Subscription information

If you subscribe to Mantria Premium, RevenueCat (our subscription provider) processes the transaction. We receive only whether you have an active subscription, the product ID, and trial / renewal status. We do not see your payment method, name, or address.

1.4 Usage analytics

We use PostHog to understand how Mantria is used in aggregate — screens viewed, feature usage, performance and crash data. Events are keyed on your Mantria-internal UUID. We never include your provider sub, your card text, or your Find My Word input in any analytics event.

2 · What we do NOT collect or store

This is the most important part of this document.

2.1 Find My Word inputs

When you type something into Find My Word, that text is never stored.

  • Your input is sent to our server
  • The AI processes it and generates a response
  • The input is then immediately discarded
  • Only the generated output is saved — and only if you tap to save it

2.2 Crisis content

If our crisis detector identifies signs of self-harm, suicide, or abuse in your Find My Word input: the AI does not generate any response, your input is not logged anywhere, no analytics event is created, and you are shown crisis resources for your region. Privacy by design — we cannot leak what we don't store.

2.3 Personal data we never ask for

  • Your name, email, phone, or address
  • Your location
  • Your contacts
  • Your photos or media
  • Your health data
  • Any biometric data

3 · How we use what we collect

We use the data we collect only to:

  • Show you cards in your selected language
  • Prevent duplicate cards
  • Verify your subscription status
  • Improve the app (aggregate analytics)
  • Comply with legal obligations

We will never sell your data, share it with advertisers, use it to train AI models, or use it for marketing purposes.

4 · Third-party services

ServicePurposeData shared
Anthropic (Claude API)Generate cardsYour Find My Word input and selected language. Not retained by Anthropic per API terms.
Apple Sign-In / Google Sign-InAuthenticationProvider id_token (verified server-side; only the opaque sub is stored)
RevenueCatSubscription managementMantria-internal UUID, subscription status
RailwayBackend hosting + PostgresMantria-internal UUID, provider sub, request metadata, generated outputs
PostHogAnonymous analyticsMantria-internal UUID, app events (no card text, no input)
PlausibleWebsite analyticsPage views, no cookies, no personal data (EU-hosted)
AppleApp distribution, push notificationsPer Apple's Privacy Policy

5 · Children

Mantria is rated 17+ on the App Store. The app contains mature emotional themes that may not be appropriate for younger users. We do not knowingly collect data from anyone under 13 (or under 16 in the EU). If you are a parent or guardian and believe your child has provided us data, contact us.

6 · Your rights

You have the right to access the data we hold about you, request deletion, export your data, and opt out of analytics. Email [email protected] to exercise any of these — we respond within 7 days.

For users in the EU/UK (GDPR), California (CCPA), Türkiye (KVKK), or Brazil (LGPD), you have additional rights under those laws. Contact us and we will comply.

7 · Data retention

  • Saved cards — retained as long as the app is installed; deleted on uninstall and on request from servers.
  • Anonymous analytics — retained for 12 months, then aggregated.
  • Find My Word inputs — never stored. Zero retention.
  • Subscription data — retained as required by Apple/tax law (typically 7 years).

8 · Security

  • HTTPS/TLS for all network traffic
  • Industry-standard encryption at rest (Railway managed Postgres)
  • API rate limiting
  • No secrets stored on device

No system is 100% secure, but we treat your data with the care we'd want for our own.

9 · International transfers

Mantria's backend runs on Railway. By using Mantria you consent to your data being processed in the region where Railway runs our cluster. For EU/UK users, transfers are made under appropriate safeguards (Standard Contractual Clauses).

10 · Changes to this policy

We may update this Privacy Policy occasionally. Material changes will be announced in the app and the "Last Updated" date will be revised. Continued use of Mantria after changes constitutes acceptance.

11 · Contact

For privacy questions or to exercise your rights:

Email: [email protected] · Operator: Alican Basak, Istanbul, Türkiye. We answer every email.