← CouldBe
CouldBe
Privacy Policy
Last updated: 4 May 2026
This Privacy Policy describes how CouldBe ("we", "us") collects, uses, and shares your information when you use the CouldBe web application at couldbe.app and app.couldbe.io (the "Service").
1. Information we collect
Information you provide
- Account information — when you sign in with Google, we receive your email, name, and profile photo from Google.
- Assessment answers — your responses to our 5+1 onboarding questions (path, goal, time commitment, current stage, biggest challenge, confidence).
- Profile information — bio and social links you optionally add to your profile.
- Daily interactions — your responses to course content blocks, quiz attempts, and reflections you submit.
- Notification preferences — which channels (email, push) you've enabled and your preferred reminder time.
Information collected automatically
- Usage data — actions you take in the app (which days you completed, when you logged in), used to maintain your progress.
- Timezone — auto-detected from your browser to schedule reminders accurately.
- Push token — if you enable push notifications, we store an FCM device token.
2. How we use your information
- To provide the 14-day course experience and track your progress
- To personalize quiz questions and AI-assisted guidance to your context
- To send daily reminders, achievement notifications, and quiz feedback (only on channels you've enabled)
- To create recurring Google Calendar events (only if you connect your calendar)
- To process subscription payments via Stripe (only if you upgrade to Premium)
- To improve the Service and fix bugs
3. Third-party services we use
We share data with the following processors only as necessary for the Service to function:
- Firebase Authentication (Google) — manages your sign-in session.
- Google Cloud (PostgreSQL hosting) — stores your account and progress data.
- Google Gemini API — used to generate quiz questions and AI assist responses. Your messages and content block context are sent to Gemini.
- Google Calendar API — only if you connect your calendar; we create and manage one recurring event in your primary calendar.
- Resend — sends transactional emails (daily reminders, achievement notifications).
- Firebase Cloud Messaging — delivers push notifications to your browser.
- Stripe — processes Premium subscription payments. We never see or store your full payment card details.
We do not sell your personal information to third parties.
4. Data retention
We retain your data while your account is active. If you delete your account, we delete your personal data within 30 days, except where we're legally required to retain certain records (e.g., payment records for tax purposes).
5. Your rights (GDPR + general)
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, you have specific rights regarding your personal data:
- Access — view your data via the app, or download a complete JSON export from Settings → Your data → Download my data.
- Correction — edit your profile information at any time in Settings or Profile.
- Erasure (right to be forgotten) — delete your account permanently from Settings → Account actions → Delete my account. This wipes all personal data within 30 days, cancels any Stripe subscription, and disconnects external integrations.
- Portability — the JSON export contains all your data in a machine-readable format.
- Restriction / objection — disable email or push notifications at any time in Settings.
- Disconnect Google Calendar — you can disconnect at any time in Settings; we delete the recurring event we created.
- Withdraw consent — you can stop using the Service or delete your account at any time.
- Lodge a complaint — EU/UK users may file a complaint with their local supervisory authority.
Lawful basis: we process your personal data on the basis of consent (account creation, optional integrations) and legitimate interest (operating the Service, fraud prevention, analytics for improvement).
Data controller: CouldBe — contact [email protected].
6. Data security
We use industry-standard encryption (HTTPS) for all data in transit. Your password is never stored — Google manages your authentication.
7. Children's privacy
CouldBe is not intended for users under 13. If you believe a child under 13 has provided us with personal data, please contact us so we can delete it.
8. Changes to this Policy
We may update this Privacy Policy occasionally. The "Last updated" date at the top reflects the most recent version. Material changes will be communicated via email or in-app notification.
9. Contact
Questions about this policy? Email [email protected].