Privacy Policy

Who We Are

StartSmall is operated by NotA Robot OÜ, an Estonian company. For personal data that we control, NotA Robot OÜ is the data controller.

Contact: Start Small support form.

Scope

This Privacy Policy applies to the StartSmall iOS app, the StartSmall website, backend sync services, support communications, and related services.

StartSmall helps users practice small, guided social confidence missions. It is not a medical, therapy, diagnosis, treatment, or crisis support service.

Privacy Commitments

We collect only the information reasonably needed to provide the app, personalize missions, save progress, operate sync, manage paid access, secure the service, and respond to requests.

We do not sell your personal information. We do not use third-party advertising SDKs, cross-app advertising tracking, or data brokers. StartSmall does not request access to your Contacts, precise Location, Photos, Camera, Microphone, or Health data.

Account and Sign in with Apple Data

StartSmall may create an internal anonymous account identifier when you first use the app. This lets the app maintain a stable user record and app session even before you link an Apple account.

If you choose to link StartSmall with Sign in with Apple, we may receive and store the information Apple provides for StartSmall.

• Internal StartSmall user ID and mobile session status.
• Your Apple account identifier for StartSmall.
• Your name, if Apple provides it and you choose to share it.
• Your email address, including a private relay email address, if Apple provides it and you choose to share it.
• Whether Apple reports the email address as verified.
• Dates when the account was created, updated, or last seen.

Onboarding and Profile Data

When you complete onboarding, we may collect your responses so the app can personalize missions, difficulty, starting context, and reminder flow. Do not enter sensitive personal information in fields where it is not requested.

• First name or display name.
• Age band, if asked.
• Social confidence target, goals, and practice preferences.
• Preferred and avoided social contexts.
• Starting context and starting scenario.
• Comfort level and calibration answers.
• Reaction patterns and pacing preferences.
• Commitment choice and reminder preference.
• Assigned starting level and onboarding completion status.

Practice, Progress, and App Activity

We may store your app progress and related state. Local app state is stored on your device. If your account is linked for sync, selected progress and state may be synced to our backend so it can be restored on another device.

• Selected contexts, scenarios, missions, and daily session state.
• Completed, partial, skipped, or blocked mission attempts.
• Attempt dates, outcomes, current streak, and activity calendar state.
• Optional anxiety-before or anxiety-after ratings, if you enter them.
• Optional blocker reasons or notes that you enter.
• Mission level and progression state.
• Today chat flow state, quick replies, and visible guidance state.
• Reminder settings, reminder cadence, reminder time, and notification permission status.
• Subscription or access state.

Device and Technical Data

We may collect technical information needed to operate the app, content sync, account sync, security, and support.

• Device identifier generated by iOS for the app or a fallback random identifier.
• Platform, device name, operating system version, and app version.
• Dates when the device record or synced state was created, updated, or last seen.
• Mobile session tokens used to authenticate sync requests.
• Basic server request information such as IP address, request time, request path, response status, and error logs that may be processed by our hosting provider.

Purchases and Subscriptions

If StartSmall offers paid features or subscriptions, purchases are processed by Apple through the App Store. We do not receive your full payment card details from Apple.

We may use RevenueCat or another purchase management provider to verify purchases, manage entitlements, unlock paid features, and restore purchases. For that purpose, the provider may receive an app-specific user identifier, product identifiers, purchase status, entitlement status, renewal status, and related technical data.

Notifications

If you enable reminders, StartSmall uses iOS local notifications to schedule reminders on your device. Reminder settings may be stored locally and, if sync is enabled, may be included in your synced app state.

We do not use reminders for advertising. You can change notification permissions in iOS settings and change reminder settings in the app.

Support Communications

If you contact us, we may process the information you provide, such as your email address, message content, device or app details you choose to include, and related support history.

How We Use Information

• Create and maintain your StartSmall account.
• Personalize onboarding, mission recommendations, and progression.
• Save and restore your progress.
• Sync progress across devices when you link Sign in with Apple.
• Provide reminders that you choose to enable.
• Manage purchases, subscriptions, and access to paid features.
• Monitor, debug, secure, and improve the app and backend service.
• Respond to support, privacy, or deletion requests.
• Comply with legal obligations, tax and accounting requirements, App Store requirements, and enforce our Terms.

Legal Bases

If privacy law requires a legal basis for processing, we rely on the following bases as applicable.

• Contract: to provide the app, account, sync, support, subscriptions, and requested features.
• Consent: for optional choices such as notifications, optional information you provide, and any processing where consent is required.
• Legitimate interests: to secure, debug, maintain, improve, and understand the service, while respecting your rights and expectations.
• Legal obligations: to comply with tax, accounting, consumer, platform, security, and legal requirements.

Third-Party Services

We may use third-party service providers to operate StartSmall. These providers process information only as needed to provide services to us or to you.

• Apple, for App Store distribution, Sign in with Apple, local notification infrastructure, and in-app purchases.
• RevenueCat or another purchase management provider, if paid features or subscriptions are enabled.
• Vercel or another hosting provider, for hosting the StartSmall backend, website, API, and content service.
• A database provider, for storing app content, account records, device records, profile data, and synced progress.
• Email or support tools, if you contact us for help.

Data Sharing

We may disclose information to service providers that help us run the app and backend, to Apple or purchase providers when you use platform services or paid features, to comply with law or legal process, to protect rights and security, or in connection with a merger, acquisition, financing, restructuring, or sale of assets.

We do not sell personal information, share personal information with data brokers, or share personal information for cross-context behavioral advertising.

Data Retention

We keep information for as long as needed to provide StartSmall, maintain your account, restore progress, manage purchases, comply with legal obligations, resolve disputes, secure the service, and enforce our agreements.

Local app data remains on your device until you delete the app data, reset progress where available, or remove the app. Synced account, profile, device, and progress data may remain on our backend until you request deletion or until it is no longer needed for the purposes described in this policy.

Mobile session tokens are designed to expire after a limited period, currently about 30 days, unless renewed through app use. Support emails and legal records may be retained for a reasonable period needed for support, security, accounting, or legal purposes.

Your Choices and Rights

Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, portability, withdrawal of consent where processing is based on consent, or an appeal of certain privacy decisions.

To make a privacy request, use the Start Small support form. We may need information to verify your identity and locate your StartSmall account.

If you use Sign in with Apple, you can also manage your Apple account connection in your Apple Account settings. Stopping Sign in with Apple may sign you out, but it does not by itself delete StartSmall data from our systems.

Deleting Your Data

To request deletion of your StartSmall account or synced app data, use any account deletion option available in the app or use the Start Small support form. If you use a private relay address or local-only account, include enough information for us to identify your StartSmall account.

Deleting your StartSmall account or app data does not cancel an App Store subscription. You must manage subscriptions through your Apple Account settings.

We may retain limited information when required by law, for security, to prevent abuse, to resolve disputes, or for legitimate business records such as purchase, tax, and accounting records.

Children

StartSmall is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, use the Start Small support form and we will take appropriate steps to delete it.

If StartSmall is offered in a region or category with higher child privacy requirements, we will apply the higher requirement where applicable.

International Processing

Your information may be processed in countries other than where you live, including the European Economic Area, the United States, or other locations where our service providers operate.

When we transfer or process information internationally, we take steps intended to protect it in accordance with this Privacy Policy and applicable law, such as using contractual safeguards where required.

Security

We use reasonable technical and organizational measures to protect information. For example, mobile session tokens are stored in the iOS Keychain on your device, app-server requests use HTTPS, and backend mobile routes use bearer-session authentication.

No method of transmission or storage is completely secure. If you believe your information may have been compromised, use the Start Small support form.

Automated Personalization

StartSmall uses onboarding answers, progress, and mission state to recommend missions, assign a starting level, unlock levels, and personalize app guidance.

This personalization does not produce legal or similarly significant effects. You can stop using the app, change available settings, reset local app data where available, or contact us about your data rights.

European Privacy Rights

If you are in the European Economic Area, you may contact us about your GDPR rights through the Start Small support form. You also have the right to lodge a complaint with your local supervisory authority or with the Estonian Data Protection Inspectorate.

• Estonian Data Protection Inspectorate: info@aki.ee
• Website: https://www.aki.ee

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date above and, where appropriate, provide additional notice in the app or on our website.

Contact Us

• NotA Robot OÜ
• Estonia
• Start Small support form