Privacy Policy
Last updated: 3 July 2026 — v1.5.4
InnerSpace ("we", "our", or "us") is committed to protecting your privacy. This policy explains what information the InnerSpace app collects, how it is used, and your rights.
Optional cloud backup & sign-in (new in v1.5.4). InnerSpace works fully without an account and, by default, keeps your data on your device. You may optionally choose "Save Across Devices" in Settings to back up your progress to our secure servers and carry it to a new device. See "Cloud Sync & Account Sign-In" below for exactly what this involves.
Information We Collect
InnerSpace does not require you to create an account. The following data is stored locally on your device by default. It is transmitted off your device only if you turn on the optional Cloud Sync feature (see "Cloud Sync & Account Sign-In" below), or where a specific feature explicitly sends data (noted throughout this policy):
- Your listening history and recently played sessions
- Your saved Sound Temple mixes
- Your session streak, session statistics, and completed session/journey progress
- Your Growth Seeds data — active seed stage, watering history, completed trees, tier progress, and any personal intention you set for a seed cycle
- Your app preferences and settings
- Your private journal entries (note: if you choose to use the optional Dream Reflection AI feature, the dream text you submit to it is sent off-device for processing — see "AI-Assisted Reflection" below)
- The names and dates of any audio files you import into the app
Audio Streaming
Audio content produced by InnerSpace is streamed from secure cloud storage (Supabase). When you play a track, your device connects to our audio servers to stream or download the file. No personal data is sent during this process — only a standard file request.
Audio files may be cached locally on your device to improve performance and enable offline playback.
User-Imported Audio (My Tracks)
InnerSpace allows you to import your own audio files from your device and play them through the app alongside InnerSpace's sound layers. This feature is entirely local and private.
- Your files stay on your device. When you import an audio file, a copy is saved to the app's private local storage. It is never uploaded to our servers, shared with any third party, or transmitted over the internet for any reason.
- We do not read or process your audio content. The app plays your file locally. We have no visibility into the content of files you import.
- Metadata only. The file name and the date you added the track are stored locally in the app (on-device only) so your playlist persists between sessions.
- Full control. You can delete any imported track from within the app at any time. Doing so permanently removes both the copied file and its metadata from your device.
- System file picker. The app uses the operating system's file picker to let you select files. This does not grant the app ongoing access to your file system — only the specific file you choose at that moment.
Growth Seeds & Future Self Garden
InnerSpace includes a Growth Seeds system that tracks your daily app activity as a 7-day seed growth cycle. All data related to this feature is stored locally on your device by default. If you turn on the optional Cloud Sync feature ("Save Across Devices"), your garden data — including any intention text you set — is backed up to your own private, access-controlled record as described under "Cloud Sync & Account Sign-In" below.
This includes:
- Your active seed: current growth stage (Day 1–7), the date it was last watered, and any personal intention you chose to set at the start of a cycle.
- Completed trees: a permanent local record of each 7-day cycle you have completed, including the date, tier, and activity summary for that week.
- Tier progress: your current seed tier (Seed, Rooted, Awakened, Luminous, etc.) based on the number of completed cycles.
- Streak data: your consecutive daily session streak, longest streak, and any freeze charges earned.
Your intention text (if you choose to set one) is private. It is stored on your device and, only if you enable Cloud Sync, in your own private backup record that no one but your account can read. It is never used for advertising, analytics, or AI training, and is never shared with third parties.
AI-Assisted Reflection (Untangle a Thought & Dream Reflection)
InnerSpace includes optional AI-assisted reflection features. "Untangle a Thought" lets you type a thought for a gentle AI reply. "Dream Reflection" lets you submit a recorded dream — its text, any themes you tag, your waking mood, and whether it was lucid — for a warm, non-clinical AI reflection.
When you use either feature, the text you submit is sent securely to our backend (Supabase) and processed by Anthropic's Claude AI to generate a response. This applies to dream text too: although your journal and dream entries are otherwise stored only on your device, the specific text you choose to send to Dream Reflection does leave your device for AI processing.
We do not permanently store your conversation or dream messages on our servers. They are processed in real time to generate a reply and are not used to train AI models. Anthropic's data handling is governed by their privacy policy at anthropic.com/privacy.
These features are entirely opt-in. If you prefer not to use them, all other reflection tools in the app remain fully local and private.
AI Journey Creator (Labs)
The AI Journey Creator is an experimental feature available to subscribers. When you use it, a brief description of your intention is sent to our backend and processed by Anthropic's Claude AI to generate a personalised audio journey. The same data handling rules apply — no permanent storage, not used for model training.
Push Notifications
InnerSpace can send optional reminder notifications (for example, your chosen daily ritual time). Notifications require your explicit permission and can be turned off at any time in your device settings.
- Most reminders are scheduled locally on your device.
- If you grant notification permission, your device's push token (an APNs token on iOS, an FCM token on Android) is shared with RevenueCat so we can manage subscriber communications. This token identifies your device, not you personally, and is not used for third-party advertising.
Newsletter & Email Communications
InnerSpace offers an optional email newsletter you can sign up for through the app's Settings page or our website. Signing up is entirely voluntary.
If you choose to subscribe:
- What we collect: your email address only.
- How it is used: to send you periodic wellness tips, app updates, and InnerSpace news. We will never sell or share your email address with third parties for marketing purposes.
- Unsubscribe at any time: every email we send includes a one-click unsubscribe link. You can also remove yourself at any time by emailing us at hello@inner-space-studio.org.
- Data processor: email submissions are handled by Formspree — see their privacy policy at formspree.io/legal/privacy-policy.
Business & Venue Enquiries
InnerSpace offers a Corporate Wellness (B2B) licence and a Venue Licence for commercial wellness spaces. Enquiries for these products can be submitted via contact forms within the app or on our website.
If you submit a business or venue enquiry:
- What we collect: your name, email address, company or venue name, venue type (for venue enquiries), team size (for B2B enquiries), and any optional message you include.
- How it is used: solely to respond to your enquiry and, if applicable, set up your licence. We will not use your details for unrelated marketing without your consent.
- Data processor: enquiry form submissions are handled by Formspree. See their privacy policy at formspree.io/legal/privacy-policy.
Feedback & Ratings
InnerSpace includes an optional feedback form accessible from the Settings page and as a periodic in-app prompt. Submitting feedback is entirely voluntary.
If you submit feedback:
- What we collect: a star rating (1–5) and any optional text you choose to write.
- How it is used: solely to understand how the app is performing and where it can be improved. Feedback is not publicly displayed.
- Data processor: feedback submissions are handled by Formspree. No account or personal identifier is required to submit feedback.
Apple Health (HealthKit) — iOS Only
InnerSpace can optionally read your sleep and heart-rate-variability data from Apple Health to personalise your morning session recommendation, and can optionally write your completed sessions to Apple Health as Mindful Minutes. Both are separate, opt-in permissions you control.
- What we read: sleep duration from the previous night (Sleep Analysis) and recent heart rate variability (HRV). Reads are used locally on your device only and are never transmitted to our servers or any third party.
- What we write: if you enable Mindful Minutes logging, InnerSpace writes the start and end time of each completed session to Apple Health's Mindful Sessions, so your practice counts toward your Mindfulness. We only write Mindful Session entries — no other Health data type — and only when you turn this on.
- How reads are used: solely to recommend a session that matches how you slept and recovered. The data is cached on-device for a short window (up to 6 hours) and never leaves your device.
- Revoke at any time: you can change or withdraw either HealthKit permission at any time in your iPhone's Settings app under Privacy & Security → Health → InnerSpace.
InnerSpace does not share any Health data with third parties, does not use it for advertising, and does not combine it with other data sources.
Cloud Sync & Account Sign-In (Save Across Devices)
Cloud Sync is entirely optional. If you never turn it on, your data stays on your device exactly as described elsewhere in this policy. You can use every feature of InnerSpace without an account.
To let your progress follow you to a new device, InnerSpace offers an optional "Save Across Devices" feature in Settings. When enabled, it works as follows:
- Anonymous identity. So your data can be associated with you across sessions, the app creates an anonymous, device-based identity with our backend provider (Supabase). This happens silently and does not by itself identify you personally.
- Optional account link. To carry your data to another device, you may link your account using Sign in with Apple or Sign in with Google. When you do, we receive the account identifier (and the name/email you choose to share) from Apple or Google, solely to recognise you on other devices. You choose whether to link an account; it is never required.
- What is backed up. When Cloud Sync is on, the following is mirrored to your own private, access-controlled record on our secure servers (Supabase): your Growth Seeds garden and completed trees (including any intention text), streak and session statistics, mood history, journal and dream entries, your weekly Mirror reflections, and your app activity history. This is the same data otherwise held on your device. Apple Health data is always excluded: sleep and heart-rate-variability readings are stripped from every backup and never leave your device.
- Kept private to you. Your synced data is protected by per-user access controls (row-level security) so that only your account can read or write it. We do not sell it, use it for advertising, or use it to train AI models.
- Deletion. You can delete your account and all associated data at any time from Settings ("Delete Account"), which removes your data from both your device and our servers. You may also contact us to request deletion.
Cloud backup and sign-in are provided using Supabase (authentication and database) — see supabase.com/privacy. Apple and Google sign-in are governed by their respective privacy policies.
Subscription & Purchase Data
If you purchase a subscription, payment is processed through Apple App Store or Google Play. We use RevenueCat to manage subscription status. RevenueCat receives a non-identifiable purchase token to verify your entitlement — no payment card information is shared with us or RevenueCat. View RevenueCat's privacy policy at revenuecat.com/privacy.
Analytics & Crash Reporting
To understand how the app is used and to find and fix crashes, InnerSpace uses two service providers:
- PostHog (product analytics). We record a small set of anonymous usage events — for example that the app was opened, a session was completed, or the paywall was shown. These events are tied to a random, anonymous identifier, not to your name, email, or any account. They never include the content of your journals, dreams, moods, intentions, or AI conversations. See posthog.com/privacy.
- Sentry (crash & error reporting). If the app crashes or hits an error, a technical report is sent so we can fix it — the error message, app version, device model, and operating system version, tied to the same anonymous identifier. Crash reports never include your personal content. See sentry.io/privacy.
We do not use any advertising SDKs, do not sell any data, and do not use analytics or crash data for advertising or profiling.
Third-Party Services
We use the following third-party services:
Children's Privacy
InnerSpace is not directed at children under the age of 13. We do not knowingly collect any information from children.
Your Rights
Because InnerSpace stores your data locally on your device by default, you have full control at all times. You can clear your listening history, delete imported tracks, reset your stats, or wipe all app data from the Settings screen within the app.
If you have enabled Cloud Sync, using "Delete Account" or "Reset All Data" in Settings also removes your backed-up data from our servers. You may additionally contact us at any time to request deletion of any account or synced data we hold.
If you have subscribed to our newsletter, you may unsubscribe at any time using the link in any email we send, or by contacting us directly. You may also request that we delete your email address from our mailing list.
If you have used any opt-in AI features or submitted feedback and wish to request deletion of any server-side records, please contact us using the address below.
Changes to This Policy
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated date. Continued use of the app after changes constitutes acceptance of the updated policy.