← Find Your Jewels

Privacy Policy

Effective date: April 20, 2026

Last updated: April 20, 2026

Find Your Jewels is operated by BDB Coaching, LLC (“we,” “us,” “our”), a Virginia limited liability company. This policy explains what data the app collects, what stays on your device, what leaves it, and why.

We wrote this in plain English. If anything is unclear, email james@builddontbeg.com and we’ll answer.

The short version

  • Your raw voice and raw transcripts never leave your phone. Period.
  • We don’t run analytics, tracking, or advertising SDKs of any kind.
  • We don’t sell your data. We don’t share it. We don’t train AI on it.
  • The only thing that crosses the network is sanitized text: names, phone numbers, SSNs, emails, addresses, and financial amounts are replaced with aliases on your device before anything is sent anywhere.
  • The AI providers we use (Anthropic and ElevenLabs) see only that sanitized text, and per their published policies they do not train on it.

If you’re here because you want to know “is this app safe to pour my guts into?”. Yes. That’s the entire point of the architecture.

What stays on your device (and only your device)

These things live in local storage on your iPhone and are never transmitted anywhere:

  • Raw audio recordings from your voice entries
  • Raw transcripts (the actual words you spoke or typed)
  • Photos you attach to entries
  • Your language profile and sabotage signature (created during onboarding)
  • Your goals, entries, jewel count, streaks
  • The ledger of alias mappings (e.g., “Sarah → Person_A”) used to keep aliases consistent between sessions

This data is protected by iOS Data Protection (the operating system’s built-in encryption), which means it’s encrypted at rest when your device is locked.

If you uninstall the app, all of the above is deleted. We can’t recover it because we never had it.

What leaves your device (and where it goes)

When you ask the in-app agent to do something with an entry (talk through it, extract tasks, rewrite it as a clean journal, generate your Top 3 for the day), the app does this on your device first:

  1. Scans the text for sensitive content (names, phone numbers, email addresses, SSNs, credit card numbers, street addresses, dollar amounts, large numbers) using a combination of regular expression rules and Apple’s on-device Natural Language framework.
  2. Replaces each sensitive item with a consistent alias (e.g., “Sarah” → “[Person_A]”, “Acme Corp” → “[Company_B]”). The mapping never leaves your device.
  3. Shows you what will be sent and lets you review or override each substitution before transmission.
  4. Only after you approve, sends the sanitized text to the following services.

Anthropic (Claude AI)

  • What they receive: the sanitized version of your entry and the agent’s conversation context
  • Why:to generate the agent’s reply
  • Retention: Anthropic retains API data for up to 30 days for abuse monitoring, then deletes it. They do not train their models on API data.
  • Their policy: anthropic.com/legal/privacy

ElevenLabs (Text-to-Speech)

  • What they receive: the sanitized text of the agent’s reply (only when you have voice reply enabled)
  • Why:to convert the agent’s written reply into spoken audio
  • Retention: per their stated retention policy
  • Their policy: elevenlabs.io/privacy

Supabase (our edge function host)

  • What they receive: the sanitized payload in transit as a relay to Anthropic and ElevenLabs
  • Why: to keep our API keys secret from the app binary and enforce abuse limits
  • Retention: Supabase does not persist your message content. Our edge function forwards and discards it
  • Their policy: supabase.com/privacy

Apple (speech recognition)

  • What they receive: nothing over the network. The app uses Apple’s on-device speech recognition. Your voice is transcribed locally on the phone and never sent to Apple servers.

What we don’t collect

We want to be explicit about what we don’t do, because most apps do these and we don’t:

  • No analytics. We do not use Google Analytics, Mixpanel, Amplitude, Segment, or any similar tool.
  • No crash reporting. We do not use Sentry, Crashlytics, or similar.
  • No advertising SDKs. We do not track ad attribution or run ad networks.
  • No social SDKs. No Facebook, Google, or Apple sign-in trackers.
  • No cross-site or cross-app tracking. There are no tracking identifiers tied to your device or Apple ID.
  • No account system. There is no login, no email requirement, no password. You are anonymous to us.

Permissions the app asks for

  • Microphone: required to record voice entries. Audio stays on your device.
  • Speech Recognition: required to transcribe your voice on-device. Nothing is sent to Apple.
  • Camera (optional): only if you choose to attach photos.
  • Photo Library (optional). Only if you choose to attach photos from your library.

You can deny or revoke any of these in Settings → Find Your Jewels. The core capture features still work with text input if you deny microphone access.

How long is data kept?

  • On your device: until you delete the entry, change the retention policy, or uninstall the app. Entries marked “Keep as journal” are kept indefinitely. Other entries auto-delete after your chosen retention window (7, 30, or 90 days).
  • At Anthropic: up to 30 days for abuse monitoring, then deleted.
  • At ElevenLabs: per their policy.
  • At Supabase: not persisted. The edge function relays and discards.
  • With us:we don’t have a server that stores your content. Nothing to keep.

Your rights

Regardless of where you live, you can:

  • Delete everything: uninstall the app. All local data is erased.
  • Export your entries: use the “Export to Obsidian” share action inside the app. Your data becomes markdown you own.
  • Contact us: email james@builddontbeg.com with any question or request.

If you are in the European Union, United Kingdom, or California, you have additional statutory rights under GDPR, UK GDPR, or the CCPA. Including the right to access, correct, or delete personal data we hold about you. As noted above, we don’t hold content data on servers, so there’s usually nothing to access or delete on our side. For any other request under these laws, email us and we’ll respond within 30 days.

Children

Find Your Jewels is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has used the app, please email us and we will delete any information about the child from our systems.

Security

Our architecture is designed to give us as little of your data as possible, which is the most reliable form of security there is: what we don’t have, we can’t lose. In addition:

  • Network requests use HTTPS only.
  • The sanitizer is enforced at the TypeScript type level: outbound network calls refuse to compile without a branded SanitizedText value.
  • Sensitive content detection runs on-device before any transmission.
  • Edge function access is rate-limited and authenticated.

No system is perfectly secure. If you discover a security issue, please report it to james@builddontbeg.com before disclosing publicly, and we will respond within 72 hours.

Changes to this policy

We may update this policy as the app evolves. If we make a material change, we will update the “Effective date” above and notify active users inside the app. Continued use after an update means you accept the updated policy.

Prior versions are available on request.

Contact

BDB Coaching, LLC

Virginia Beach, Virginia, USA

Email: james@builddontbeg.com

For privacy requests, security reports, or any question about this policy, email the address above. We aim to respond within 72 hours for routine requests and 30 days for formal statutory requests.