Privacy Policy
Last updated: 24 May 2026
This Privacy Policy explains how Peter Windridge-France, a sole trader based at 3 St James Terrace, Horsforth, Leeds, LS18 5QT, United Kingdom ("we", "us", "our") collects and uses your personal data when you use the Proud Man Plan mobile app and related services (the "Service").
We are the data controller for the personal data described in this Policy.
If you have any questions, contact us at petewindy@gmail.com.
1. Summary
We collect the minimum data we need to run the Service: your account details (from your sign-in provider), what you write into the App, your conversations with the AI coach, and your subscription status. We do not sell your data. We do not use it to train AI models. We do not show you ads.
The rest of this Policy explains the detail.
2. What we collect
Account data
When you create an account we collect:
- a unique identifier issued by our authentication provider (Clerk)
- your email address
- any name you provide
- the time you signed up and when you last signed in
If you sign in using Apple, Google or another social provider, the provider tells us your verified email and a stable unique identifier. We do not see your password for that provider.
Profile data
During onboarding we ask you to provide a display name (what you'd like the AI coach to call you) and to describe in your own words what tends to stop you following through on things. Both are stored against your account so the coach can refer to them in later sessions.
App content
When you use the Service we store the content you create:
- your active and past missions, including the title, what "done" means to you, and what you said you'd feel like when you've achieved it
- the weekly steps you commit to and their due dates
- whether each step was completed, paused, or abandoned
- the letters generated when you complete a step or a whole mission (these are written from your present self to your 12-year-old self and saved so you can re-read them)
- any feedback you submit through the in-app feedback form
AI coach interactions
When you talk to the AI coach, the messages you send and the messages the coach sends back during that session are passed to Anthropic (the AI provider) so the model can generate the next response. We do not store the back-and-forth itself — once the session ends, the conversation is gone. What we save is the structured output the coach helped you produce (your mission fields, your step description, the generated letter, the blockers answer from onboarding) as described in the sections above.
Subscription status
If you subscribe through the App Store or Play Store, we receive your subscription status (active, cancelled, expired) from RevenueCat. We do not receive or store your payment card details or your full Apple ID or Google ID; that information stays with Apple or Google.
Device data for push notifications
If you allow push notifications, we store an Expo Push Token issued for your device. This is a string of characters that lets us send a notification to your specific device. It is not your phone number, IMEI, or any other identifier you'd usually think of as personal.
Logs and basic diagnostics
We keep short-lived server logs (typically rotating every few days) recording errors and requests. These logs include limited technical information such as timestamps and account identifiers, used only to keep the Service running and fix problems.
We do not currently use third-party analytics or advertising trackers in the App.
3. Why we use your data and the legal basis
Under UK GDPR we need a legal basis for everything we do with your data. The bases we rely on are:
- Performance of a contract for most processing — you have asked us to provide the Service and we need to use your data to deliver it. This covers running the App, storing your missions and check-ins, generating coach responses, and managing your subscription.
- Consent for push notifications. You can withdraw this at any time in your phone's settings.
- Legitimate interests for keeping the Service secure, preventing fraud and abuse, improving the Service in an aggregate way, and dealing with enquiries you send us. We have weighed up these interests against your rights and freedoms and consider this proportionate.
- Compliance with a legal obligation where we have to keep records (for example, tax records that include subscription receipts).
4. Who we share your data with
We use the following service providers to run the Service. They process your data on our instructions, under written contracts that require them to protect it.
- Clerk — sign-in, account management. Based in the US.
- Convex — data storage and backend functions for the App. Based in the US, with our deployment region set to the EU (Ireland) where possible.
- Anthropic — the AI model that generates the coach's responses. Based in the US. Anthropic do not train their models on data sent through their commercial API, and they retain it only briefly for abuse monitoring (currently 30 days).
- Apple and Google — distribution of the App and, where you subscribe through their stores, payment processing. They are independent controllers of the data they collect from you in that role; please see their privacy policies.
- RevenueCat — managing your subscription entitlement so the App knows whether you have an active paid plan. Based in the US.
- Expo — issuing push notification tokens and delivering push notifications via Apple and Google's notification networks. Based in the US.
We do not sell your personal data. We do not share it with advertisers. We do not allow these providers to use your data for their own marketing.
We may share your data with law enforcement or a court if we are legally required to.
5. International transfers
Most of our service providers are based in the United States. When your data is transferred from the UK to a country that does not have UK adequacy status, we rely on the UK Addendum to the EU Standard Contractual Clauses, plus the supplementary measures our providers have in place, to protect your data to a level essentially equivalent to UK law.
6. How long we keep your data
We keep your personal data for as long as you have an active account, plus a reasonable period after that to deal with disputes, refunds, or legal obligations (typically up to seven years for billing records, in line with HMRC requirements).
If you close your account:
- your AI conversations, missions, steps, check-ins and letters are deleted within 30 days
- billing records may be retained for up to seven years for tax purposes
- backups may persist for up to 90 days before being overwritten
7. Your rights
Under UK GDPR you have the following rights about your personal data. You can exercise any of them by emailing petewindy@gmail.com.
- Access — ask for a copy of the personal data we hold about you
- Rectification — ask us to correct anything that is wrong
- Erasure — ask us to delete your data (subject to limits where we are required to keep it)
- Restriction — ask us to stop processing your data while a dispute is resolved
- Portability — ask for your data in a structured, machine-readable format so you can take it elsewhere
- Objection — object to processing we do on the basis of legitimate interests
- Withdraw consent — for anything we do based on consent
We will respond within one month, although we may extend that by a further two months for complex requests (we will tell you if so).
If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would appreciate the chance to address your concern first.
8. Security
We take reasonable steps to protect your data, including using HTTPS for all data in transit, relying on reputable service providers with their own strong security practices, and limiting access to your data to people who need it to run the Service.
No system is perfectly secure. If we discover a personal data breach that is likely to result in a risk to your rights and freedoms, we will report it to the ICO within 72 hours and tell you if the risk is high.
9. Children
The Service is not intended for anyone under 18. We do not knowingly collect data from anyone under 18. If you believe we have collected data from a child please contact us and we will delete it.
10. Cookies and similar technologies
The App does not use cookies. It does store small amounts of data on your device to keep you signed in and to remember your preferences. This data stays on your device and is not transmitted for tracking purposes.
We do not use advertising trackers, profiling cookies, or third-party analytics SDKs in the App.
11. Changes to this Policy
We may update this Policy from time to time. If we make material changes we will let you know in the App or by email. The "last updated" date at the top tells you when the current version took effect.
12. Contact
Peter Windridge-France 3 St James Terrace, Horsforth, Leeds, LS18 5QT, United Kingdom petewindy@gmail.com