Last updated: 14 May 2026 · Effective date: 14 May 2026
IFS App is operated by ZenApps UK (trading name of Web Print & Signs Ltd, Burnley, Lancashire, UK). We help people explore their inner world using the Internal Family Systems (IFS) framework. Because this work touches deeply personal mental-health material, we treat your data with the highest level of care and transparency.
This policy explains what personal data we collect, why we collect it, who we share it with, and what rights you have. If you have any questions, contact us at hello@ifsapp.co.uk (subject line: "Privacy Question").
Account data: When you create an account we collect your email address and an authentication credential (password hash). If you sign in via a third-party OAuth provider, we receive only the email address and profile name that provider shares with us.
Profile data: You may optionally provide a display name, pronouns, and an age range. None of these fields are required.
IFS practice data: The core purpose of the app is to help you record your internal experience. This includes: parts you identify (name, type, intensity, trust-in-Self score, notes), edges and relationships between parts, triggers you log, check-ins (mood, energy, anxiety scores), journal entries, body-map entries, Self-state readings across the eight Self-energy dimensions, AI conversation history within the in-app guide, and no-agenda sit records. This data is entered voluntarily and remains yours.
Device and usage data: We record your app install date, device platform (iOS/Android/web), app version, and an analytics consent flag. We do not collect precise location, contact lists, microphone recordings, or biometric data. The microphone permission (if granted) is used only for optional in-the-moment voice journaling; audio is transcribed on-device and the raw audio file is never uploaded to our servers.
Your IFS practice data (parts, journal entries, mood scores, triggers, session notes, AI conversations) constitutes health data and is classified as Special Category personal data under GDPR Article 9 and the UK Data Protection Act 2018. Google Play also categorises this as Sensitive Personal Information under its Data Safety requirements.
We process this data only on the legal basis of your explicit consent (Article 9(2)(a) UK GDPR). You give this consent during onboarding, and you can withdraw it at any time by deleting your account (see Section 8). Withdrawal of consent does not affect the lawfulness of processing before withdrawal.
We use your data to: deliver the app and save your progress securely across devices; generate personalised insights and summaries of your IFS work; power the in-app AI guide (using an Edge Function call to OpenRouter — see Section 6); send you account and security emails (password reset, deletion confirmation); and improve the app using aggregated, anonymised analytics (only if you have given analytics consent).
We do not use your mental-health data for advertising, sell it to third parties, or share it with employers, insurers, or any other party without your explicit permission.
Supabase (database, authentication, file storage): All app data is stored in Supabase. Supabase servers are hosted in the EU and US. Supabase is contractually bound as a data processor and cannot access your mental-health content. Data at rest is encrypted. We rely on Standard Contractual Clauses (SCCs) for any US-based processing.
OpenRouter (AI inference): When you use the in-app guide, your conversation messages are sent ephemerally to OpenRouter via our secure server-side Edge Function (ai-proxy). OpenRouter does not store, train on, or retain your data beyond 30 days of operational logs. Your mental-health content is not used to train any AI model.
We have no other third-party data processors. We do not embed advertising SDKs, social-media trackers, or analytics providers that collect personal data without consent.
The in-app guide is powered by a Large Language Model (LLM) accessed via OpenRouter. The current default model is google/gemini-2.0-flash-001 or an equivalent model. Conversations with the guide are not used as training data by any model provider. We apply configurable privacy filters to prevent sensitive content from being logged or retained beyond the active session. The AI guide is a reflective tool — it is not a therapist, clinician, or medical professional (see also Section 9, Not Medical Advice).
IFS App is rated Teen (13+) on Google Play and Apple App Store. Users under 16 in the European Economic Area (EEA) require verifiable parental or guardian consent before creating an account. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please email hello@ifsapp.co.uk and we will delete the account promptly.
You have the following rights regarding your personal data:
Right of access (Art. 15): Request a copy of all personal data we hold about you.
Right to rectification (Art. 16): Ask us to correct inaccurate data.
Right to erasure / "right to be forgotten" (Art. 17): Request deletion of your account and all associated data.
Right to restrict processing (Art. 18): Ask us to pause processing while a dispute is resolved.
Right to data portability (Art. 20): Receive your data in a structured, machine-readable JSON format.
Right to object (Art. 21): Object to processing based on legitimate interests.
In-app (fastest): Go to Settings → Privacy → Export My Data to download a full JSON export of all your data. To delete your account, go to Settings → Privacy → Delete My Account. Deletion is permanent and initiates the 30-day grace period described in Section 11.
By email: Send a request to hello@ifsapp.co.uk with the subject line "Data request — [your email address]". We will respond within 30 days as required by UK GDPR. For account deletion requests we will ask you to confirm your identity before proceeding.
Web form: You can also submit a deletion or export request by emailing hello@ifsapp.co.uk with subject "Delete my account". This method satisfies the Google Play account-deletion requirement for users who can no longer access the app.
While your account is active, we retain your data so you can access it across devices. We do not delete data solely due to inactivity.
When you delete your account (in-app or by request), we begin a 30-day grace period during which you can cancel the deletion. After 30 days, all personal data — including your profile, parts, journal entries, check-ins, AI conversation history, and uploaded files — is permanently hard-deleted from Supabase and all associated storage. Encrypted backups are retained for a maximum of 90 days after deletion and then purged.
Your data is protected by: Row-Level Security (RLS) on all Supabase tables, meaning our own application code cannot read another user's data; encryption at rest for all database tables and file storage; TLS encryption in transit for all API calls; and strict access controls — no ZenApps employee can read your mental-health content without your explicit permission. We review security practices regularly and apply patches promptly.
Supabase may replicate data across data centres in the EU and the United States. For any transfers to the US, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission and the UK Information Commissioner's Office. OpenRouter processes requests in the US; your conversation data is transmitted only for the duration of the request and is not retained beyond their 30-day operational log window.
We will notify you of material changes to this policy via an in-app banner at least 14 days before the change takes effect. The updated effective date will appear at the top of this page. Continued use of the app after the effective date constitutes acceptance of the revised policy.
Data controller: ZenApps UK (trading name of Web Print & Signs Ltd)
Address: Burnley, Lancashire, UK
Email: hello@ifsapp.co.uk
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.