← Back to selfReset

Privacy Policy

Last updated: May 2026 ·  Effective immediately

In plain language

1. Who we are

selfReset is a wellness application built for desk professionals. It is operated by the selfReset team based in Bengaluru, India. For privacy questions, contact us at privacy@selfreset.app.

2. What data we collect and why

Account data

When you create an account we collect your name and email address. Your password is hashed by Supabase Auth and is never stored or accessible in plain text by us.

You may also sign in using Google Sign-in. When you use this option, Google authenticates you and shares your name and email address with us via Supabase's OAuth integration. We do not receive your Google password. Google's use of your data during sign-in is governed by Google's Privacy Policy. We only store the name and email that Google provides — no other Google account data is collected or retained.

Health and wellness data

To personalise your sessions, we collect:

  • Pain areas — the body areas you select (e.g. neck, lower back, wrists)
  • Health conditions — conditions you optionally disclose so we can exclude unsafe poses (e.g. hypertension, herniated disc). This data is stored encrypted and is never shared with your employer.
  • Session history — which sessions you complete, duration, and poses completed
  • Pain feedback — the emoji rating you give after each session
  • Streak and activity data — your consecutive-day practice streak and total minutes

Why we need it: This data powers the contraindication filtering that keeps you safe, personalises your session recommendations, and shows you your progress in the Journal screen. Without it, the app cannot function as designed.

Device and usage data

We collect standard technical data including your device type, operating system, and browser. We do not collect your precise location, contact list, camera access, or microphone (the app uses your device's text-to-speech engine locally — no audio is transmitted to our servers).

What we do NOT collect

  • We do not place advertising trackers or pixels
  • We do not integrate with Facebook, Google Ads, or any advertising network
  • We do not collect biometric data (heart rate, weight, BMI)
  • We do not read your contacts, messages, or other apps

3. How we use your data

We use your data exclusively to:

  1. Deliver and personalise the service — selecting appropriate sessions, filtering contraindicated poses, tracking your progress
  2. Improve the product — understanding which sessions are most used helps us prioritise content improvements
  3. Send service communications — account confirmations, password resets, and (if enabled) session reminders
  4. Provide aggregate corporate analytics — if you are part of a corporate deployment, we provide your employer with anonymous aggregate data only (see Section 5)

We do not use your health data to train AI models or machine learning systems.

4. Data storage and security

Your data is stored in a Supabase database hosted on AWS in the Mumbai (ap-south-1) region. For users in India, this keeps your data within the country as required by DPDP Act 2023. International users' data is handled in accordance with applicable local data protection regulations. All data is encrypted at rest and in transit using industry-standard AES-256 encryption.

Row-Level Security (RLS) policies are enforced at the database level, meaning your data rows are technically inaccessible to other users even if a software bug were to occur. Each user can only query their own rows.

Access to the database is restricted to the selfReset development team using service-role credentials. We do not share database access with third parties.

5. Corporate and employer deployments

If selfReset is deployed at your company, your employer has access to an HR dashboard showing only anonymous aggregate data — participation rates, session completion trends, and area-of-concern summaries across the team as a whole.

Your employer cannot see:

  • Your individual pain areas or health conditions
  • Which sessions you complete or skip
  • Your pain feedback ratings
  • Your streak or activity history
  • Any personally identifiable wellness information

This is enforced technically at the database level, not just by policy. The corporate analytics table contains only pre-aggregated numbers — individual rows are not accessible through the HR dashboard under any circumstances.

6. Data sharing and third parties

We share data with the following third parties, solely to operate the service:

ServicePurposeData shared
Supabase (AWS Mumbai)Database and authenticationAll user data, encrypted at rest
VercelApp hosting and deliveryRequest logs only, no health data
Google Fonts (CDN)Typography (DM Sans, DM Serif)IP address only, no personal data

We do not sell your personal data to any third party. We do not share your data with data brokers, advertisers, or marketing platforms.

7. Your rights under India's DPDP Act 2023

Under the Digital Personal Data Protection Act 2023, you have the following rights:

  • Right to access — You can view all your data in the app (Profile and Journal screens). You may also request a full data export by emailing us.
  • Right to correction — You can update your name, pain areas, and conditions directly in the Profile screen at any time.
  • Right to erasure — You can permanently delete your account and all associated data from Profile → Delete Account. Deletion is irreversible and takes effect within 30 days.
  • Right to withdraw consent — You can stop using the app at any time and request data deletion as above.
  • Right to grievance redressal — Contact us at privacy@selfreset.app. We will respond within 30 days.

8. Data retention

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently deleted within 30 days. Anonymised aggregate analytics data (with no link to your identity) may be retained for product improvement purposes.

Session logs older than 12 months may be archived in anonymised form for product analytics and safety research.

9. Children

selfReset is designed for working professionals and is not intended for users under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us at privacy@selfreset.app and we will delete the account.

10. Medical disclaimer

selfReset is a wellness application, not a medical device or healthcare service. The sessions and guidance provided are for general wellbeing purposes only and are not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional before beginning any new physical practice, especially if you have a pre-existing medical condition.

If you experience pain, dizziness, or discomfort during a session, stop immediately and seek appropriate medical care.

11. Changes to this policy

We may update this policy as the product evolves. We will notify you of significant changes by email or an in-app notice at least 14 days before they take effect. Continued use of the app after that date constitutes acceptance of the updated policy.

12. Contact us

For any privacy questions, data requests, or concerns:
Email: privacy@selfreset.app
Response time: Within 30 days as required by DPDP Act 2023

HomeTerms of Service© 2026 selfReset. All rights reserved.