Privacy

The short version

Your intentions and reflections stay on your device. Nothing leaves your phone unless you enable iCloud backup or use the paid AI features. We ask before that happens.

What we collect

When you use Intentions you provide things like your first name, the spheres you choose, your daily intentions, anchor moments, pivotal moments, and evening reflections, along with any responses you write to the insights you receive. You also set preferences such as your lens, feedback style, and reminder times.

All of this is stored locally on your device using Apple's SwiftData. We do not run a server that stores your practice data. Apart from the optional iCloud backup and AI insights described below, your practice data stays on your device, where we cannot see, access, or delete it.

Where we operate

Intentions is currently available in New Zealand. We do not represent compliance with the EU General Data Protection Regulation, the UK GDPR, or other regional regulations beyond our launch market. If you use the app from outside New Zealand, our compliance representations do not extend to you.

This service operates under the laws of New Zealand. The NZ Privacy Act 2020 applies. Disputes are resolved under NZ jurisdiction.

When you visit this website

The Intentions website (daily-intentions.app) is served through Cloudflare. As part of delivering the site, Cloudflare logs basic technical information: IP address, browser type, page requested, and timing. This is the standard server log information any hosting provider records. We use Cloudflare's defaults; we have not added analytics, cookies, or third-party trackers.

This section is about the website only. Your practice in the Intentions app stays on your device; the only time it is sent to a server is when you use the paid AI features, described below. That is a separate use of Cloudflare, running our synthesis service, from the website hosting described here.

iCloud backup

Your intentions, reflections, and insights are stored on your device. By default, they are not included in any iCloud backup.

Intentions has a Backup your data setting in Account. It is off by default. When you turn it on, your practice is included in your iPhone's own iCloud Backup, alongside your other apps. That backup lives in your personal iCloud account and is governed by Apple's privacy policy. We never see it and have no access to it.

The backup is encrypted by Apple in transit and at rest. It is end-to-end encrypted only when you have Apple's Advanced Data Protection enabled in your iCloud settings.

Whether your iPhone makes an iCloud backup at all is controlled in your iOS settings:

Settings → [your name] → iCloud → iCloud Backup

While Backup your data is off, your practice stays on this device only.

If your data has never been backed up and you delete or reinstall the app, your practice data and any insights being generated at the time cannot be recovered.

AI features (paid)

Your daily practice never leaves your phone on its own. When you choose to receive an AI insight, and only after you give explicit consent, the writing from that period is sent to our processing service, which generates the insight and returns it to your device. This is your intentions, anchor moments, pivotal moments, reflections, and any responses you have written for that period. Along with this writing, the request includes the settings that shape the insight: your lens, your feedback style, and your chosen spheres. Your name is not part of what is sent; it stays on your device.

Your practice text is never stored. It exists only in memory for the few seconds the request runs, then it is gone. Our service does not log it, save it, or keep any way to read it back.

The service cannot link your writing to you. It is built in two separate parts that never share what each one knows. One part checks that you are entitled to an insight, and sees only an authorisation signal, never your writing. The other part processes your writing, and never sees who you are. The two pass a single short-lived, one-use token between them that carries no identity. So the part that reads your reflections cannot know whose they are, and the part that knows who you are never sees them. This separation is built into how the service works, not a promise we ask you to take on trust.

No one at Neonpale ever sees your practice text.

Two providers process your writing, and only while your insight is being generated:

• Anthropic PBC (United States) generates the insight. Anthropic deletes API inputs and outputs within 30 days and does not use them to train AI models. Their full retention policy is at privacy.claude.com.
• Cloudflare (global network) runs our processing service and keeps none of your writing.

Your writing is sent over an encrypted connection and is never sold or shared with anyone else. It is encrypted in transit but not end-to-end encrypted, because each provider has to process the text to do its work. As these providers are outside New Zealand, they may not be required to protect your information to the same standards as New Zealand's Privacy Act, though Neonpale remains responsible for it under that Act.

Your insight is delivered to your device. The local copy is yours to keep, edit, or delete. You can withdraw consent at any time in Account.

Anonymous usage data

When an AI insight is generated, our service records one anonymous entry about that request, so we can keep the product running and understand how it is used. The entry never contains your writing, and it is never linked to you.

Each entry holds things like the kind of insight (weekly, monthly, or quarterly), your lens and feedback style, the spheres the insight covered, whether it succeeded, how long it took, how much was written and generated (as counts, not text), and the country the request came from (worked out from your connection and then discarded, so we store no IP address and ask for no location permission). The time is kept only to the hour.

There is no account and no identifier anywhere in this, and no way to tie one entry to another or to a person. It is stored by Cloudflare on our behalf, and we keep these anonymous entries to understand trends over time. Because your daily practice never contacts our service, this only ever covers AI insights you have asked for.

Your rights

Because your data lives on your device, you can exercise most rights directly:

• Access: your data is visible in the app at all times
• Correction: edit intentions and reflections directly
• Portability: export a copy of your data in Account → Export your data
• Deletion: delete your reflections and insights, or reset the app entirely, in Account → Delete your data
• Withdraw consent: turn off AI features in Account at any time

For any privacy question, or questions about AI-processed data, write to support@daily-intentions.app.

If you are not happy with how we have handled your information, you can complain to the New Zealand Office of the Privacy Commissioner at privacy.org.nz.

Data controller

Intentions is a product of Neonpale Limited.

Neonpale Limited
132 Pupu Valley Road
Tākaka 7183
New Zealand

NZ Company Number 9431163 · NZBN 9429053689030

Neonpale Limited is the data controller for the personal information described in this policy. For studio-level and website company information, see the Neonpale privacy policy at neonpale.com/privacy.

Last updated 11 June 2026 · We'll notify you in the app of any material changes.