Your messages are evidence, not training data.

When you pair your messaging account with ThoughtSpasm, we ingest messages you send to yourself — text, links, and timestamps. We do not ingest messages from other chats, group conversations, contacts, media galleries, or anything outside the self-chat scope you paired.

We also collect the operational data needed to run the product on your behalf: an account identifier, your timezone (so reminders fire at sensible local hours), device push tokens, and a paired-session token that proves your phone authorised the connection.

We use the messages you've sent yourself to derive the items shown in the app — reminders, tasks, notes, links, and questions. We use your item history to determine priority, to schedule push notifications, and to power the search and rescheduling tools.

We use operational telemetry (errors, response times, processor attempts) to keep the service reliable. This telemetry never includes the contents of your messages.

ThoughtSpasm uses Google's Gemini family of language models to read new messages and decide whether to create, update, resolve, or cancel an item. For each new message we send: that message, your recent messages in the same chat (a short window), and a slim description of your currently active items. We do not send your full history or anything from other accounts.

We have configured our usage of the Gemini API so that your prompts and completions are not used to train Google's models or those of any third party. We do not use your data to train any model of our own.

We share data with a small set of vendors strictly necessary to operate ThoughtSpasm: a cloud database provider for storage, the Gemini API for reconciliation, Expo's push delivery infrastructure for notifications, and an analytics provider that receives aggregate, non-content event counts (e.g. "screen viewed", "notification opened").

We do not sell your data. We do not share it with advertisers. We do not share it with other ThoughtSpasm accounts under any circumstances.

Your data is stored in encrypted databases hosted in the European Union. Backups are encrypted, geographically separated, and rotated on a 30-day cycle.

You can delete any individual message or item at any time. When you delete an item, every history entry derived from it is removed; when you delete a message, every derivation traceable to it is also purged. Closing your account triggers a hard delete of all personal data within 30 days, including from rolling backups.

All traffic between your devices and our servers uses TLS 1.3. Data at rest is encrypted with AES-256. Access to production data requires the requestor and a second engineer to approve the operation in an audit log.

You can revoke the pairing at any time from inside your messaging app's linked devices screen. Once revoked, ThoughtSpasm immediately stops receiving new messages from that account.

You have the right to know what we hold about you, to export a copy of it, to correct anything inaccurate, to delete it, and to object to the processing described above. These rights apply to all ThoughtSpasm users regardless of where you live.

To exercise any of these rights, email hello@echoeyecodes.com from the address linked to your account. We respond within 14 days and never charge a fee.

ThoughtSpasm is not directed to children under 16. If you believe a child has paired a messaging account with ThoughtSpasm, write to us and we will delete the account and all associated data.

We will update this policy as the product evolves. Material changes — anything that expands what we collect, what we share, or how long we keep it — will be announced in the app at least 14 days before they take effect. We keep an archive of every prior version linked from this page.

Questions about this policy, or about how we handle a specific piece of data, go to hello@echoeyecodes.com. A real person reads everything that comes in.