Stint

Stint Privacy Policy

Last Updated: May 16, 2026 · Effective: May 16, 2026

This Privacy Policy explains how Stint LLC, a Virginia limited liability company ("Stint," "we," "us," or "our"), collects, uses, discloses, and otherwise processes personal information when you use the Stint mobile application, our website at stint.tech, and any related services (collectively, the "Service"). This Privacy Policy is incorporated into, and forms part of, our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.

By using the Service, you acknowledge and agree to the practices described in this Privacy Policy. If you do not agree, do not use the Service.

1. Eligibility and Children

The Service is intended for individuals at least sixteen (16) years of age. We do not knowingly collect personal information from anyone under 16. If we learn that we have collected personal information from a child under 16, we will delete it as soon as practicable. Parents or guardians who believe their child under 16 has provided personal information should contact us at privacy@stint.tech.

COPPA Compliance (Children Under 13). In compliance with the Children's Online Privacy Protection Act ("COPPA"), 15 U.S.C. § 6501 et seq., we do not knowingly collect, use, disclose, or retain personal information from children under the age of 13. The Service is not directed to children under 13. If we discover that a child under 13 has provided personal information, we will delete that information and terminate the associated account within 48 hours of discovery. For users between the ages of 13 and 15, we apply the same protections as for all users under 16.

2. Information We Collect

We collect the categories of information described below.

2.1 Information You Provide Directly

  • Account Information. When you create an account using Sign in with Apple, Sign in with Google, email one-time passcode, or email and password, we collect identifiers such as your email address, name (where provided by the authentication provider or entered by you), and a unique account identifier. If you use Sign in with Apple's private email relay, we receive a relayed Apple email address rather than your personal email.

  • Onboarding Inputs. During onboarding, we collect information you provide about your goals, ambitions, blockers, current situation, timelines, and self-described traits (collectively, your "Goal Inputs").

  • Chat and Coaching Messages. The text of messages you send to the Service, including your prompts to the AI and the AI's responses, and any associated metadata (timestamps, conversation surface, model used, token counts).

  • Voice Recordings and Transcripts. Audio captured by your device's microphone while you use voice features ("Hold to Talk," brain-dump dictation, etc.) and the transcripts derived from that audio. Speech recognition is performed by Apple's on-device or server-side Speech framework; we receive and store the resulting transcript text. Audio itself is not retained on our servers as a separate record once transcription is complete, except where briefly buffered in transit.

  • Personalization and Memory Data. Facts and inferences the Service learns about you over time (your interests, working style, preferences, recurring blockers, the people and projects you talk about, etc.), maintained as a structured memory profile and used to tailor AI Output.

  • Tasks, Plans, Progress, and Logs. Tasks generated for you, your completion status, streaks, scheduling, and feedback you provide on tasks.

  • Subscription and Purchase Data. Whether you have an active Subscription, plan tier, and payment status. We do NOT receive or store your full payment-card number, full bank account number, or similar payment credentials; those are handled by the Apple App Store and StoreKit.

  • Support Communications. Information you send us when you contact support, request data access or deletion, or otherwise correspond with us.

  • Feedback. Any feedback, suggestions, or ideas you submit.

2.2 Information Collected Automatically

  • Device and Technical Data. Device model, operating system version, application version, language, time zone, generalized location inferred from IP address (country and region only, not precise location), crash data, and diagnostic events.

  • Usage and Interaction Data. Events and properties tracked by our product-analytics provider (PostHog), including which screens you view, which buttons you tap, when you complete onboarding steps, when you submit prompts, when you start or complete tasks, when you change plans, and similar product-engagement signals.

  • Session Replay. We use tools such as PostHog to record on-device interactions for product improvement, debugging, and security purposes. These recordings capture your screens, taps, scrolls, and other interactions with the Service. While we make reasonable efforts to mask highly sensitive data fields, not all user content will be blurred, and by using the Service you consent to these recordings and the potential capture of the information displayed on your screen.

    EU/UK Users — Session Replay Consent. If you are located in the European Economic Area or the United Kingdom, session replay is disabled by default and will only be activated following your explicit opt-in consent, which you may grant or withdraw at any time through the in-app Privacy Controls (Settings → Privacy → Session Recording). Withdrawing consent stops future recordings prospectively but does not delete prior session-replay data already transmitted.

  • Error and Performance Data. When an error occurs in the Service, Sentry collects diagnostic information including stack traces, breadcrumbs (recent user-interaction events), failed-request metadata, application state, and, in some cases, a view-hierarchy snapshot of the screen at the time of the error. This data includes user identifiers (such as your user ID and email) and is used to diagnose and fix bugs.

  • Subscription Telemetry. Superwall and StoreKit emit events describing paywall presentations, plan selections, purchase attempts, and Subscription status. These events include device and purchase identifiers but do not include payment credentials.

  • Authentication Provider Data. When you sign in via Apple or Google, we receive the identifiers and basic profile fields those providers return (e.g., a stable user ID, an email or relay email, and a display name on first sign-in).

  • Push Notification Tokens. If you grant notification permission, the operating system provides a push-notification token used to deliver notifications to your device.

2.3 Information We Do NOT Collect

We do not currently use third-party advertising or marketing pixels inside the iOS application. We do not currently collect precise geolocation, contacts, calendar data, photos, camera data, biometric identifiers (such as voiceprints, facial scans, or other biological characteristics used for identification), or App Tracking Transparency (ATT) tracking identifiers from the iOS application. For clarity, while we process voice audio temporarily for transcription, we do not conduct acoustic modeling, voice authentication, or emotional state analysis, nor do we create or store biometric voiceprints. We do not currently maintain a third-party email-marketing platform. If we add any of these in the future, we will update this Privacy Policy and obtain any necessary explicit opt-in consents as required by biometric privacy laws (such as BIPA).

3. How We Use Information

We use the information described above to:

(a) Provide, operate, and maintain the Service, including generating personalized AI Output, daily tasks, plans, and chat responses; (b) Build and update your personalized memory profile so that the Service can tailor future AI Output to your goals, context, and preferences; (c) Authenticate you, manage your account, and provide customer support; (d) Process Subscriptions, free trials, billing, renewals, cancellations, and refunds (in conjunction with the Apple App Store and Superwall); (e) Send you transactional communications (account, billing, security, and service-related messages) and, where you have consented or where permitted by law, product updates; (f) Send push notifications you have authorized (e.g., task reminders, progress prompts); (g) Monitor, analyze, and improve the Service, debug errors, measure product performance, and develop new features (including via PostHog analytics and Sentry error tracking); (h) Train, fine-tune, evaluate, and improve our own AI models and prompts, in accordance with Section 7 of the Terms of Service. Where reasonably possible we use de-identified, aggregated, or anonymized data for this purpose, but we do not guarantee that all training data is de-identified; (i) Detect, investigate, and prevent fraud, abuse, security incidents, violations of our Terms of Service, and other harmful or illegal activity; (j) Comply with legal obligations, respond to lawful requests from governmental authorities, and enforce our agreements; and (k) For any other purpose described to you at the point of collection or for which you have provided your consent.

4. How We Share Information

We do not sell your personal information for money. We share information with the following categories of recipients, in each case under written data-processing agreements where required and only as needed:

4.1 Service Providers and Processors

We share information with vendors that help us operate the Service. Our current key vendors include:

  • Amazon Web Services, Inc. (AWS) and Amazon Bedrock — cloud infrastructure and the hosted environment through which we access Anthropic's Claude family of large language models.
  • Anthropic, PBC — Claude family of large language models, accessed via Amazon Bedrock. We send prompts, conversation context, relevant memory excerpts, and Goal Inputs to generate AI Output.
  • OpenAI OpCo, LLC (ChatGPT) — large language models used for AI Output generation. We send prompts, conversation context, and memory excerpts to generate responses.
  • Google LLC (Google Cloud / Google AI) — Gemini family of large language models, used for chat summarization, task generation, memory extraction, and related processing. We send prompts, conversation context, and relevant memory excerpts to generate AI Output.
  • Supabase, Inc. — cloud database, authentication, edge functions, and storage that host your account, messages, memory, goals, tasks, and related data.
  • PostHog, Inc. — product analytics, feature usage tracking, and (if enabled) session replay.
  • Functional Software, Inc. d/b/a Sentry — error and performance monitoring, including stack traces, breadcrumbs, view-hierarchy snapshots, and user identifiers attached to errors.
  • Superwall Labs, Inc. — paywall presentation, subscription state management, and related telemetry.
  • Apple Inc. — App Store, Sign in with Apple, the Speech framework (speech recognition), push notifications, and StoreKit (in-app purchases and subscription management).
  • If you sign in with Google, Google LLC also acts as an authentication provider.

The vendors above use your information as permitted in their agreements with us, as required by law, or as described in their respective privacy notices. You expressly acknowledge that once data is transmitted to third-party AI providers (such as AWS Bedrock, Anthropic, Google, and OpenAI), it is governed by their respective practices. We do not control their servers, internal processes, or data retention policies, and we disclaim all liability regarding their processing or potential exposure of your data.

4.2 AI Provider Training

We make commercially reasonable efforts to configure our enterprise contracts and API calls so that our AI providers (currently Amazon Bedrock and Google) do not use our customer data to train their general-purpose foundation models. We do not guarantee that providers will honor these requests.

4.3 Legal, Safety, and Compliance

We may disclose information to law-enforcement agencies, regulators, courts, other governmental authorities, or third parties: (a) to comply with applicable law, legal process, or governmental requests; (b) to enforce the Terms of Service; (c) to protect the rights, property, safety, or security of Stint, our users, or others; or (d) to investigate, prevent, or address fraud, security, or technical issues.

4.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of that transaction, subject to applicable law.

4.5 With Your Consent or at Your Direction

We share information for other purposes when you direct us to or otherwise consent to the sharing.

4.6 Aggregated or De-Identified Data

We may create and share aggregated, anonymized, or de-identified data that does not reasonably identify you. We may use and share such data for any purpose, including research, benchmarking, marketing, and commercial use.

5. AI Processing, Training, and Memory

The Service is built on generative AI. When you interact with it, your prompts, voice transcripts, memory excerpts, Goal Inputs, and related context are transmitted to our AI providers (currently Amazon Bedrock and Google) for inference. The Service may also use your content to train, fine-tune, evaluate, and improve our own AI models and prompts, as described in Section 7 of the Terms of Service. Stint covenants to programmatically sanitize, de-identify, and filter out direct and indirect personal identifiers before any content is utilized for model optimization.

You should assume that any content you submit to the Service may be reviewed, by humans or machines, for quality, safety, abuse-detection, debugging, or model-improvement purposes.

The Service builds and stores a personalized memory profile based on your interactions. You can request to view, edit, or delete memory entries via in-app controls or by contacting privacy@stint.tech. Memory deletion is prospective: AI Output already generated using earlier memory states cannot be retroactively unwound.

DO NOT submit information you consider confidential, secret, privileged, or sensitive to the Service. See Section 7.5 of the Terms of Service.

6. Cookies and Similar Technologies

Our website at stint.tech may use cookies, local storage, and similar technologies to operate the site, remember preferences, and measure usage. Within the iOS application, we use device-level identifiers and SDK-managed local storage (provided by PostHog, Sentry, Superwall, and Supabase) instead of browser cookies. You can manage cookies through your browser settings.

We honor Global Privacy Control (GPC) signals where required by applicable law. We do not currently engage in cross-context behavioral advertising or "share" personal information for cross-context behavioral advertising as those terms are defined under California law.

7. Data Retention

We retain your personal information for as long as your account is active, as needed to provide the Service, and as required for legal, accounting, audit, security, fraud-prevention, dispute-resolution, or similar purposes. Specifically:

  • Account data, messages, memory, goals, and tasks are stored in our backend (Supabase) for the life of your account.
  • When you delete your account, we apply a tiered retention schedule:
    • Immediate deletion (within 30 days): Your email address, display name, authentication tokens, push-notification tokens, device identifiers, memory profile, and Goal Inputs are permanently deleted.
    • Pseudonymized retention (up to 24 months): Chat transcripts and AI-interaction logs from which all direct and reasonably indirect personal identifiers have been removed are retained solely for fraud prevention, legal compliance, security, and aggregate model-improvement purposes. After 24 months, these records are permanently deleted or further reduced to anonymous statistical aggregates.
    • Indefinite retention: Only truly aggregated, anonymous statistical data (e.g., aggregate token counts, feature-usage percentages, model-performance benchmarks) that cannot reasonably be re-linked to any individual.
  • Encrypted backups maintained by our infrastructure providers may persist for a limited additional period (typically up to thirty (30) days) before being overwritten or deleted in the ordinary course of backup rotation.
  • Aggregated, anonymized, or de-identified data that cannot reasonably be re-linked to any individual may be retained indefinitely.
  • Analytics events in PostHog and error data in Sentry are retained in accordance with our configured retention settings (typically ninety (90) days to one (1) year), after which they are deleted by the provider.

8. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS) and at rest, role-based access controls, row-level security on our database, and least-privilege keys for AI providers. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials.

Data Breach Notification. In the event of a security breach involving your personal information, we will notify affected users and applicable regulatory authorities as required by law. Where GDPR applies, we will endeavor to notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of a breach as required by GDPR Article 33, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34). Notifications will describe the nature of the breach, the categories and approximate number of records affected, the likely consequences, and the measures taken or proposed to address the breach and mitigate its effects.

9. International Data Transfers

We are based in the United States, and our infrastructure providers operate in the United States and other jurisdictions. By using the Service, you understand and agree that your personal information will be transferred to, stored in, and processed in the United States and other jurisdictions whose data-protection laws may differ from those of your country. Where required by law, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) for cross-border data transfers.

10. Your Choices and Rights

Account Settings. You can view and update certain account information, manage notification preferences, manage memory entries, and delete your account from within the application.

Microphone, Notifications, and Speech Recognition. You can grant or revoke these device-level permissions at any time through your iOS Settings. Revoking microphone access disables voice features prospectively.

Marketing Communications. You can opt out of non-essential marketing emails at any time by using the unsubscribe link in those emails or by contacting privacy@stint.tech. Transactional and service messages may continue to be sent.

Data Access, Correction, and Deletion. You may request a copy of the personal information we hold about you, correction of inaccurate data, or deletion of your data by contacting privacy@stint.tech or by using in-app controls where available. We will respond within the time required by applicable law. Verification of your identity may be required.

11. Virginia Consumer Data Protection Act (VCDPA)

If you are a Virginia resident, you have the following rights under the VCDPA:

  • Right of Access — to confirm whether we process your personal data and to obtain a copy of it;
  • Right to Correct — to correct inaccuracies in your personal data;
  • Right to Delete — to delete your personal data;
  • Right to Data Portability — to obtain your personal data in a portable and, to the extent technically feasible, readily usable format;
  • Right to Opt Out — of the processing of your personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects;
  • Right to Appeal — to appeal a decision we make in response to your rights request.

We do not currently engage in the "sale" of personal data, targeted advertising as defined by the VCDPA, or profiling that produces legal or similarly significant effects concerning Virginia consumers.

To exercise your VCDPA rights, contact privacy@stint.tech.

12. California Privacy Notice (CCPA/CPRA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"). This Section supplements the rest of this Privacy Policy.

12.1 Categories Collected. In the preceding twelve (12) months, we have collected the following categories of personal information about California consumers:

  • Identifiers (e.g., name, email, account ID, IP address, device identifiers, Apple/Google provider IDs);
  • Customer records (e.g., billing information maintained by the App Store; we do not store payment-card numbers);
  • Internet/network activity (e.g., usage events, screen views, interaction events, error data);
  • Audio information (voice recordings briefly processed for transcription) and the resulting transcripts;
  • Inferences drawn from the above to create your personalized memory profile;
  • Other information you choose to provide (e.g., Goal Inputs, chat content).

We do not knowingly collect "sensitive personal information" as that term is defined under the CCPA/CPRA, except to the extent you choose to include it in your chat messages, voice input, or memory entries. We ask that you NOT submit such information.

12.2 Sources of Collection. Directly from you; automatically from your device and your interactions with the Service; from authentication providers (Apple, Google); from our subprocessors.

12.3 Business and Commercial Purposes. As described in Section 3 above.

12.4 Categories of Recipients. As described in Section 4 above.

12.5 No Sale. We do not "sell" personal information for monetary consideration as that term is commonly understood. We do not "share" personal information for cross-context behavioral advertising as defined under the CCPA/CPRA. We do not have actual knowledge of "selling" or "sharing" personal information of consumers under sixteen (16) years of age.

12.6 Your Rights.

  • Right to Know / Access — request a copy of the specific personal information we have collected about you and disclosures relating to it.
  • Right to Delete — request that we delete personal information we have collected from you.
  • Right to Correct — request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing — as noted, we do not sell or share, but you may submit a request and we will respond.
  • Right to Limit Use of Sensitive Personal Information — as noted, we do not use sensitive personal information for purposes that require this right.
  • Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA/CPRA rights.

12.7 How to Exercise Rights. Email privacy@stint.tech with the subject "California Privacy Request." We may need to verify your identity before responding. You may use an authorized agent (with proof of authorization). We will respond within the time required by law.

12.8 Notice of Financial Incentive. We do not currently offer financial incentives in exchange for personal information.

12.9 California "Shine the Light." California residents may request a list of categories of personal information disclosed to third parties for those third parties' direct-marketing purposes. We do not share personal information with third parties for their direct-marketing purposes.

13. European Economic Area / United Kingdom Users

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction that provides similar data-protection rights, you have the rights to access, rectify, erase, restrict the processing of, and port your personal data, and to object to processing (including processing based on legitimate interests and processing for direct marketing). You may also lodge a complaint with your local data-protection authority.

Where we process your personal data, our legal bases include: (a) your consent (which you may withdraw at any time, though doing so does not affect the lawfulness of prior processing); (b) the performance of a contract with you; (c) compliance with a legal obligation; and (d) our legitimate interests in operating, improving, securing, and developing the Service, where those interests are not overridden by your rights.

To exercise these rights, contact privacy@stint.tech. We may require verification of your identity.

EU Representative (GDPR Article 27). As Stint LLC is established in the United States and offers services to individuals in the European Economic Area, we have designated an EU representative pursuant to GDPR Article 27. EU residents may contact our representative for any data-protection inquiries:

EU Data Protection Representative for Stint LLC [To be designated — Stint will appoint a formal EU representative prior to active EU marketing; contact privacy@stint.tech in the interim]

UK Representative (UK GDPR Article 27). Similarly, for UK residents, Stint will designate a UK representative prior to active UK marketing. In the interim, please contact privacy@stint.tech.

Data Protection Impact Assessments. Stint conducts Data Protection Impact Assessments (DPIAs) for high-risk processing activities as required by GDPR Article 35, including AI-based profiling and memory building, voice recording and transcription, and session replay. These assessments are maintained internally and are available to supervisory authorities upon request.

14. Automated Decision-Making

The Service uses automated processing (including LLMs and rule-based logic) to generate tasks, summaries, suggestions, and other AI Output. This processing is intended to be informational and motivational and does not produce legal or similarly significant effects concerning you. You are responsible for all decisions and actions you take, whether or not informed by AI Output.

15. Third-Party Privacy Policies

The third-party providers identified in Section 4 maintain their own privacy policies. We encourage you to review them. Stint is not responsible for the practices of those third parties, except as set forth in our agreements with them.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date above and, for material changes, provide notice by reasonable means (such as in-app notice, push notification, or email). Your continued use of the Service after the effective date of any change constitutes acceptance of the revised Privacy Policy.

17. Contact Us

Stint LLC Commonwealth of Virginia, United States

PurposeEmail
Privacy questions and rights requestsprivacy@stint.tech
General supportsupport@stint.tech
Legal noticeslegal@stint.tech

Do Not Sell or Share My Personal Information. California residents who wish to opt out of the "sale" or "sharing" of their personal information (as those terms are defined under the CCPA/CPRA) may submit a request by emailing privacy@stint.tech with the subject line "California Privacy — Do Not Sell or Share." We do not currently sell or share personal information as those terms are defined under applicable law; however, we will process and honor all such requests.