RECOVERY OS — PRIVACY POLICY
Effective date: 5 May 2026. Last updated: 9 June 2026. We may update this page when the app or data practices change; the in-app About screen links to this URL for the Play Store listing.
1. Who we are
Recovery OS is published by PhaseWright Labs (developer: CodeManMike). This policy describes how the Recovery OS mobile and web app handles information.
PhaseWright Labs is the data controller for personal information processed by Recovery OS. PhaseWright Labs is an independent developer operating from Cape Town, South Africa. For a postal contact, email [email protected] (or: support [at] recoveryos.org) and we will respond with one on request.
2. Local-first data
Your recovery logs, journal content, slip/lapse episodes, daily slip markers, settings, and most app data are stored on your device (browser localStorage on web, the same persisted store in the Android wrapper). A slip is stored as recovery history and daily context; it does not reset your clean-day counter to zero. We do not operate a Recovery OS user account or identity service. Optional Google Drive backup/sync uses your Google account only if you choose to connect it, and only for user-owned cloud storage described below.
3. When data leaves your device
Data may leave your device only when you take an action that implies sharing or export, for example:
- Generating or sharing a progress report, share card, or PDF;
- Exporting, saving, or restoring a local backup file;
- Connecting optional Google Drive backup/sync;
- Using OS-level share or save features you initiate;
- Granting microphone access for voice memos. Recorded audio stays on your device. It is not uploaded; we display an in-app explanation before the microphone permission prompt is shown.
3a. Optional Google Drive backup/sync
If you choose to connect Google Drive, Recovery OS uses Google Identity Services and the Google Drive API to create or update a Recovery OS backup file in your own Google Drive. This is optional and separate from a Recovery OS account. You sign in with your own Google account when you enable backup/sync. PhaseWright Labs and Recovery OS servers do not receive, host, or read your Google Drive backup data. The app may read, download, or decrypt the file on your device when you choose to restore or sync it. Google stores the file under Google's privacy policy and your Google account settings.
The Drive backup/sync file is a Recovery OS backup snapshot. It may include local app storage such as daily logs, journal/reflection content, clean date, slip/lapse episodes, daily slip markers, settings, progress state, Pro entitlement state, and tour/restore metadata. It is intended to match the local export/restore backup surface so you can recover or sync your own data.
Passphrase encryption is strongly recommended for Drive backups. If you provide a passphrase, the app encrypts the snapshot in the browser/device before upload using Web Crypto; the passphrase is not stored by Recovery OS and cannot be recovered by PhaseWright Labs. If you choose plaintext backup/sync, the file is readable by anyone with access to that Google Drive file, so the app requires an explicit risk acknowledgement first. Local on-device data is not app-encrypted beyond the operating system protections described in Security.
4. Google Play Billing (Android)
If you purchase Pro through Google Play, Google processes payment and subscription status according to Google's privacy policy. We receive purchase confirmation through the platform billing APIs on your device so we can unlock Pro features. We do not receive your full payment card number.
5. Gift codes and optional operator unlock (server)
If you redeem a gift code, the app sends the code, your email address (for recovery), and an anonymous per-install device identifier to our entitlement service (Cloudflare Worker) so we can validate the code and bind it to your device. We use that contact only for entitlement support unless you separately email us.
If remote operator unlock is enabled in your build, a support unlock code may be sent to the same class of service for verification. That code is used only to issue a time-bounded unlock token and is not used for marketing.
5a. Optional in-app bug reports (Firebase no-reply relay)
If you choose to submit a bug report from within the app, we send the report to a Firebase-hosted relay so we can route it to our support mailbox. The payload may contain:
- your free-text description of the issue;
- an optional screenshot you attach;
- app version, device user-agent, language, platform, screen size, and the current URL;
- the last captured app error (technical message and stack trace only — never your journal content), together with a flag telling our support team whether it occurred in the current app launch or a previous one;
- a short trail of recent technical events from the current launch (feature names and status flags only — for example, "billing reconcile failed" — never any text you typed);
- a random per-launch session identifier so our support team can tell whether a given error and report belong to the same run (this identifier is regenerated on every cold start and is not linked to your identity);
- a small set of non-sensitive UI settings: theme, text size, notification preferences, and Pro entitlement source and expiry.
We do not include your journal entries, sobriety start date, or chosen name in bug reports. This data is used only for support and debugging, not for advertising or profiling.
6. Analytics and advertising (the app)
The app does not include third-party analytics SDKs or advertising networks. We do not sell your personal information.
6a. Cookies and tracking on recoveryos.org (marketing site)
Our public marketing site at recoveryos.org — separate from the app itself — uses cookies and similar technologies for analytics and marketing, gated behind the cookie banner shown on your first visit:
| Category | Technology | Purpose | Loads before consent? |
|---|---|---|---|
| Necessary | Local storage of your cookie choice | Remembers your cookie preference so we don't ask every visit | Yes (required for the banner itself to function) |
| Analytics | Google Tag Manager (GTM) & Google Analytics 4 (GA4) | Aggregate traffic and usage measurement (pages viewed, waitlist conversions, section engagement) | No — only after you accept analytics cookies |
| Marketing | Meta (Facebook) Pixel | Measuring and improving campaign performance for RecoveryOS ads and posts | No — only after you accept marketing cookies |
You can change your choice at any time using the Cookie settings link in the site footer. Where Google Consent Mode v2 is supported, we also signal your choice directly to Google's tags. This site does not currently offer a full cookie policy separate from this section; the categories above are exhaustive for recoveryos.org as of the effective date below.
6b. Marketing site waitlist (recoveryos.org)
Our public marketing site at recoveryos.org includes an optional early-access waitlist. If you submit your email address there, we store the following in Google Firebase / Cloud Firestore as our processor:
- your email address (lowercased);
- the timestamp of submission;
- a static source/page marker indicating the form was the recoveryos.org landing page.
To prevent automated abuse, the waitlist form is protected by Google reCAPTCHA v3 via Firebase App Check. Submitting the form involves Google collecting browser and device signals (cookies, IP address, interaction signals) under Google's privacy policy.
We use waitlist information only to send launch updates, tester-cohort invites, and release announcements relating to RecoveryOS. We do not share it with advertising or analytics providers. Waitlist data is retained until public launch plus a reasonable wind-down period; you can request deletion at any time via the support contact below, and we respond to deletion requests within 30 days.
7. Notifications
Local reminders (daily log, medications, weekly summary) are scheduled on your device. We do not send push notifications from our servers in the current product.
8. Health-adjacent information
Recovery OS may help you track routines and reflections related to wellbeing. It is not a medical device and not a substitute for professional care. Information you enter may be sensitive; treat your device and backups accordingly.
9. Retention and deletion
| Data category | Retention |
|---|---|
| Local app data (journal, settings, voice memos) | Until you delete it in-app or uninstall the app. Voice memos auto-purge after 28 days. |
| Optional Google Drive backup/sync file | Stored in your Google Drive until you delete it there or replace it through sync. Revoking or disconnecting Drive access stops Recovery OS from accessing the file, but it does not necessarily delete the file from Google Drive. PhaseWright Labs does not receive or retain a copy. |
| Gift / operator-unlock records (Cloudflare Worker) | Until the entitlement expires + 30 days, then deleted. |
| Bug reports (support mailbox / relay) | 90 days from receipt, then deleted. |
| Waitlist (Firestore) | Until public launch + 90 days, then deleted. Earlier on request. |
10. Audience
Recovery OS is intended for adults (18 and over) managing their own recovery. It is not directed at children. We do not knowingly process information from anyone under 18; if you believe a minor has provided information, contact us and we will delete it.
11. Your rights under GDPR and similar laws
If the GDPR (EU/EEA, UK) or a similar privacy law applies to you, you have the right to access, rectify, erase, restrict, object to, port, or withdraw consent for our processing of your personal information, and to lodge a complaint with a supervisory authority. To exercise any of these rights, email [email protected]. We will respond within 30 days. Where Cloudflare or Google process data on our behalf outside your region, we rely on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses as applicable.
12. Security
We use HTTPS for all network requests. Local data is protected by your device's standard storage protections — we set Android allowBackup=false so Android Auto Backup does not sync app data off-device. We do not encrypt local data at rest beyond what the operating system provides.
13. Contact
For privacy questions, contact [email protected] (or: support [at] recoveryos.org).
RecoveryOS home · Terms of service · AI info · Cookie settings