Effective date: 5 May 2026. Last updated: 12 May 2026. We may update this page when the app or data practices change; the in-app About screen links to this URL for the Play Store listing.
Recovery OS is published by PhaseWright Labs (developer: CodeManMike). This policy describes how the Recovery OS mobile and web app handles information.
PhaseWright Labs is the data controller for personal information processed by Recovery OS. PhaseWright Labs is an independent developer operating from Cape Town, South Africa. For a postal contact, email [email protected] (or: support [at] recoveryos.org) and we will respond with one on request.
Your recovery logs, journal content, settings, and most app data are stored only on your device (browser localStorage on web, the same persisted store in the Android wrapper). We do not operate a Recovery OS user account, identity service, or cloud backup. There is no sign-in flow in this version of the app.
Data may leave your device only when you take an action that implies sharing or export, for example:
If you purchase Pro through Google Play, Google processes payment and subscription status according to Google's privacy policy. We receive purchase confirmation through the platform billing APIs on your device so we can unlock Pro features. We do not receive your full payment card number.
If you redeem a gift code, the app sends the code, your email address (for recovery), and an anonymous per-install device identifier to our entitlement service (Cloudflare Worker) so we can validate the code and bind it to your device. We use that contact only for entitlement support unless you separately email us.
If remote operator unlock is enabled in your build, a support unlock code may be sent to the same class of service for verification. That code is used only to issue a time-bounded unlock token and is not used for marketing.
If you choose to submit a bug report from within the app, we send the report to a Firebase-hosted relay so we can route it to our support mailbox. The payload may contain:
We do not include your journal entries, sobriety start date, or chosen name in bug reports. This data is used only for support and debugging, not for advertising or profiling.
The app does not include third-party analytics SDKs or advertising networks. We do not sell your personal information.
Our public marketing site at recoveryos.org includes an optional early-access waitlist. If you submit your email address there, we store the following in Google Firebase / Cloud Firestore as our processor:
To prevent automated abuse, the waitlist form is protected by Google reCAPTCHA v3 via Firebase App Check. Submitting the form involves Google collecting browser and device signals (cookies, IP address, interaction signals) under Google's privacy policy.
We use waitlist information only to send launch updates, tester-cohort invites, and release announcements relating to RecoveryOS. We do not share it with advertising or analytics providers. Waitlist data is retained until public launch plus a reasonable wind-down period; you can request deletion at any time via the support contact below, and we respond to deletion requests within 30 days.
Local reminders (daily log, medications, weekly summary) are scheduled on your device. We do not send push notifications from our servers in the current product.
Recovery OS may help you track routines and reflections related to wellbeing. It is not a medical device and not a substitute for professional care. Information you enter may be sensitive; treat your device and backups accordingly.
| Data category | Retention |
|---|---|
| Local app data (journal, settings, voice memos) | Until you delete it in-app or uninstall the app. Voice memos auto-purge after 28 days. |
| Gift / operator-unlock records (Cloudflare Worker) | Until the entitlement expires + 30 days, then deleted. |
| Bug reports (support mailbox / relay) | 90 days from receipt, then deleted. |
| Waitlist (Firestore) | Until public launch + 90 days, then deleted. Earlier on request. |
Recovery OS is intended for adults (18 and over) managing their own recovery. It is not directed at children. We do not knowingly process information from anyone under 18; if you believe a minor has provided information, contact us and we will delete it.
If the GDPR (EU/EEA, UK) or a similar privacy law applies to you, you have the right to access, rectify, erase, restrict, object to, port, or withdraw consent for our processing of your personal information, and to lodge a complaint with a supervisory authority. To exercise any of these rights, email [email protected]. We will respond within 30 days. Where Cloudflare or Google process data on our behalf outside your region, we rely on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses as applicable.
We use HTTPS for all network requests. Local data is protected by your device's standard storage protections — we set Android allowBackup=false so Android Auto Backup does not sync app data off-device. We do not encrypt local data at rest beyond what the operating system provides.
For privacy questions, contact [email protected] (or: support [at] recoveryos.org).