Privacy Notice — Compareless

Effective Date: 8 May 2026
Last Updated: 8 May 2026
Version: 1.0---In shortWe built Compareless to help you manage feelings of social comparison, and we built it with privacy as a design principle, not an afterthought.- Your reflection content stays on your device. What you write inside the App — your reflections, your journal-style entries, the choices you make in the Mirror flows — is stored only on your phone. We do not transmit it to our servers, our staff cannot read it, and we cannot retrieve it for you.
- We collect only the limited information we need to run the App, process your subscription, keep things working, and improve the experience.
- We do not sell your personal information, and we do not share it for cross-context behavioural advertising.
- You have rights over your information, and we will honour them.This Notice explains the details. We have written it as plainly as we can, while still being legally accurate. If something is unclear, please email us at [email protected] and we will help.---1. Who we areThis Notice is issued by Atrium Digital Ltd ("Atrium Digital", "we", "us", or "our"), a company registered in England and Wales, which operates the Compareless mobile application (the "App") and the website at compareless.app (the "Site", and together with the App, the "Services").Atrium Digital Ltd is the data controller responsible for the personal information processed under this Notice.- Registered office: 128 City Road, London EC1V 2NX, United Kingdom
- Company number: 16912544
- Privacy contact: [email protected]We are not currently required to appoint a UK or EU Data Protection Officer; if and when that obligation arises, we will update this Notice.---2. The information we process2.1 What stays on your deviceThe substantive content you create or interact with inside Compareless — including your reflection responses, your selected categories, your journal-style entries, the choices you make in the Mirror flows, and your in-App progress — is stored locally on your device only.What this means in practice:- We do not transmit that content to our servers.
- Our staff cannot read it.
- We cannot retrieve it for you (for example, if you delete the App or change phones, that content is generally lost unless your device's own backup tools have preserved it).
- It is not "personal information" we hold about you — because we do not hold it at all.2.2 What we processTo operate the Services we process the following limited categories of personal information:(a) Account and subscription data. If you create an account or subscribe, we (and our payment processor — see Section 4) process limited account data such as your email address, an anonymous user identifier, your subscription status and tier, the country associated with your purchase, and transaction receipts issued by Apple or Google. We do not see, collect, or store your full payment card details — those are processed directly by Apple, Google, or our payment processor.(b) Device and diagnostic data. When you use the App we automatically collect technical information about your device and how the App is performing. This includes device model, operating system and version, App version, language, time zone, country (inferred from device settings or IP address), crash logs, performance metrics, and similar diagnostic information.(c) Usage data. We collect anonymous, aggregated information about how the App is used — for example, which screens are opened, how long sessions last, which features are tapped, and whether onboarding is completed. This data is not linked to the substantive content of your reflections; it is used to understand which parts of the App work well and which need improvement.(d) IP address and connection metadata. When the App or Site connects to our infrastructure, our systems and our service providers' systems automatically log the IP address, the time of the request, and basic technical metadata for security, fraud prevention, and abuse detection.(e) Communications. If you email us, contact our support, or fill in a form, we process the contents of your message and any information you choose to provide.(f) Marketing preferences. If you opt in to marketing communications, we process your email address and the preferences you have chosen.We may combine, anonymise, or aggregate any of the above for analytics, research, and product-improvement purposes. Aggregated and anonymised data is no longer personal information and may be used and retained without restriction.2.3 Special category and sensitive informationWe do not knowingly collect "special category" data under the UK GDPR or "sensitive personal information" under the CCPA (such as health data, ethnicity, religion, sexual orientation, or biometric data). The reflection content you create inside the App may touch on themes such as wellbeing, relationships, finances, or self-image — but because that content stays on your device and is never transmitted to us, we do not process it as special-category data.If you choose to send us such information voluntarily — for example, in a support email — we will only use it to respond to your request and will delete it once that request is closed (subject to any legal retention requirements).2.4 Information we do not collectWe do not collect:- The substantive content of your reflections, journal entries, Mirror flow inputs, or in-App selections.
- Your contacts, photos, location, microphone, or camera data, unless you explicitly grant such permission for a feature that requires it (none of our current features do).
- Personal information from anyone we know to be under 16 (see Section 9).2.5 We do not provide medical or therapeutic servicesCompareless is a wellness and self-reflection tool. It is not a medical device, therapy service, or substitute for professional mental-health support. Nothing in the Services constitutes a medical diagnosis, treatment, or advice. If you are experiencing a mental-health crisis, please contact a qualified professional or your local crisis line.---3. How we use information and our legal bases
We use the information described in Section 2 for the purposes set out below. Where the UK GDPR or EU GDPR applies, we identify the legal basis on which we rely.- Provide the Services, deliver subscription benefits, authenticate accounts, and sync subscription status across your devices. Legal basis: performance of a contract with you.
- Detect, prevent, and respond to fraud, abuse, security incidents, and unlawful use of the Services. Legal basis: legitimate interests (protecting the Services, our users, and our business).
- Maintain, debug, and improve the Services; develop new features; conduct internal analytics, A/B testing, and research. Legal basis: legitimate interests (running and improving our business).
- Communicate operational messages (e.g., service announcements, security notices, changes to terms or this Notice). Legal basis: performance of a contract / legitimate interests.
- Send marketing communications about Compareless or related Atrium Digital products. Legal basis: consent (which you can withdraw at any time).
- Comply with legal, regulatory, accounting, and tax obligations. Legal basis: legal obligation.
- Establish, exercise, or defend legal claims. Legal basis: legitimate interests.
- Where you give us specific permission for any other use. Legal basis: consent.For users in California and other US states with similar laws, the same purposes correspond to the "business purposes" recognised under those laws. We do not "sell" or "share" personal information for cross-context behavioural advertising as those terms are defined under the CCPA / CPRA.---4. Who we share information withWe share personal information only with the categories of recipients listed below, and only to the extent necessary for the purposes described in this Notice.(a) Service providers and processors. Companies that help us deliver the Services on our behalf and under written contract. These include:- App store and payment partners: Apple, Google, and our subscription management provider (RevenueCat) — for processing subscriptions, in-app purchases, and receipts.
- Cloud infrastructure: providers that host our Site and any back-end systems we operate.
- Analytics and crash reporting: providers that help us measure App performance and diagnose crashes (using anonymous identifiers and device data, never reflection content).
- Email and communications: providers we use to send transactional and marketing emails.
- Customer support tools: the platforms we use to respond to support requests.A current list of our principal sub-processors is available on request from [email protected]. We require all service providers to handle your information under written contracts that meet UK GDPR and CCPA requirements.(b) Professional advisers. Our lawyers, accountants, auditors, and insurers, where reasonably necessary.(c) Authorities and other parties to comply with the law. We may disclose information if required by law, court order, regulatory authority, or to protect our rights, our users, or the public — for example, to investigate fraud or to enforce our Terms of Service.(d) Buyers and successors. If we are involved in a merger, acquisition, financing, restructuring, sale of assets, bankruptcy, or similar event, your information may be transferred to the relevant counterparty. We will require any successor to honour the commitments in this Notice or notify you and give you reasonable choices regarding your information.(e) With your direction or consent. If you ask us to share information with a third party — for example, by enabling an integration — we will do so in accordance with that direction.We do not sell your personal information, and we do not share it for cross-context behavioural advertising.---5. International transfersAtrium Digital Ltd is based in the United Kingdom. Our service providers may be located in the United Kingdom, the European Economic Area, the United States, and other countries. When we transfer personal information outside the UK or the EEA, we rely on lawful transfer mechanisms — including the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, adequacy regulations, or applicable derogations under the UK and EU GDPR.You can request a copy of the safeguards we use by emailing [email protected]. We may redact commercially sensitive terms.---6. How long we keep informationWe keep personal information only for as long as we need it for the purposes described in this Notice, plus a reasonable period afterwards to comply with our legal, accounting, and reporting obligations and to defend potential claims. Indicative periods are:- Account data: for the life of your account, plus up to 24 months after closure.
- Subscription, billing, and tax records: at least 6 years (UK statutory retention) and up to 10 years where required by law.
- Diagnostic, crash, and analytics data: typically 14–25 months in identifiable form, then anonymised or deleted.
- Communications: typically 24 months after the matter is resolved, longer if required by law.
- Marketing preferences and unsubscribe records: for as long as we operate the Services, in order to honour your choices.
- Legal hold: any data subject to a legal hold or actual or threatened claim is retained until that matter is resolved.Where information has been irreversibly anonymised, we may retain and use it indefinitely.---7. Your rightsDepending on where you live, you have rights over the personal information we hold about you. We honour applicable rights regardless of which legal regime strictly applies, and the practical mechanisms below cover the main rights under the UK GDPR, EU GDPR, and CCPA/CPRA.You may have the right to:- Access the personal information we hold about you and receive a copy.
- Correct information that is inaccurate or incomplete.
- Delete your personal information, subject to legal exceptions (for example, we may need to keep some records for tax, audit, or fraud-prevention reasons).
- Restrict or object to our processing in certain circumstances, including where we rely on legitimate interests.
- Portability — receive certain information in a structured, commonly used, machine-readable format.
- Withdraw consent at any time where we rely on consent (for example, for marketing emails). Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
- Opt out of "sale" or "sharing" of personal information under California law. (We do not engage in either, but you may submit a request anyway and we will confirm in writing.)
- Limit the use of sensitive personal information under California law (we do not use any beyond what is necessary to provide the Services).
- Non-discrimination for exercising your privacy rights.
- Lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ico.org.uk). In the EU, your national data protection authority. We would, however, appreciate the chance to address your concern first.To exercise any of these rights, email [email protected] from the email address associated with your account, or use any in-App tool we provide for the purpose. We may need to verify your identity before fulfilling a request, and we may ask for clarification or additional information. We will respond within the time required by law (typically 30 days under UK GDPR, 45 days under CCPA, with extensions where permitted).If you make a request through an authorised agent (for example, under California law), we will require written proof of authorisation.We may decline a request that is manifestly unfounded, excessive, or where an exemption under applicable law applies. If we do, we will explain why.---8. Cookies and similar technologiesThe App uses minimal local storage on your device — for example, to remember your preferences, store your reflection content locally, and track onboarding progress. The Site may use a small number of cookies and similar technologies for essential functionality, security, and aggregated analytics. We do not use cookies for cross-site advertising or behavioural profiling.Where required by law, we will ask for your consent before placing non-essential cookies. You can adjust cookie preferences through your browser at any time. Disabling essential cookies may prevent parts of the Site from functioning.---9. ChildrenThe Services are not intended for, and not directed at, individuals under 16 years of age. We do not knowingly collect personal information from anyone under 16. If you are a parent or guardian and believe a child under 16 has provided personal information to us, please contact [email protected] and we will take prompt steps to delete it.By using the Services, you confirm that you are at least 16 years old.---10. SecurityWe use technical and organisational measures designed to protect personal information against unauthorised access, alteration, disclosure, or destruction. These include encryption of data in transit, access controls, vendor due diligence, and routine security reviews. The fact that reflection content stays on-device meaningfully reduces the volume of sensitive data exposed to server-side risk.No system is fully secure, and we cannot guarantee absolute security. You are responsible for keeping your device, your account credentials, and any backups under your control safe and confidential. If you suspect that your account has been compromised, please contact us immediately.---

11. Third-party links and integrationsThe Services may contain links to, or integrations with, third-party websites, apps, or services that are not operated by us. This Notice does not apply to those services, and we are not responsible for their privacy practices. We encourage you to read their privacy notices.---12. Automated decision-making and AIWe do not currently make decisions that produce legal or similarly significant effects about you using solely automated means.We may use artificial intelligence or machine-learning systems to operate and improve the Services — for example, to generate or refine in-App content, detect abuse, analyse anonymised usage patterns, or improve our customer-support workflows. Where such systems process personal information in a way that requires it, we will update this Notice and, where required by law, obtain your consent. Where we send any personal information to third-party AI providers in connection with operating the Services, we will only do so under contracts that meet UK GDPR and CCPA requirements.---13. Changes to this NoticeWe may update this Notice from time to time to reflect changes in the Services, applicable law, or our practices. When we do, we will revise the "Last Updated" date above and, for material changes, take reasonable steps to notify you (for example, through an in-App message or email).Your continued use of the Services after the effective date of an updated Notice constitutes acceptance of the changes, to the extent permitted by law. If a change requires your consent, we will ask for it.---14. Contact usFor any privacy-related question, request, or complaint:- Email: [email protected]
- Postal: Atrium Digital Ltd, 128 City Road, London EC1V 2NX, United KingdomIf you are in the EEA or UK, you also have the right to contact your local supervisory authority. In the UK, the supervisory authority is the Information Commissioner's Office (ico.org.uk). In the EU, it is your national data protection authority.---15. Region-specific disclosures15.1 California (CCPA / CPRA)In the previous 12 months we have collected the categories of personal information described in Section 2 — namely identifiers, internet/network activity, commercial information (subscription status), geolocation derived from IP address, and inferences drawn from anonymous usage. We use that information for the business purposes described in Section 3 and disclose it to the categories of recipients in Section 4.We do not "sell" personal information, and we do not "share" personal information for cross-context behavioural advertising (as those terms are defined by the CCPA/CPRA).California residents have the right to: know what personal information we collect, use, disclose, and (if applicable) sell or share; delete personal information; correct inaccurate information; opt out of sale or sharing (we do neither); limit the use of sensitive personal information (we do not use any beyond what is necessary to provide the Services); and non-discrimination for exercising these rights. To exercise any right, see Section 7.15.2 EEA / UKThe legal bases on which we rely are set out in Section 3. You have the rights set out in Section 7 and, in addition, the right to object to processing based on legitimate interests, and to lodge a complaint with your national data protection authority.15.3 Other regionsResidents of other jurisdictions — including, without limitation, Australia, Canada, Brazil, Switzerland, Japan, South Korea, and the UAE — may have similar rights under their local laws. We honour valid requests where applicable. To exercise your rights, see Section 7.---16. Severability and governing termsIf any part of this Notice is found to be unenforceable, the rest of the Notice remains in effect. This Notice is governed by the laws of England and Wales, without prejudice to your mandatory rights under your local consumer- or data-protection law.---This Privacy Notice is published at compareless.app/privacy and is also accessible from within the App. We recommend you read it before using the Services.