Privacy Policy
This Privacy Policy explains how the 49 Sundays team ("we," "us," or "49 Sundays") collects, uses, and protects information when you use the 49 Sundays mobile application for iOS and Android (the "App") and the website at 49sundays.com (the "Site").
49 Sundays helps you reflect on the time you have left with the people you love, with a weekly Sunday ritual and an optional private journal. The App is offered globally; we follow GDPR (EU/UK), CCPA (California), and the DPDP Act (India) regardless of where you live.
1. Who we are
Operated by: the 49 Sundays team
Based in: Vietnam, serving users globally
Contact for privacy inquiries: hello@49sundays.com
For the purposes of the EU General Data Protection Regulation (GDPR), we act as the data controller for the personal data we process. For the purposes of the California Consumer Privacy Act (CCPA), we act as the business that determines how data is handled.
2. A quick summary (for people in a hurry)
- We do collect personal data — but only what we need to run a multi-device, account-based app: your email, the people you add, your Sunday Ritual responses, and your private journal entries.
- Your journal is encrypted (AES-256-GCM). Even if our database were breached, the content of your journal entries cannot be read without our key.
- We use Anthropic's Claude AI to generate your weekly Sunday Ritual prompt. We send Claude a structured context (e.g. "person you chose: Mom, age 64, monthly visits"). We do not send your raw journal entries.
- Purchases are processed by Apple, Google, or Stripe. We never see your card details.
- We don't show ads. No ad SDKs, no advertising trackers, no third-party data brokers.
- You can export or delete your account at any time by emailing hello@49sundays.com. We respond within 30 days.
The sections below explain everything in detail.
3. What data we collect
We collect the following categories of data. Each is described below.
3.1 Account & sign-in data
49 Sundays requires an account so your data syncs across your devices. You can create an account in one of three ways:
- Email + password — we store your email address and a salted, hashed password. We never store your plain-text password.
- Sign in with Apple — Apple sends us your name (if you allow it) and an Apple-relayed email address (e.g.,
xxx@privaterelay.appleid.com) which forwards to your real address. We do not see your real Apple ID. - Google Sign-In — Google sends us your email address and display name. We do not access any other Google account data.
Authentication itself is handled by our self-hosted Keycloak identity server. Access tokens are short-lived JSON Web Tokens (JWT) stored on your device in iOS Keychain / Android Keystore via flutter_secure_storage. We do not store passwords on your device.
3.2 Profile data
To run the calculator and prompt engine, we store:
- Your year of birth, sex, and country — used to look up the correct life-expectancy table
- Your preferred Sunday time — when we send your weekly ritual notification
- App preferences — theme, notification settings, featured-person choice
- Account tier — Free, Lifetime ($4.99 unlock), or Pro ($19.99/year)
3.3 People you add
When you add a person to your calculator or your "My People" list, we store:
- Display name (e.g., "Mom") or nickname
- Relationship label (parent, sibling, friend, etc.)
- Approximate age or birth year
- Sex (used only for the life-expectancy lookup; we do not infer or share gender identity)
- Country (optional, used to pick the right life-expectancy table)
- Visit frequency (weekly, monthly, few times a year, rarely, or a custom interval)
You enter this information about other people yourself. The people you add are not contacted by us, do not have accounts with us, and do not receive any notification or communication. The data exists only inside your account, for your own reflection.
Adding someone else's information is a personal act of reflection. Please use the App responsibly and respect the people in your life. See Section 14 (Children) for age limits.
3.4 Sunday Ritual responses
Each Sunday, the App offers you a personalized ritual centered on one person you've added. We store:
- The ritual record — date, the person it referenced, the prompt category
- Your response — a short tap-response ("done," "skipped") and/or an optional written reflection
- Streak data — how many Sundays in a row you've completed your ritual
Written ritual responses are stored on our server in your account so you can review them across devices.
3.5 Person Journal (encrypted)
Pro users can keep a private journal of notes attached to each person in their list. Because journal entries are the most intimate data we hold, we treat them specially:
- Encrypted at rest with AES-256-GCM at the application layer, using a server-managed key that is held in process memory only.
- Each entry has a unique initialization vector (IV) — meaning two identical entries encrypt to different ciphertext.
- Journal text is never sent to Claude or any other AI provider. Our AI prompt engine reads only your structured context (person, age, visit frequency, streak), never your journal.
- If you order a "Sunday Letter Book" (Phase 3), entries you choose to include are decrypted in memory at the moment of PDF generation and then re-encrypted at rest.
3.6 AI prompt generation (Anthropic Claude)
To generate your Sunday Ritual prompt, we call the Anthropic Claude API (Claude Haiku for daily prompts, Claude Sonnet for the weekly Sunday Ritual). Each call sends Anthropic:
- A structured context — the featured person's display name, relationship, age, visit frequency, your streak status, the prompt category
- The prompt template — our system instructions
We do not send Anthropic: your email, your password, your account ID, your journal entries, your written ritual responses, or any data about people other than the featured person. Anthropic processes the request, returns the generated prompt, and (per its policies) does not retain user inputs for training. See Anthropic's privacy policy.
3.7 Push notifications
To deliver your Sunday Ritual reminder at your chosen time, the App registers a device push token with:
- Apple Push Notification service (APNs) on iOS, and
- Firebase Cloud Messaging (FCM) on Android.
We store the token (a long opaque string) alongside your user ID and the platform. The push payload we send may contain the featured person's first name (e.g., "Sunday with Mom") so the notification is meaningful. You can disable notifications at any time in the App or in your system settings.
3.8 Purchase data
49 Sundays offers three things you can buy:
- Lifetime unlock — $4.99 one-time via Apple StoreKit or Google Play Billing
- Pro subscription — $19.99 / year via Apple StoreKit or Google Play Billing
- Physical products (Phase 3) — Sunday Poster, Sunday Letter Book, and Gift purchases, processed by Stripe
For in-app purchases:
- Apple / Google handle all card processing. We never see your card number, billing address, or Apple ID / Google account password.
- We receive a StoreKit or Google Play receipt, which we verify with Apple/Google to confirm the purchase and unlock the feature on your account.
- We receive subscription status webhooks from Apple (
App Store Server Notifications V2) so we know when a subscription starts, renews, or cancels.
For Stripe-processed physical products:
- Card processing happens in Stripe's hosted checkout — we never touch your card number.
- We store: the order, the items, customization details (e.g., which people to feature on the poster), the shipping address you provide, the Stripe payment intent ID, and the order status.
- Stripe sends us a webhook when the payment succeeds. See Stripe's privacy policy.
For gift purchases, we additionally store a one-time gift token that the recipient can redeem inside the App.
3.9 Photos you upload (Sunday Letter Book)
If you order a Sunday Letter Book and choose to include photos, the App requests a signed upload URL from our server and uploads your photos directly to our object storage (currently AWS S3-compatible storage in our hosting region). We store:
- The photos themselves — used solely to generate the printed PDF for your order
- The link between the photo, your user ID, and the order
Photos are deleted from our storage 90 days after the order ships unless you choose to keep them in the App. Photos are not used for any other purpose, never shown to other users, and never used to train AI models.
3.10 Crash & diagnostic data
The App uses Apple's and Google's built-in diagnostics:
- Apple Crash Reports / TestFlight diagnostics if you opted into sharing app diagnostics with developers at the OS level
- Google Play Console crash reports for Android, when you have not opted out
These reports contain a stack trace, the device model, and the OS version. They do not include your account email, your reflections, your journal, or any people you've added.
We do not currently use third-party analytics SDKs (Firebase Analytics, PostHog, Mixpanel, Amplitude, etc.) inside the App. If we add one in the future, we will disclose it here and request consent where required.
3.11 Website analytics & waitlist (49sundays.com)
The Site uses Vercel Analytics, a privacy-friendly, cookie-free analytics service that records aggregate page views, referrer, approximate location (country/region from IP, never stored), and device type. No individual visitor can be identified.
If you submit your email on the waitlist form or write to us at hello@49sundays.com, we store your email solely to reply, to notify you about launch, and occasionally to share release notes. Waitlist submissions are routed through Formsubmit. You can unsubscribe at any time.
4. App permissions we may request
| Permission | Why we ask | Privacy impact |
|---|---|---|
| Notifications (iOS & Android) | To deliver your Sunday Ritual reminder at the time you choose. | We receive a device push token. Notification content may include the featured person's first name. See Section 3.7. |
Photo Library — add only (iOS NSPhotoLibraryAddUsageDescription) |
To save your "share card" image to your Photos so you can post it later. | Write-only — we cannot read your existing photos. The card image stays on your device unless you share it yourself. |
| Photo Library — read (when you order a Letter Book) | To let you pick specific photos to include in your printed book. | Only the photos you explicitly select are uploaded. See Section 3.9. |
| Sign in with Apple / Google Sign-In | To create or log in to your account without a password. | We receive only your name and email (which may be Apple-relayed). |
| In-App Purchases | To process the lifetime unlock and Pro subscription via Apple StoreKit / Google Play Billing. | Payment is handled by Apple / Google. We never see your card. |
We do not request: precise location, contacts, microphone, calendar, Apple Health / Google Fit, camera (other than via the iOS image picker for Letter Book photos), SMS, or call logs.
5. What we do NOT collect
- We do not collect your precise GPS location.
- We do not access your contacts, calendar, microphone, SMS, or call history.
- We do not integrate with Apple Health, Google Fit, or any wearable. We do not store health, fitness, or medical data.
- We do not use advertising SDKs, tracking pixels, or third-party ad networks. There are no ads in 49 Sundays.
- We do not profile you for advertising or build an audience for advertisers.
- We do not sell your personal data, ever.
6. How we use the data
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Authenticate your account across devices | Email, hashed password / Apple-relayed ID / Google ID | Performance of contract |
| Calculate "Sundays left" for you and the people you add | Profile data, people you add | Performance of contract |
| Generate your weekly Sunday Ritual prompt | Featured person context (name, age, frequency), streak status (sent to Anthropic) | Performance of contract |
| Store your Person Journal across devices | Encrypted journal entries | Performance of contract |
| Send Sunday reminder push notifications | APNs / FCM device token, featured person first name | Consent (notification permission) |
| Process in-app purchases & physical orders | StoreKit / Play Billing receipts, Stripe payment intent, shipping address | Performance of contract |
| Print & fulfill your Sunday Poster / Letter Book / Gift | Order items, customization data, photos, shipping address | Performance of contract |
| Diagnose crashes & bugs | OS-level crash reports (Apple / Google) | Legitimate interest |
| Understand site traffic and improve the Site | Aggregate Vercel Analytics | Legitimate interest |
| Notify you about launch / reply to your message | Email you voluntarily provide | Consent |
| Comply with legal obligations | Records as required by tax, consumer-protection, or audit law | Legal obligation |
| Respond to your privacy requests | Information you provide in your request | Legal obligation |
We do not use your data for automated decision-making, profiling that produces legal effects, advertising, or any medical, financial, or actuarial determination about you as an individual.
7. Sub-processors — who we share data with
We share data only with the service providers necessary to run the App, the Site, and the Phase 3 commerce flow.
| Provider | Purpose | What they receive | Their privacy policy |
|---|---|---|---|
| Apple (Apple Inc.) | iOS app distribution, Sign in with Apple, StoreKit purchases, APNs push delivery | Standard Apple developer data per Apple's policies; we receive only purchase receipts & relayed identifiers | apple.com/legal/privacy |
| Google (Google LLC) | Android app distribution, Google Sign-In, Google Play Billing, FCM push delivery, Google Fonts on the Site | Standard Google developer / OAuth data; we receive email + display name from Sign-In, and purchase receipts from Play Billing | policies.google.com/privacy |
| Anthropic (Anthropic, PBC) | AI generation of your weekly Sunday Ritual prompt (Claude Haiku & Sonnet) | Featured person context (name, age, relationship, frequency), streak status, prompt category — never your email, journal, or written responses | anthropic.com/legal/privacy |
| Stripe (Stripe, Inc.) | Card processing for physical products and gifts (Phase 3) | Card number, billing details, your email, shipping address — entered directly into Stripe's hosted checkout, we do not see card data | stripe.com/privacy |
| Vercel (Vercel, Inc.) | Hosting of 49sundays.com + privacy-friendly site analytics | Aggregate traffic data, no cookies | vercel.com/legal/privacy-policy |
| Formsubmit | Forwards waitlist signups from the Site to our inbox | The email address you submit | formsubmit.co/#privacy |
| Our hosting provider | Runs the Spring Boot API, PostgreSQL database, Redis cache, Keycloak identity server, and S3-compatible object storage that powers the App | All data described in Section 3 (other than Stripe / Apple / Google data which sits with those providers) | Contracted under a data-processing agreement |
| Print-on-demand fulfillment partner (Phase 3) | Printing and shipping of Sunday Posters, Letter Books, and Gifts | Order items, customization, shipping address, photos you chose to include — only for the orders we place | Disclosed when the Phase 3 commerce flow goes live |
We never share your journal entries in plaintext with any third party; they are encrypted at rest and only decrypted in our own server's memory to render them back to you, or, with your explicit choice, to generate a Letter Book PDF.
We may share data with law enforcement only if compelled by a valid legal request from a competent authority, and we will push back on overbroad requests.
8. International data transfers
Our service providers (Apple, Google, Anthropic, Stripe, Vercel, our hosting provider) operate globally. Personal data may be processed in the United States, the European Union, Singapore, Vietnam, and other countries where these providers operate. Where required, providers use Standard Contractual Clauses approved by the European Commission to legally transfer EU personal data outside the EU. By using 49 Sundays, you understand that the data described above may be processed in countries other than your own.
9. How long we keep data
- Account, profile, people, ritual responses, journal entries — retained for as long as your account is active. If you delete your account, all of this data is removed within 30 days (small operational backups may persist up to 90 days, then are overwritten).
- Push device tokens — retained while the App is installed; removed when you sign out or uninstall.
- Purchase records — retained as long as required by Apple / Google / Stripe and applicable tax law (typically 5–10 years), as the minimum needed to honor refunds, chargebacks, and audits. Card data is never stored with us.
- Order data & shipping address — retained as long as required by consumer-protection and tax law in your country and ours.
- Photos uploaded for Letter Book — deleted from our storage 90 days after the order ships unless you keep them in the App.
- Waitlist emails — retained until you ask us to remove them, or until 24 months of no activity.
- Crash reports (Apple / Google) — retained per Apple / Google retention; we do not extend it.
- Vercel Analytics — retained per Vercel's defaults.
10. How to access, export, or delete your data
Inside the App, you can:
- Edit or delete any person you've added
- Delete individual ritual responses and journal entries
- Sign out (clears tokens from your device)
- Delete your entire account from
Settings → Account → Delete account(the App will confirm twice before proceeding)
You can also email us:
Email: hello@49sundays.com
and ask us to:
- Send you a copy of all data we hold about you (data export — JSON format)
- Correct inaccurate information
- Permanently delete your account and all associated data
- Stop processing your data for a specific purpose
We will process your request within 30 days as required by applicable law. For security, we may ask you to verify your identity by logging in or by replying from the email address on your account.
11. Your rights under GDPR (EU, UK, EEA)
If you are in the European Union, the United Kingdom, or the European Economic Area, you have the following rights under GDPR:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — correct inaccurate data
- Right to erasure ("right to be forgotten") — request deletion of your data
- Right to restriction — limit how we process your data
- Right to data portability — receive your data in a portable JSON format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent, withdraw it at any time
- Right to lodge a complaint with your national data protection authority
To exercise any of these rights, email hello@49sundays.com. We will respond within 30 days. We may ask you to verify your identity for security reasons.
As a Vietnam-based team without an EU establishment, we are not required under GDPR Article 27 to appoint an EU representative because we do not engage in large-scale processing of EU residents' data. If this changes, we will appoint a representative and update this policy.
12. Your rights under CCPA (California)
If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you the following rights:
- Right to know what personal information we collect, use, and share
- Right to delete personal information we have collected
- Right to correct inaccurate personal information
- Right to opt out of "sale" or "sharing" of personal information
We do not sell or share your personal information in any meaning of those words — we have no advertising partners, no ad SDKs, and no cross-context behavioral advertising. There is nothing to opt out of.
We will not discriminate against you for exercising any CCPA right.
To exercise your rights, email hello@49sundays.com with the subject line "California privacy request."
13. Your rights under India's DPDP Act 2023
If you are in India, the Digital Personal Data Protection Act 2023 gives you rights similar to those above:
- Right to access information about your personal data
- Right to correction and erasure
- Right to grievance redressal
- Right to nominate another person to exercise your rights in the event of your death or incapacity
Grievance officer contact: hello@49sundays.com (subject line: "DPDP grievance"). We will acknowledge your grievance within 7 days and resolve it within 30 days.
14. Children's privacy
49 Sundays is intended for users 16 years of age and older. We do not knowingly collect personal data from anyone under 16. If you believe we have collected data from someone under 16, please email hello@49sundays.com and we will delete it.
Regional age requirements:
- European Union / UK: Our minimum age of 16 aligns with the highest digital age of consent set under GDPR across EU member states, so users in the EU and UK can use 49 Sundays without additional parental consent requirements under GDPR.
- India: Under the DPDP Act 2023, users under 18 are considered children and require verifiable parental consent. We do not currently have parental-consent infrastructure. If you are under 18 and in India, you should not use 49 Sundays without a parent or guardian's involvement.
- United States: Our minimum age of 16 exceeds the threshold of the Children's Online Privacy Protection Act (COPPA), which protects children under 13.
49 Sundays is a reflection tool that touches on mortality and finite time with the people you love. It may not be appropriate for young users regardless of legal minimums.
15. Important disclaimer about what 49 Sundays is
49 Sundays is a reflection tool and lifestyle calculator. It is not a medical, psychological, or actuarial service.
The numbers the App shows are based on U.S. Social Security Administration Period Life Tables (2021) and the visit frequency you provide. They are population averages, not forecasts of any individual person's lifespan. Real lives are shaped by genetics, behavior, accident, and grace — none of which a table can know.
Do not use 49 Sundays to make medical, financial, legal, insurance, or end-of-life decisions. Consult qualified professionals for those.
If you are struggling with grief or thoughts of self-harm, please reach the U.S. Crisis Text Line by texting HOME to 741741, or call 988 (Suicide and Crisis Lifeline). Outside the U.S., please contact your local crisis service. The App also includes a "Crisis Resources" screen for quick access. This disclaimer is repeated in our Terms of Use.
16. Security
We protect your data through:
- Application-layer encryption (AES-256-GCM) for all journal entries, with per-entry initialization vectors
- Hashed and salted passwords for email signup, managed by Keycloak; we never store plaintext passwords
- Encrypted connections (HTTPS / TLS) for all communication between the App, the Site, and our backend
- Short-lived JWT access tokens stored on your device in iOS Keychain / Android Keystore
- User-scoped queries — every API request is authenticated and authorized server-side; users can only read and modify their own data
- Data minimization — we collect only what's needed to run the features described above
- Vendor security — Apple, Google, Anthropic, Stripe, and Vercel are SOC 2 / ISO 27001 audited
No system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you and the relevant authorities within the timeframes required by applicable law (72 hours under GDPR).
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do:
- Minor changes (clarifications, typos, updated contact info): we will update the "Last updated" date at the top of this page.
- Material changes (new data collection, new sub-processors, new uses of data): we will notify you in the App and by email at least 30 days before the change takes effect, and where required, we will request your renewed consent.
Continued use of 49 Sundays after a policy update means you accept the updated policy.
18. Contact
For any privacy question, request, or complaint:
Email: hello@49sundays.com
We aim to respond to all inquiries within 7 business days, and to all formal data-subject requests within 30 days as required by applicable law.