reflct.ai

Privacy Policy

Last updated: February 10, 2026

Reflct ("we," "our," or "us") is a personal cognitive tool that helps you capture, organize, and reflect on your thoughts. This policy explains what data we collect, how we use it, and the choices you have.

We built Reflct for ourselves first. We treat your data the way we'd want ours treated: with care, minimalism, and respect.

What We Collect

Account Information

When you sign up, we collect your phone number or email address for authentication. We may also store a display name if you provide one.

Voice Recordings & Transcriptions

Reflct's core experience involves voice capture. When you record, audio is streamed to a third-party transcription service (currently Deepgram) for real-time speech-to-text conversion. The resulting transcriptions are stored in your account.

We do not permanently store raw audio files on our servers. Audio is processed in real-time and discarded after transcription.

Conversations & Content

Text you enter, conversations with the Reflct agent, and any content generated from your inputs (summaries, insights, patterns) are stored in your account and associated with your user profile.

Integrated Services & Browser Extension

Reflct can sync conversations from third-party AI services you use, including Claude.ai and ChatGPT. The Reflct Chrome extension uses your existing session cookies on these services to fetch your conversation history in the background. No additional login credentials are collected — the extension reads only conversations you already have access to. This data is sent to your Reflct account and stored alongside your other content.

The Reflct Sync desktop app can also sync data from local sources on your Mac, such as iMessage and Claude Code sessions, with your permission.

Device & Usage Data

We collect minimal analytics to understand how the product is used — page views, feature usage, and basic device information. We use Plausible Analytics, a privacy-focused analytics tool that does not use cookies and does not track individual users.

How We Use Your Data

  • Provide the service — transcribe your voice, generate insights, and power the Reflct agent.
  • Improve the product — we use aggregate, anonymized usage patterns to make Reflct better. We do not train AI models on your personal data.
  • Communicate with you — transactional messages like authentication codes. No marketing spam.

Third-Party Services

We rely on a small set of trusted infrastructure providers:

  • Supabase — database, authentication, and file storage. Data is hosted on AWS infrastructure.
  • Deepgram — real-time speech-to-text transcription. Audio is processed and not retained by Deepgram after transcription.
  • Anthropic — powers the Reflct agent. Conversations with the agent are sent to Anthropic's API for processing. Anthropic does not use API inputs to train models.
  • Vercel — application hosting and edge delivery.
  • Plausible — privacy-focused, cookie-free web analytics.

We do not sell your data to anyone. We do not share your personal content with third parties beyond what is necessary to operate the service as described above.

Data Storage & Security

Your data is stored in a PostgreSQL database hosted by Supabase on AWS infrastructure in the United States. All data is encrypted in transit (TLS) and at rest. Access to production data is restricted and requires authentication.

Row-Level Security (RLS) policies ensure that you can only access your own data. No other user can read your conversations, transcriptions, or insights.

Your Rights

You have the right to:

  • Access your data — everything in Reflct is visible to you in the app.
  • Export your data — you can request a full export of your account data at any time.
  • Delete your data — you can request complete deletion of your account and all associated data. We will process deletion requests within 30 days.
  • Correct your data — if something is inaccurate, let us know and we'll fix it.

Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove all personal data within 30 days, except where required by law.

Anonymized, aggregate analytics data may be retained indefinitely as it cannot be linked back to individual users.

Children's Privacy

Reflct is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify you through the app or via email. Continued use of Reflct after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy or your data? Reach out at evan@reflct.ai.

© 2026 Reflct. All rights reserved.