Last updated: June 2026
Manifest30 is built on the belief that your inner world is yours alone. This policy explains exactly what we collect, where it lives, and how we protect it.
When you create an account we collect your first name, email address, and a hashed password. We never store your plain-text password.
The following is stored securely in our database (Supabase, with row-level security — only your authenticated session can access your own data):
What is not stored in our database: Your three intake answers (your vision, how it feels, what you've achieved) exist only in your device's memory during the session. They are used to generate your card and are included in the card email we send you — but they are never saved to our servers. Once you close the app, they are gone.
Morning Clarity journaling is intentionally designed for pen and paper only. We never collect, receive, or store those entries anywhere.
Your data is used solely to operate the app: to display your card, deliver your reminder notifications, and maintain your account. We do not use your card content, intake answers, or journal entries to train AI models — ours or anyone else's.
When you build your Thank You Card, your three intake answers are transmitted to Anthropic's Claude API via our secure server — never directly from your device. Only the answers are sent; your name and email are never shared with Anthropic.
Anthropic may retain API inputs for up to 30 days for safety monitoring purposes, as described in their Privacy Policy. They do not use API data to train their models.
Payments are processed by Stripe. We never see or store your card number. Stripe's handling of payment data is governed by their Privacy Policy.
We use Resend to deliver transactional emails (your Thank You Card, trial reminders). We do not send marketing email without your explicit opt-in.
We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. The only parties who process your data are those listed above (Anthropic, Stripe, Resend, Supabase for database hosting) — all operating under their own privacy commitments.
Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by emailing us. We will process deletion requests within 30 days.
All data is encrypted in transit (TLS) and at rest. We use Supabase with row-level security, meaning only your authenticated session can access your data.
Depending on your location, you may have the right to access, correct, or delete your personal data, or to request a copy of it. To exercise any of these rights, contact us at the address below.
Manifest30 is not intended for users under 18. We do not knowingly collect data from minors.
We may update this policy from time to time. We will notify you of material changes via email or in-app notice.
Questions? Email us at support@soulxoxo.com