Privacy Policy

Last updated: May 19, 2026

For a live, visual breakdown of every datum the app holds about you, open Settings → Privacy → Your data in the app.

Reliefr ("we", "us", "the app") respects your privacy. This policy explains what information we collect, how we use it, and your rights.

Anonymous identifiers

Reliefr uses two anonymous identifiers. Neither can be linked to your name, email, or any personal data:

• Firebase Authentication UID: automatically generated via Firebase Anonymous Authentication on first launch. Used for joke ratings, content consent records, and daily active-user pings.
• Per-install device identifier: a random UUID generated locally on first launch and stored on your device. Used as a fallback identifier when Firebase Authentication hasn't completed yet (for example during background notification delivery immediately after install).

Both identifiers are reset if you uninstall and reinstall the app, and can be cleared at any time via Settings > Clear All Data.

What we collect

• Profile data you provide: gender, age range, industry, humor preference, optional nickname. Stored locally on your device. Only used on-device to filter and score jokes; never uploaded.
• Learned preferences: to improve personalization, the app keeps a private, on-device count of how often you liked or disliked jokes carrying particular topic, style, or mood tags (for example, "work-office", "pun-wordplay", or "wholesome"). The app also keeps a separate per-context count — how often you liked a tag during stress versus after bad sleep versus at a random morning — so it can offer the right kind of humor for the moment, not just the right kind of humor in general. All of these counts decay over 90 days and stay on your device. Cleared by "Clear All Data".
• Joke ratings: when you like or dislike a joke, your rating is saved to our server with the joke ID, your anonymous user ID, a timestamp, and a one-word "delivery trigger" describing what fired this joke (for example: "stress", "bad-sleep", "schedule", "calendar", "bad-day"). Your demographics (gender, age range, industry) are NOT sent with the rating. Ratings are used for two things: (1) contributing to each joke's aggregate score, so unpopular jokes are automatically retired globally, and (2) letting the app hide jokes you've personally disliked from future deliveries. The delivery trigger lets us learn which jokes work in which contexts at the catalog level without identifying anything about you personally.
• Submitted jokes: if you submit a joke through the in-app form, we save the joke text, a normalized fingerprint of that text (used only to detect duplicate submissions), the language you selected on the submit form, your suggested darkness rating, a timestamp, your anonymous identifier, and your optional nickname (only if you've set one in Settings) to our review queue in Firebase. Once we review a submission, we additionally store its review status, a review timestamp, and — if rejected — a short reviewer note explaining why. Submissions are reviewed manually before publication.
• Local copy of your own submissions: to make the "Your submissions" screen load instantly without re-querying our servers every time you open it, the app keeps an on-device cache of the submissions you have made and their current review status. This cache lives only on your device, contains only data you produced or that we generated about your own submissions, is never uploaded anywhere, and is wiped by Clear All Data along with everything else.
• "Rough day" relief usage: when you tap the manual "Rough day?" button on the Feed tab, the app records the timestamp on your device so the button can enforce its one-tap-per-day limit and so the Privacy tab can show you usage patterns (for example, "often on Mondays"). This list of timestamps stays on your device only — never uploaded — and is cleared by Clear All Data.

What we read transiently (never stored)

The following are read into memory only to make a single on-device decision, then discarded. They are never written to disk, never sent to our servers, and not retained between evaluations.

• Calendar data (if you enable it): event titles, start/end times, attendee counts. Read locally on your device to detect "intense" meetings and time joke delivery around them.
• Health data (if you enable it): heart rate, resting heart rate, sleep session data (duration and sleep stages), and exercise sessions from Health Connect. Exercise sessions are read so the app can suppress stress detection during the post-workout recovery window (your heart rate stays elevated for 30+ minutes after exertion — that's not psychological stress, and we don't want a false-positive joke). Used to detect stress, assess sleep quality, and skip recovery periods.

Consent logging

On first launch, an anonymous identifier is automatically generated via Firebase Anonymous Authentication. When you acknowledge the content consent screen, the following is stored against that identifier in Firebase:

• A timestamp of when consent was given
• The app version at the time of consent
• The platform (Android)
• A boolean flag confirming consent was given

No personally identifiable information is collected at this stage. The anonymous identifier cannot be linked to your name, email, phone number, or any other personal data. This log exists solely to evidence that content consent was given and is not used for advertising, analytics, or any other purpose.

Crash reports

If the app crashes or hits a fatal error, a crash report is automatically sent to Firebase Crashlytics so we can fix the bug. Each report contains:

• The stack trace of the error
• Your device model and Android version
• The app version
• The same anonymous identifier described above (so we can tell whether the crash hit one device or many)

Crash reports never contain joke text, joke ratings, profile data, calendar data, or health data. They are used solely to diagnose and fix bugs and are retained for up to 90 days. You can disable crash reporting by clearing all data via Settings > Privacy > Your data.

Anonymous usage statistics

To understand how many people use Reliefr on any given day, we write a small "ping" record to Firebase at most once per day per device. The per-device ping contains:

• Your anonymous identifier (the same one used for ratings and consent)
• The date
• The app version
• Whether the ping was triggered by opening the app or by receiving a notification

We also maintain a single aggregate record per day that stores:

• A numeric count of unique devices active that day (so we can see the total at a glance)
• A list of the same anonymous identifiers, used to keep the count accurate even if a device pings more than once by mistake
• A timestamp of the most recent ping

That's the full extent of what we collect here. No personal data, no activity within the app, no content you viewed or interacted with, no location. The ping is deduplicated on your device so it fires at most once per day regardless of how many times you open the app or how many notifications you receive. We use this purely to compute aggregate counts of daily and monthly active users.

How we pick jokes for you

The app explains every joke it delivers. Long-press any joke card and you'll see a "Why this joke?" sheet with the exact reasoning: which trigger fired the delivery (stress / bad sleep / schedule / etc.), which of your topic / style / mood preferences matched, how the joke is rated globally, and how much data the algorithm has on you so far.

This isn't a marketing slogan — it's the actual algorithm output. The same data the picker used is what you read. If you want to see how a delivery was made, you can.

What we do NOT collect

• Your name, email, phone number, or any real identifier.
• Your location.
• Your contacts.
• Any data from other apps not explicitly mentioned above.

How your data is stored

Profile and preference data is stored only on your device. Joke ratings, submitted jokes, and consent records are stored in Firebase (Google Cloud Firestore) under an anonymous user ID that cannot be linked to you personally.

Third-party services

• Firebase (Google): used for joke storage, anonymous authentication, consent logging, aggregate rating data, and crash reporting (Firebase Crashlytics).
• Health Connect (Google): used to read heart rate, resting heart rate, sleep data, and exercise sessions for stress and sleep-quality detection. Only if you opt in. Data is read into memory on your device and never uploaded.
• Ko-fi: if you tap the support link, you'll be redirected to their website. Their privacy policy applies there.

Your rights

Privacy > Clear All Data is the single, self-service erasure path. One tap and we:

• Wipe your profile, preferences, joke history, learned preferences, submission cache, rough-day usage history, and all scheduled notifications from your device.
• Delete every Firestore document keyed to your anonymous identifier — joke ratings, joke submissions, and the consent record.
• Delete the anonymous Firebase Authentication account itself, so the identifier we used can never be matched again. Your next launch mints a brand-new identifier with no link back.

The only data that persists is the aggregated, anonymized daily/monthly active-user counts — those are aggregates with no per-user records once the day rolls over, and don't link back to you.

If the server-side wipe step fails (you're offline, etc.), the local wipe still completes and you get a toast asking you to retry once you have a connection. Until you do, the server records remain.

Contact

Questions or requests: support@reliefr.app