Privacy Policy

Effective: 24 May 2026

Yellow is a private journal for noticing how you feel — moods, body signals, and the context around them. This policy describes what data we collect, how we use it, and what we never do with it.

1. Information we collect

Account information

When you create an account, our authentication provider, Clerk, collects your email address and (optionally) your name and the password you choose, or an identifier from Sign in with Apple or Sign in with Google if you use those. This information is used solely to sign you in and keep your account secure.

Check-in content

When you log a check-in, the following is sent to and stored on our backend (operated by us on Replit at yellow-mood-app.replit.app):

This data is associated with your account so we can show you your own history and patterns. It is never sold, shared with advertisers, or provided to third parties.

Apple Health data

If you choose to connect Apple Health, Yellow reads the following categories on your device only: sleep analysis, heart rate variability, resting heart rate, heart rate, steps, active energy, exercise time, stand time, body temperature, wrist temperature, respiratory rate, and menstrual flow.

This data never leaves your device. Yellow does not transmit Apple Health data to our servers, does not store it outside of Apple's HealthKit on your phone, does not share it with any third party, and never uses it for advertising. It is used solely to show you context alongside your own check-ins.

Notification preferences

Your preferences for daily reminders and other notifications are stored locally on your device only.

Information we do not collect

2. Who has access to your data

We do not sell your data. We do not share it with advertisers. We do not share it with researchers, employers, insurers, or any other third party.

3. Data retention and deletion

You can delete your account at any time from within the app: Profile → Delete account. When you delete your account:

4. Security

All traffic between the app and our backend is sent over HTTPS. Authentication tokens are managed by Clerk's SDK and stored using the platform's secure storage. We follow standard practices to protect data in transit and at rest, but no internet-connected service can guarantee absolute security.

5. Children

Yellow is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

6. Your rights

You can:

7. Changes to this policy

If we make material changes to this policy, we will update the effective date at the top and, where appropriate, notify you in the app. Continued use of Yellow after a change indicates acceptance of the updated policy.

8. Contact

For any questions about this policy or your data, email cm@spotyellow.com.