phoeline
Draft v0.1. These pages are a working draft prepared by the Phoeline team. They will be reviewed by qualified counsel before app store submission and may change materially. Until then, treat them as a good- faith preview, not a final legal document.

Privacy Policy

Draft v0.1 · Last updated 2026-05-17 · Effective on launch.

This Privacy Policy describes how Phoeline ("Phoeline," "we," "us") collects, uses, shares, and safeguards your information when you use phoeline.com or the Phoeline mobile application (collectively, the "Service").

1. Who we are

Phoeline is a marketplace where independent manifestation and visualization coaches ("Creators") train an AI clone of themselves so their fans ("Fans," "you") can receive a daily ritual. Phoeline operates the platform; Creators provide the underlying voice, teaching style, and content used to train each clone.

Contact: privacy@phoeline.com

2. Information we collect

From Fans

  • Account data: email address, password hash, display name, time zone.
  • Subscription data: purchase status from Apple App Store or Google Play via RevenueCat. We do not receive your full payment card details.
  • Ritual content: messages you send to the clone, your written reflections, and (when you opt in) voice memos you record.
  • Device data: push token, app version, OS version, crash logs.
  • Usage telemetry: sessions, screen views, retention events. Aggregated and tied to a pseudonymous device identifier.

From Creators

  • Identity verification: processed by Stripe Identity. Phoeline receives a verification status only, not your government ID image.
  • Consent recording: a video statement authorizing the AI clone. Stored for the lifetime of the clone plus seven (7) years for legal protection.
  • Voice samples and teaching material: what you provide to train the clone. Processed by ElevenLabs under their enterprise terms.
  • Payout data: banking information held by Stripe Connect, not by Phoeline.

3. How we use information

  • To deliver the daily ritual and operate the Service.
  • To screen messages and responses for safety (moderation, crisis detection).
  • To calculate creator payouts and remit them via Stripe Connect.
  • To send transactional notifications (delivery, billing, security).
  • To improve product quality, including limited human review of flagged content.
  • To comply with applicable law and respond to lawful requests.

We do not sell your personal information. We do not use your ritual content to train third-party foundation models without your explicit opt-in.

4. AI cloning and creator consent

Each Creator clone is built only from material the Creator personally provides, after the Creator signs a written agreement and records a video consent statement. The clone is labeled as AI inside the app on every message. Creators may pause or revoke their clone at any time; revocation halts new clone responses immediately and the underlying voice model is deleted within thirty (30) days.

Phoeline does not impersonate any human without that human's informed, recorded consent. We honor takedown requests from any individual whose likeness or voice appears in the Service without authorization.

5. Subprocessors

The following service providers process Phoeline data under written agreements:

  • Supabase — database and authentication hosting (US region).
  • Vercel — application and API hosting.
  • Cloudflare R2 — audio asset storage.
  • OpenAI — text generation and moderation; processed under enterprise terms with zero data retention where supported.
  • ElevenLabs — voice cloning and synthesis.
  • Stripe (Identity, Connect) — creator KYC and payouts.
  • RevenueCat — subscription validation.
  • Expo / Apple APNs / Google FCM — push notification delivery.
  • PostHog and Sentry — analytics and error monitoring.

6. Retention

  • Account data: while your account is active, then 90 days after deletion.
  • Ritual content: while your account is active, exportable on request.
  • Voice memos you record: 30 days, then deleted unless you choose to save them.
  • Creator consent recordings: lifetime of the clone plus seven (7) years.
  • Payment records: as required by tax and accounting law (typically seven years).

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal information, to object to certain processing, and to withdraw consent. Residents of the European Economic Area, the United Kingdom, California, and other jurisdictions with similar laws can exercise these rights by emailing privacy@phoeline.com. We respond within thirty (30) days.

California residents: under the CCPA/CPRA, you have the right to know, delete, correct, and limit the use of sensitive personal information. We do not sell or share personal information as those terms are defined under California law.

8. Security

We use TLS in transit, encryption at rest for sensitive fields, role-based access controls on production data, and audit logging. No system is perfectly secure; we will notify affected users and applicable regulators of any breach within seventy-two (72) hours of discovery, as required by law.

9. Children

Phoeline is not intended for users under the age of 18. We do not knowingly collect information from anyone under 18. If we learn that a minor has provided information, we will delete the account.

10. International transfers

We process data in the United States. If you access the Service from another country, you consent to that transfer. For users in the European Economic Area and the United Kingdom, we rely on Standard Contractual Clauses or equivalent safeguards with our subprocessors.

11. Changes to this policy

We will post material changes here with a new effective date and, when changes are significant, notify you in the app or by email at least thirty (30) days before they take effect.

12. Contact

Questions, requests, complaints: privacy@phoeline.com.

Privacy Policy — Phoeline