Eunomia.

Privacy Policy — Eunomia

Version 1.6

Last updated: 2026-05-29

Overview

Eunomia is a personal reflection tool made by Joanna Bednarczyk, an independent developer based in Switzerland, operating under the trade name “Studio Volt” 🇨🇭. The app is designed to help you organize your thoughts using a structured journaling method (the Padesky 7-column technique). Privacy is a foundational design decision, not a feature added later.

Eunomia is a personal reflection tool, not a substitute for professional mental health care. If you are in distress or crisis, please contact a qualified professional or local emergency services. The full target-audience disclaimer is in the Terms of Service.

This policy explains, in plain language, what data Eunomia handles, what stays on your device, what (if anything) leaves it, and the choices you have. If something here is unclear, write to contact@studiovolt.dev.

Who I am

Eunomia is developed and operated by Joanna Bednarczyk, an independent individual developer based in Switzerland, operating under the trade name “Studio Volt” (“I”, “me”, “the developer”). There is no corporate entity behind the app at this time. For privacy questions, including GDPR data subject requests, contact:

• Email: contact@studiovolt.dev
• Web: studiovolt.dev/eunomia/privacy.html

If you are an EU/EEA resident, Joanna Bednarczyk (independent developer), Switzerland acts as the data controller for any limited information processed via the optional Cloud AI feature (described below). These privacy practices will transfer to Studio Volt GmbH or SA upon incorporation, with full continuity of obligations.

EU representative (GDPR Art. 27)

As a Switzerland-based developer offering Eunomia to users in the European Economic Area, an EU representative is appointed under Article 27 GDPR. EU/EEA residents may contact the representative for any GDPR-related matter at the address provided on studiovolt.dev/privacy/eu-rep or by emailing contact@studiovolt.dev with the subject line “EU Representative”.

For UK residents, a UK Representative is similarly appointed under UK GDPR Article 27. Contact details available on studiovolt.dev/privacy/uk-rep.

What is collected

On your device only (default behavior)

• Audio recordings of your reflections, saved as .m4a files in Eunomia’s private app folder on your iPhone.
• Transcripts generated by Apple’s on-device speech recognition.
• Reflection entries (the 7-column structure: situation, mood, automatic thoughts, evidence, balanced thought, new mood, action) stored locally in encrypted iOS app storage.
• Preferences (language, haptics, AI assist toggle, etc.).

These items are stored only on your iPhone. The developer does not see them, host them, or back them up to any controlled server. If you delete the app or your iPhone, this data is gone.

Information received when you opt in to Cloud AI

If — and only if — you turn on Cloud AI in Settings and confirm the consent screen, the text of the reflection you are working on is sent through the proxy server to OpenAI for parsing into the 7-column structure. In that flow the following is received:

• An anonymous user ID (a random UUID generated on your device — not linked to your name, email, or Apple ID).
• Token usage counters (how many AI tokens your account has consumed in the current period). These are used to enforce fair-use limits on paid tiers.
• Standard request metadata at the hosting provider (Cloudflare): timestamp, request URL, response status, IP address. This is access-log data used for security and abuse prevention. The contents of your reflections are not logged.

The audio file and your Apple ID are not received.

Purchase information

When you subscribe to a paid tier or buy a top-up, the transaction is processed entirely by Apple. The developer receives only an anonymized receipt indicating which tier is active. Your name, email, payment card, and billing address are never seen.

What is not collected

To be explicit, the following is not collected:

• Your name, email address, phone number, or Apple ID.
• Your location.
• Your contacts, calendar, photos, or any data outside of Eunomia.
• Cross-app or cross-site tracking identifiers.
• Advertising identifiers.
• Health data, biometric data, or any data from Apple HealthKit.

Eunomia does not include third-party advertising, analytics SDKs, or crash reporting in this version. If any of these are added in the future, this policy will be updated and consent will be requested where required.

How AI works in Eunomia

Eunomia uses AI to turn your spoken or written reflections into the structured 7-column format. There are three possible AI paths, and you control which one is active.

1. Apple on-device AI (default on supported devices): on iPhones that support Apple Intelligence, parsing happens entirely on your device using Apple’s Foundation Models framework. Nothing leaves your iPhone.
2. Local mock parser (default on older devices): a simple rule-based parser that runs on your device and produces a draft you can edit by hand.
3. Cloud AI (opt-in only): the text of the current reflection is sent through a Cloudflare Worker proxy to OpenAI’s gpt-4o-mini model. You will see a clear consent screen the first time you enable this option, with the words “your transcript leaves your device”.

You can switch Cloud AI off at any time in Settings. When it is off, no reflection text ever leaves your iPhone for AI processing.

Speech recognition

Illinois residents — BIPA notice

For users in Illinois: Eunomia does not collect, capture, store, or use voiceprints, scans of face geometry, or any biometric identifier or biometric information as defined by the Illinois Biometric Information Privacy Act (740 ILCS 14/10). Speech-to-text transcription uses Apple’s on-device SFSpeechRecognizer; the resulting text is not a voiceprint and is not used for identification. Audio recordings remain on your device unless you manually share them via the iOS Share sheet. No biometric data is sold, leased, traded, or otherwise disclosed.

Speech engine — additional notes

Eunomia uses Apple’s SFSpeechRecognizer with the on-device flag enabled. Transcription runs locally. Apple may retain limited diagnostic information about the speech engine itself under their own privacy policy; the developer has no access to it. See apple.com/legal/privacy for details.

Third parties (sub-processors)

The app relies on as few third parties as possible. Each is bound by a written Data Processing Addendum (DPA) restricting use of any personal data to the disclosed purpose. The full list with legal entity names and processing locations:

• Apple Inc. (One Apple Park Way, Cupertino, CA, USA) and Apple Distribution International Ltd. (Hollyhill, Cork, Ireland) — App Store distribution, in-app purchases, on-device speech recognition (SFSpeechRecognizer), on-device Apple Intelligence (where available). Subject to Apple’s privacy policy. Processor relationship governed by Schedule 2 of the Apple Developer Program License Agreement.
• Anthropic, PBC (548 Market Street #97191, San Francisco, CA 94104, USA) — primary Cloud AI processor for reflection parsing, suggestion generation, and definition operationalization (claude-sonnet-4-6 and claude-haiku-4-5 models). Signed Anthropic Commercial DPA dated 2026-05-29, executed via Ironclad. Certified under the EU-US Data Privacy Framework, the UK Extension to the DPF, and the Swiss-US Data Privacy Framework. Under Anthropic’s API terms: your inputs are not used to train Anthropic’s models, and they retain data for up to 30 days for abuse monitoring before deletion. Active only when you opt in to Cloud AI.
• OpenAI Ireland Limited (1st Floor, The Liffey Trust Centre, 117–126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland) — secondary Cloud AI processor, used as a fallback only if the Anthropic call fails (timeout, rate limit, transient error). Signed DPA dated 2026-05-25, executed via Ironclad. OpenAI, L.L.C. (3180 18th Street, San Francisco, CA 94110, USA) — sub-processor responsible for actual model serving when the OpenAI fallback path is invoked. Both entities certified under the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework. Cloud AI inputs are processed under OpenAI’s pay-as-you-go API terms: your inputs are not used to train OpenAI’s models, and they retain data for up to 30 days for abuse monitoring before deletion. Active only when you opt in to Cloud AI.
• Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA) — operates the Worker proxy infrastructure that routes Cloud AI requests. DPA auto-incorporated via Cloudflare’s Self-Serve Subscription Agreement (Cloudflare Customer DPA v6.3, dated June 20, 2025). Cloudflare keeps standard access logs (timestamp, URL, status, IP) but does not see the content of forwarded requests beyond ephemeral transit. Cloudflare, Inc. is certified under the EU-US Data Privacy Framework, the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework.
• RevenueCat, Inc. (3527 Mt Diablo Blvd, Suite 250, Lafayette, CA 94549, USA) — manages subscription receipts and entitlements. Receives only an anonymized user identifier and the subscription tier; no reflection content, no name, no email. Subject to RevenueCat’s standard DPA.

Your data is never sold or shared with anyone for advertising or marketing.

International transfers (GDPR Chapter V, Swiss revFADP Art. 16–19)

Personal data is transferred to the United States to the recipients listed above. Transfers from the EEA, the UK, and Switzerland rely on the following legal mechanisms:

• EU-US Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795) — applies to OpenAI, L.L.C., Anthropic, PBC, Cloudflare, Inc., and RevenueCat, Inc. as DPF-certified recipients.
• UK Extension to the EU-US DPF (UK Adequacy Regulations 2023) — applies in parallel for UK data subjects to the same DPF-certified recipients.
• Swiss-US Data Privacy Framework (FDPIC recognition, September 2024) — applies in parallel for Swiss data subjects to the same DPF-certified recipients.
• European Commission’s Standard Contractual Clauses (Decision 2021/914, Module 2: Controller-to-Processor) — fallback safeguard for any transfer where DPF certification is not available, supplemented by technical and organisational measures (encryption in transit and at rest, access controls, minimum-necessary data principle).

Copies of the signed DPAs, the SCCs, and details of supplementary safeguards are available on request to contact@studiovolt.dev.

Sub-processor change notice

If a sub-processor is added, replaced, or removed in a way that materially changes how your data is processed, this Privacy Policy will be updated and you will be given at least 30 days’ notice in-app and on studiovolt.dev/eunomia/privacy before the change takes effect, so you can withdraw consent or stop using the affected feature if you object.

Data retention

• On-device data (audio, transcripts, entries) stays on your iPhone until you delete it. You can delete an individual entry from the History screen, or all data by uninstalling the app.
• Cloud AI usage counters (anonymous UUID + token totals): kept on the Worker for up to 90 days, then deleted. This window allows enforcing monthly limits.
• Cloudflare access logs: retained per Cloudflare’s standard policy (typically 7 days for free-tier Workers).
• OpenAI logs (if you used Cloud AI): up to 30 days, per OpenAI’s API policy.

Your rights

If you are in the EU/EEA, UK, or Switzerland (GDPR)

You have the right to:

• access the data held about you,
• ask the developer to correct it,
• ask the developer to delete it (right to erasure),
• object to or restrict processing,
• request a copy in a portable format,
• withdraw consent for Cloud AI at any time, and
• complain to a supervisory authority (in Switzerland: the FDPIC; in your EU country, your national DPA).

Lawful basis for processing. On-device data is processed based on the legitimate interest of providing the app you installed. Cloud AI inputs are processed based on your explicit consent. Anonymous usage counters are processed on the basis of legitimate interest in operating the service fairly.

Because the data received is not linked to your real identity, in most cases the most effective way to exercise these rights is to delete the app (which removes your local data) and stop using Cloud AI (which stops new server-side data). To raise a formal request, write to contact@studiovolt.dev.

If you are in Switzerland (revFADP / nFADP, in force September 2023)

Under the revised Swiss Federal Act on Data Protection, you have the right of access (Art. 25), correction (Art. 32(1)), deletion (Art. 32(2)), and to object to processing. The Swiss supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC / EDÖB) — edoeb.admin.ch. Cross-border transfers of personal data to the United States (OpenAI, Cloudflare, RevenueCat) are made under the Swiss-US Data Privacy Framework or, where unavailable, EU Standard Contractual Clauses recognised by the FDPIC, supplemented with technical and organisational measures.

If you are in California (CCPA / CPRA)

In the prior 12 months, the categories of personal information collected (only if Cloud AI is enabled) are: Identifiers (a random UUID generated on your device) and Customer Content / Other Information (the text of the reflection you submit for AI parsing). Sources: directly from your device. Business purpose: providing the AI parsing feature you requested (Cal. Civ. Code §1798.140(e)(1)). Disclosed to: OpenAI, Cloudflare, and RevenueCat as service providers under written contract restricting use to the disclosed purpose.

The developer does not and has not in the prior 12 months: sold personal information, shared personal information for cross-context behavioral advertising, or processed sensitive personal information for purposes beyond those permitted under §1798.121(a). You have the right to know, delete, correct, and limit; to exercise, email contact@studiovolt.dev. You will not be discriminated against for exercising these rights.

Children under 13 (COPPA / GDPR Art. 8)

Eunomia is not directed to children under 13 and does not knowingly collect personal information from children under 13 (COPPA, 15 U.S.C. §6501) or from children under 16 in EU Member States applying the higher age (GDPR Art. 8). The App Store age rating of 4+ reflects content classification only; the intended audience is 17+ per the Terms of Service. If you believe a child under 13 has provided information, contact contact@studiovolt.dev for prompt deletion.

Children (general)

Eunomia is intended for users aged 17 and older, consistent with the Terms of Service target-audience exclusion. Information from minors below that age is not knowingly collected. If you believe a minor has used the app, please contact contact@studiovolt.dev.

Changes to this policy

If material changes are made, the version number will be updated, the “last updated” date will change, and you will be notified in-app before the change takes effect. Older versions will be archived at studiovolt.dev/eunomia/privacy/archive.

Contact

• General: contact@studiovolt.dev
• Privacy & GDPR: contact@studiovolt.dev
• Web: studiovolt.dev

---

Appendix: Apple App Privacy Labels mapping

This appendix is for transparency about what is declared in App Store Connect. In summary:

• Default app (Cloud AI off): no data is collected from the device.
• Cloud AI on: User Content (Other User Content) and Identifiers (User ID — anonymous) are collected, not linked to identity, and not used for tracking.
• Purchases: handled by Apple; not collected beyond an anonymized tier flag.