Privacy Policy

Last updated: April 13, 2026

This Privacy Policy explains what personal information Year in Review collects, how we use it, who we share it with, and the choices you have. If anything here is unclear, email legal@yearinreviewapp.com.

The short version

1. Who We Are

Year in Review is operated by SideStreet Software Inc. For questions about this Privacy Policy, contact legal@yearinreviewapp.com.

2. What We Collect

Anonymous app identifier

The first time you open Year in Review, the app creates a random identifier associated with your installation or device. This identifier is not based on your name, email address, or other directly identifying information. We use it to support app functionality, diagnostics, and backup or sync features before you sign in, and in some cases even if you never create an account.

If you later sign in, this identifier may become associated with your account so your existing data can continue working across sessions and devices.

Account information

If you choose to sign in with Apple or Google, we receive the email address and display name associated with that account. We do not receive or store your Apple or Google password. Signing in is optional.

Your tracker content

We process the trackers you create, including titles, categories, daily entries, tags, goals, field values, and notes. This data is stored locally on your device so the app can function. Depending on how you use the app, some or all of this data may also be stored in our database to support backup, sync across devices, and recovery after reinstall.

Your content is not public and is not visible to other users. Limited access by our personnel may occur only when reasonably necessary to operate, secure, maintain, or support the service, and only subject to appropriate access controls.

AI chat conversations

If you use the chat feature, your messages and the AI’s replies are stored in your account so you can view your conversation history. To generate a reply, we send your message and a relevant subset of your tracker data through a server function we operate, which forwards the request to a third-party AI provider acting on our behalf.

We do not use your entries, notes, or chat messages to train AI models. We send this information to the AI provider only to generate a response for you. Depending on the provider, limited short-term retention may occur for abuse prevention, safety, or service reliability.

Crash reports

If the app crashes or encounters a serious error, a crash report may be sent to Sentry. Crash reports may include the device model, operating system version, app version, and the technical stack trace of the error. Crash reports do not intentionally include the content of your entries, notes, tags, goals, or chat messages.

Usage analytics

We collect limited first-party usage events, such as when a user opens a tab or creates a tracker, so we can understand which features are used and which are broken. These events may include tracker titles, which are scrubbed on-device to remove email addresses, phone numbers, and similar patterns before transmission. We do not collect the content of your entries, notes, tags, or chat messages for analytics purposes.

Analytics events are stored in our own database, not with a third-party analytics provider, and are automatically deleted after 90 days.

External AI assistant connectors

Year in Review lets you connect external AI assistants (such as Claude, ChatGPT, Cursor, and other MCP-compatible clients) to your account. You can connect in two ways: a standard OAuth sign-in, or by generating an API key from Settings → Connect AI Assistants.

When an AI assistant calls the connector, we process the request server-side. The assistant reads and writes the same tracker data it would see in the app, scoped to your account. We log per-call metadata (tool name, status, duration, anonymized client identifier) to operate and debug the service. We do not log the content of your tracker entries or the text of your prompts.

You can revoke any generated key from Settings at any time; revocation takes effect immediately.

Device information

We collect device model, operating system and version, app version, language, and time zone to support the app and diagnose issues.

Voice input

Year in Review lets you dictate notes using your device’s speech-to-text features. Speech recognition is performed by your device operating system or its provider. We only receive and store the resulting text that becomes part of your note. We do not receive or store the underlying audio. On some platforms, such as iOS, the platform provider may process dictation audio on its own servers. Please review that provider’s privacy policy for more information.

What we do not collect

We do not collect your location, contacts, photos, health data, browsing history, or advertising identifier. We do not embed third-party advertising or consumer analytics SDKs such as Google Analytics, Meta, PostHog, Mixpanel, or Amplitude. We do not share your data with advertisers or data brokers, and we do not profile you for advertising.

3. How We Use Your Information

We use the information described above only to: - provide and operate the app - back up and sync your data across devices - generate AI chat responses when you request them - diagnose crashes, bugs, abuse, and security issues - understand how the product is used so we can improve it - respond to support requests - comply with applicable laws and enforce our terms

We do not use your information for targeted advertising or cross-context behavioural advertising.

4. Service Providers

We rely on a small number of service providers to operate Year in Review. These providers process personal information on our behalf and only for the purposes we specify, subject to contractual and technical safeguards.

Supabase

Used for database hosting, authentication, and server functions. Your trackers, chat history, analytics events, and account information may be stored in Supabase infrastructure.

Sentry

Used for crash and error monitoring. Receives crash and diagnostic information as described above.

Third-party AI provider

Used to generate responses in the chat feature. Your messages and relevant tracker context are sent to the provider solely to generate a response for you.

Apple and Google

Used as identity providers if you sign in with Apple or Google. We receive only the information made available through their sign-in flows, such as your name and email address.

We may also disclose information if required by law, legal process, or government request, or where reasonably necessary to protect our rights, users, the public, or the integrity and security of the service.

5. Where Your Data Is Stored

Your data is hosted on infrastructure operated by our service providers and may be stored or processed outside your province, country, or region of residence, including in the United States and the European Union. Data protection laws in those places may differ from those in your home jurisdiction. We use contractual and technical measures intended to protect your information wherever it is processed.

6. How Long We Keep It

We keep personal information only for as long as reasonably necessary for the purposes described in this policy.

7. Your Rights and Choices

You can delete your account and associated data at any time from Settings > Account > Delete Account.

Depending on where you live, you may also have rights to access, correct, delete, restrict, object to, or obtain a copy of your personal information, and to withdraw consent where processing is based on consent.

For users in Canada, including under PIPEDA and Quebec Law 25, you may request access to your personal information, request correction of inaccurate information, and withdraw consent subject to legal or contractual restrictions. You may also file a complaint with the Office of the Privacy Commissioner of Canada or, if applicable, the Commission d’accès à l’information du Québec.

For users in the EU, EEA, and UK, our legal bases generally include performance of a contract with you, legitimate interests in operating, securing, and improving the service, and consent where required by law. You may also lodge a complaint with your local data protection authority.

For California residents, you may have rights to know, access, correct, and delete personal information, and to opt out of sale or sharing as defined by California law. We do not sell personal information or share it for cross-context behavioural advertising.

To exercise any right not available through the app, email legal@yearinreviewapp.com. We will respond within a reasonable time and, where required by law, within the applicable legal deadline.

8. Children

Year in Review is not intended for children under 13, and we do not knowingly collect personal information from them. Where a higher minimum age applies under local law, the app is not intended for users below that age unless any legally required parental or guardian consent has been obtained. If you believe a child has provided personal information in violation of this section, contact us and we will take appropriate steps to investigate and delete the information where required.

9. Security

We use safeguards designed to protect your information, including encryption in transit, row-level security controls in our database, short-lived authentication tokens, access controls, and other reasonable technical and organizational measures. No method of storage or transmission is completely secure. If we become aware of a security incident affecting your personal information, we will notify affected users and relevant authorities where required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice in the app or by other appropriate means and update the “Last updated” date above. Your continued use of the app after the effective date of the revised policy is subject to the updated policy, to the extent permitted by law.

11. Contact

For any question, request, or complaint about this Privacy Policy, contact:

SideStreet Software Inc. Email: legal@yearinreviewapp.com