StatusIn development — the site and apps are not yet publicly available.
← Back
Inner Thread · Legal

Last updated: June 11, 2026

Privacy Policy

This policy describes how Esteban Pedreira (entrepreneur individuel) ("we"), publisher of the Inner Thread application (Manifest Wealth), processes users' ("you") personal data in connection with the App.

Data controller: Esteban Pedreira (entrepreneur individuel), 309 rue des Tarusates, 40600 Biscarrosse, France. Contact: support@manifestwealth.io

To exercise your rights (see Section 7), please use the e-mail address above. You may also lodge a complaint with the French supervisory authority, the CNIL (www.cnil.fr), or with the supervisory authority of your country of residence.

1. Data we process

Depending on your use, we may process in particular:

  • Account data: e-mail address, user ID, sign-in evidence (authentication tokens), identity provider (e-mail/password, Google, Apple, etc.), account creation date.
  • Profile and content data: first name or nickname, answers to profile fields (situation, goals), journal entries, messages exchanged with the AI coach, summaries or analyses produced in the App.
  • Well-being data: mood, energy level, check-ins and other indicators you record in the App (see below).
  • Technical usage data: logs and metadata necessary for security and proper operation (partial IP address via providers, device type, technical identifiers, timestamps), within the limits imposed by the tools used.
  • Notifications: if you enable reminders, the data needed for local scheduling or for notification services (depending on the implementation in place).
  • Audio (optional): when you use voice input, audio data may be processed by the operating system or speech-recognition services to convert it to text, in accordance with the permissions you grant on your device.

Well-being data (Article 9 GDPR). Well-being data (mood, energy, journal, exchanges with the AI coach) may reveal information relating to your health. It is processed only with your explicit consent, collected in the App after account creation. You may refuse this consent or withdraw it at any time; withdrawal does not affect the lawfulness of prior processing, but it may make the relevant features unusable. You may then delete your account directly within the App.

2. Purposes and legal bases (GDPR)

  • Account creation and management, provision of the App — performance of the contract (Terms of Use).
  • Synchronization and storage of your content (profile, journal, conversations) — performance of the contract.
  • AI-generated responses and analyses — performance of the contract.
  • Processing of well-being data (mood, energy, journal, exchanges with the AI coach) — explicit consent (Article 9(2)(a) GDPR), revocable at any time.
  • Security, abuse detection, compliance with legal obligations — legitimate interest / legal obligation.
  • Service improvement and aggregated statistics — legitimate interest, with due regard for your rights.
  • Reminder notifications (if enabled) — consent (revocable in your phone or App settings).

3. Recipients and processors

Your data is accessible to our authorized staff and to service providers acting on our behalf and on our instructions, in particular:

  • Supabase Inc. — hosting, authentication, database. Project data is hosted in the European Union, in the eu-west-3 (Paris) region.
  • Google LLC — when the App sends content to a Gemini model to generate responses, Google processes that content as an AI infrastructure provider, in accordance with the terms applicable to the relevant APIs. Calls are made exclusively server-side; no access key is present in the App.
  • Apple / Google — if you sign in with those accounts or use the speech-recognition or notification services built into the operating system.

An up-to-date list of our main processors can be provided upon reasonable request.

4. Transfers outside the European Union

Your data is hosted in the European Union (see Section 3). Some providers may nevertheless be located outside the European Economic Area or occasionally process data there. Where applicable, we implement the safeguards provided for by the GDPR (European Commission standard contractual clauses or other recognized mechanisms).

5. Retention periods

  • Account and associated content: kept while the account is active; deleted or anonymized within a reasonable time after account deletion (available directly in the App), unless legal obligations require otherwise.
  • Security logs: short periods, or in line with the hosting provider's practices.

6. Security

We apply appropriate technical and organizational measures: encrypted connections (HTTPS), strict data access controls (each user can only access their own data), server-side password hashing, optional multi-factor authentication (TOTP), secure token storage on the device. As no system is entirely free of risk, you must also protect your credentials.

7. Your rights

Subject to legal conditions, you have the following rights: access, rectification, erasure, restriction, objection, portability, as well as post-mortem directives (in France). You may exercise these rights by contacting us at support@manifestwealth.io. You may also contact the CNIL or your local supervisory authority.

8. Microphone and speech recognition

The App may request access to the microphone to enable dictation to the AI coach. You may refuse or withdraw this permission in your system settings. Audio processing by Apple or Google is governed by their own policies.

9. Minors

The App is intended for people aged 15 or over. If you are a minor, use of the App must be authorized by your legal representative where applicable.

10. Changes to this policy

We may amend this policy. The update date at the top of this document will be revised accordingly. We encourage you to review it regularly.