Privacy Policy

Effective date: 14 March 2026

This Privacy Policy explains how TrySomething (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use the TrySomething mobile application (the “App”).

This policy complies with the Swiss Federal Act on Data Protection (FADP/nDSG), effective September 1, 2023, and is aligned with the principles of the EU General Data Protection Regulation (GDPR) for users in the European Economic Area.

1. Data Controller

The data controller responsible for your personal data is:

Name: Romulo Roriz

Email: support@trysomething.io

Location: Zurich, Switzerland

2. Data We Collect

2.1 Data You Provide Directly

Account information: email address, display name, password (stored as a bcrypt hash with 12 salt rounds), and optional bio and avatar URL.
Authentication tokens: if you sign in with Google or Apple, we receive and store your Google ID or Apple ID to link your account. We do not receive or store your Google or Apple password.
Onboarding preferences: hours per week available, budget level, social preference, and vibe tags (e.g., relaxing, creative).
Journal entries: text content and optional photos you create to document your hobby journey.
Personal notes: notes you attach to specific roadmap steps.
Community stories: quotes you share publicly within the App.
Coach conversations: messages you send to the AI hobby coach (sent to Anthropic's API for processing, not stored permanently on Anthropic's servers under their zero-retention API policy).
Schedule events: day of week, start time, and duration you set for hobby practice.
Shopping list interactions: which starter kit items you have checked off.

2.2 Data We Collect Automatically

Usage analytics: screen views and custom events (e.g., hobby saved, session completed), collected via PostHog. Your PostHog user ID is your internal account ID, not your name or email.
Crash reports: error stack traces, device model, and OS version, collected via Sentry to diagnose and fix bugs. Sentry data is associated with anonymous session IDs.
Push notification tokens: Firebase Cloud Messaging device tokens, used solely to deliver notifications you have opted into (e.g., session reminders).
Activity logs: timestamped records of actions you take in the App (e.g., “saved Pottery”, “completed Step 3”), stored server-side to power your progress tracking and streak calculations.

2.3 Data We Do NOT Collect

We do not collect your precise GPS location.
We do not access your contacts, call logs, or SMS messages.
We do not collect biometric data.
We do not collect or process payment card information. All payments are handled by Apple App Store or Google Play Store via RevenueCat.
We do not use cookies (the App is a native mobile application, not a website).

3. How We Use Your Data

We process your personal data for the following purposes and legal bases (per Art. 6 FADP / Art. 6 GDPR):

Contract performance: To provide the core App functionality: creating your account, saving hobbies, tracking progress, generating personalized hobby content, and powering the AI coach.
Legitimate interest: To improve the App through anonymized usage analytics (PostHog), fix bugs via crash reports (Sentry), and send you push notifications you have opted into (Firebase).
Consent: To display your Community Stories publicly to other users. You can delete any story at any time. To process your data via third-party services listed in Section 5.
Legal obligation: To comply with applicable Swiss law, including responding to lawful data access requests.

4. AI Data Processing

TrySomething uses Anthropic's Claude API to power AI features. Here is exactly what is sent to Anthropic:

4.1 Hobby Generation

When you search for a hobby that does not exist in our database, your search query is sent to Anthropic to generate hobby content (title, description, roadmap, kit items, cost estimates). No personal data beyond the search query is included.

4.2 AI Coach

When you send a message to the AI hobby coach, the following data is sent to Anthropic:

Your message.
Up to 15 previous messages in the conversation for context continuity.
The hobby's title, category, difficulty, cost, time estimate, kit items, and roadmap steps.
Your hobby status (browsing, saved, or active) and progress (which roadmap steps you have completed).
Your last 5 journal entries (truncated to 100 characters each).
Your name, email, and account ID are NOT sent to Anthropic.

4.3 Anthropic's Data Handling

Under Anthropic's API data policy, inputs and outputs sent via the API are not used to train Anthropic's models. Anthropic may retain API inputs for up to 30 days for trust and safety purposes, after which they are deleted. For full details, refer to Anthropic's privacy policy at anthropic.com/privacy.

5. Third-Party Data Processors

We share your data with the following third-party services, each acting as a data processor under appropriate contractual safeguards:

Vercel

API hosting, serverless functions • API requests, server logs • USA

Neon

PostgreSQL database • All account and content data • EU (Frankfurt)

Anthropic

AI content generation, coaching • Search queries, coach messages, hobby context • USA

RevenueCat

Subscription management • Anonymous user ID, purchase receipts • USA

PostHog

Usage analytics • Anonymous user ID, screen views, events • USA

Sentry

Crash reporting • Error logs, device info, session IDs • EU (Frankfurt)

Firebase (Google)

Push notifications • FCM device tokens • USA

Unsplash

Hobby images • Search queries (no user data) • USA

Google Sign-In

Authentication • Google account ID • USA

Apple Sign-In

Authentication • Apple account ID, relay email • USA

For transfers to the USA, we rely on the Swiss-US Data Privacy Framework (recognized by the Swiss Federal Council on August 14, 2024) and/or Standard Contractual Clauses (SCCs) as applicable.

6. Data Storage and Security

We implement the following security measures in accordance with the Privacy by Design and Privacy by Default principles required by the FADP:

Passwords are hashed using bcrypt with 12 salt rounds. We never store plaintext passwords.
Authentication uses short-lived JWT access tokens (15-minute expiry) and longer-lived refresh tokens (30-day expiry).
Sensitive tokens are stored on-device using Flutter Secure Storage (iOS Keychain / Android Keystore).
All API communication uses HTTPS/TLS encryption in transit.
The database is hosted on Neon PostgreSQL with encryption at rest.
API endpoints are rate-limited (20 hobby generations per user per 24 hours) with content safety filters on all AI inputs and outputs.
Local caching uses Hive (encrypted on-device database) and SharedPreferences (non-sensitive UI state only).

7. Data Retention

We retain your data for the following periods:

Account data: retained for as long as your account is active. Deleted within 30 days of account deletion request.
Journal entries, notes, and schedule: retained until you delete them or delete your account.
Community stories: retained until you delete them. Reactions to deleted stories are also removed.
Activity logs: retained for 12 months for progress tracking, then automatically purged.
Generation logs: retained for 90 days for abuse prevention, then automatically purged.
Analytics data (PostHog): retained according to PostHog's data retention policy (default 1 year). Events are associated with anonymous IDs.
Crash reports (Sentry): retained for 90 days.
AI coach conversations: message history is passed per-request via the API and is not permanently stored on our servers beyond the conversation session. Anthropic may retain inputs for up to 30 days per their API policy.

8. Your Rights

Under the Swiss FADP (Art. 25-29) and, where applicable, the EU GDPR (Art. 15-22), you have the following rights:

Right of access: You may request a copy of all personal data we hold about you.
Right to rectification: You may correct inaccurate data via the App's profile settings, or by contacting us.
Right to deletion: You may request deletion of your account and all associated data by emailing support@trysomething.io. We will process your request within 30 days.
Right to data portability: You may request your data in a structured, machine-readable format (JSON export).
Right to object: You may object to processing based on legitimate interest. Contact us to exercise this right.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint: You may file a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch, or with your local supervisory authority if you reside in the EU.

To exercise any of these rights, contact us at support@trysomething.io. We will respond within 30 days.

9. Children's Privacy

TrySomething is not directed at children under 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided personal data, we will take steps to delete that data promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@trysomething.io.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App or via email at least 14 days before the changes take effect.

The “Effective date” at the top of this document indicates when the current version took effect.

11. Contact

For any privacy-related questions, data access requests, or complaints:

Email: support@trysomething.io

Data Controller: Romulo Roriz

Location: Zurich, Switzerland

For complaints about data protection, you may also contact the Swiss Federal Data Protection and Information Commissioner (FDPIC):

Website: https://www.edoeb.admin.ch

Address: Feldeggweg 1, 3003 Bern, Switzerland