Privacy Policy

How we collect, use, and protect information when you use the NEO-120 Android app and related services.

Effective date: 7 June 2026 · App package: com.neo120.characterintel

1. Who we are

NEO-120 (“we”, “us”) provides a mobile application and backend services for personality assessment, coaching insights, and engagement features (Plan, Practice, and related modules). This policy describes our practices for the production app connected to the neo-120-prod Firebase and Google Cloud project.

2. Information we collect

Depending on how you use the app, we may process:

Account information — When you sign in with Google, Firebase Authentication receives your Google account identifier and basic profile fields needed for sign-in (such as email and display name).
Pseudonymous identifier — We derive a stable internal subject_id from your Firebase user ID. Psychometric scores and engagement records are keyed to this pseudonymous ID, not to your journal text.
Assessment responses — Your answers to personality inventory items and derived score envelopes (facets, archetypes, coaching signals). These are computed with deterministic scoring; completion of habits or tasks does not change latent trait scores.
Engagement data — Module assignments, schedule occurrences, habit and task completions, practice completion metadata, and coaching state needed to run your plan.
Content you choose to enter — Optional free-text in practice or reflection flows (for example notes about what you did or how you felt). This content is kept separate from psychometric scoring inputs.
Device permissions — If you use voice reflection features, the app may request microphone access to record audio on your device. Notifications may be used for reminders if you enable them.
Technical data — Standard app and cloud logs (errors, request metadata, timestamps) to operate and secure the service. We do not use assessment responses for advertising profiles.
Website waitlist — If you request beta access or join the iOS waitlist on our marketing site, we collect the email address you submit and, if you choose to provide it, your name and platform preference. This is used only to send beta invitations and product updates related to your request.

3. How we use information

Authenticate you and maintain your session.
Deliver assessments, insights, and personalized coaching suggestions.
Sync your plan, completions, and progress across devices tied to your account.
Improve reliability, security, and product quality.
Comply with legal obligations.

We do not sell your personal information. We do not use your psychometric profile for third-party advertising.

4. Legal bases (EEA/UK users)

Where applicable, we rely on:

Contract — to provide the app and services you request.
Legitimate interests — to secure and improve the service, balanced against your rights.
Consent — for optional features such as notifications or microphone use, where required.

5. Storage and processors

Data is processed using infrastructure operated by Google:

Firebase Authentication — sign-in.
Cloud Firestore — durable app state in production.
Google Cloud Run & API Gateway — application API.
Formspree — website waitlist and beta-access request forms (email, optional name, platform preference).

Data may be stored in Google Cloud regions configured for our project (including asia-southeast1). Local copies may exist on your device (secure storage, cache) until cleared or the app is removed.

6. Separation of measurement and private content

A core design principle is that trait measurement (assessment-based scores) stays separate from private engagement content (notes, reflections, completion text). Free-text you enter in practice flows is not fed back into personality scoring algorithms.

7. Retention

We retain account and engagement data while your account is active. If you delete your account in the app, we schedule removal of associated data; a grace period may apply before permanent purge. Aggregated or de-identified analytics may be retained longer where permitted by law.

8. Your choices and rights

Depending on your region, you may have the right to:

Access or export data we hold about you.
Request correction or deletion.
Object to or restrict certain processing.
Withdraw consent where processing is consent-based.

In the app, use Profile → Delete account to start account deletion. Export and additional privacy endpoints are available via our API for supported operations. You may also contact us using the developer contact on the Google Play listing.

9. Security

We use industry-standard measures including encrypted transport (HTTPS), access controls on cloud resources, and API gateway authentication for mobile clients. No method of transmission or storage is 100% secure; we work to protect data proportionate to its sensitivity.

10. Children

NEO-120 is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. Contact us if you believe a child has provided data and we will take appropriate steps to delete it.

11. International transfers

If you use the app from outside the country where our servers are located, your information may be transferred internationally. We rely on appropriate safeguards where required by law.

12. Changes

We may update this policy from time to time. Material changes will be reflected on this page with an updated effective date. Continued use of the app after changes constitutes acceptance where permitted by law.

13. Contact

For privacy questions or requests, contact the developer using the email address shown on the NEO-120 Google Play Store listing, or write to us via the support channel listed there.