Skip to content

Privacy Policy

Last updated: March 7, 2026

What We Collect

Composed collects the minimum data needed to function:

  • Account info: Apple ID (name, email) when you sign in. Optional: username, phone number, and additional email addresses for social discovery and event sharing.
  • Events: Event titles, dates, times, locations, notes, and prep tasks you create.
  • Calendar data: If you connect your calendar, we read upcoming events to suggest prep checklists. We never modify your calendar without explicit permission.
  • Voice input: For real-time display, speech recognition uses Apple's on-device framework. For enhanced accuracy, audio is securely transmitted to our backend for processing via OpenAI's transcription API. Audio is used solely for transcription and is not stored after processing.
  • Photos: If you attach photos or screenshots to events, notes, or tasks, they are compressed and stored securely. Photos are only accessible to you.
  • Location: When you grant permission, your location is used to calculate departure times and provide travel alerts. Location is processed in real-time and is not stored on our servers.
  • Contacts: If you grant permission, contact information is hashed locally on your device using SHA-256 before being compared against our database to help you find friends. Raw contact data is never transmitted to our servers.

What We Don't Collect

  • We don't sell your data. Ever.
  • We don't use third-party analytics, advertising SDKs, or tracking frameworks.
  • We don't use the iOS advertising identifier (IDFA).
  • We don't store audio recordings. Audio is transcribed and immediately discarded.
  • We don't share personal information with advertisers.

How AI Is Used

Composed uses AI to parse natural language input and generate prep checklists:

  • Event parsing: When you speak or type an event, the transcribed text is sent to our backend which uses Anthropic Claude to extract structured event details (date, time, location, notes). The AI does not retain your data between requests.
  • Prep checklists: Event context is sent to generate personalized preparation tasks and tips. For flights, additional context (airports, international status) is included for relevant suggestions.
  • Screenshot parsing: When you import a screenshot (flight confirmation, hotel booking), the image is processed by Anthropic Claude to extract event details. The image is not retained by the AI after processing.

Third-Party Services

Composed uses the following services to operate. Your data is only shared with these providers as necessary for core app functionality:

  • Supabase — Database and authentication hosting (PostgreSQL with row-level security)
  • Anthropic (Claude) — AI event parsing, checklist generation, and screenshot analysis
  • OpenAI (Whisper) — Voice-to-text transcription (audio processed and immediately discarded)
  • Google Calendar API — Calendar synchronization (read, create, update, delete events with your permission)
  • Google Places API — Location search and venue information
  • Apple MapKit — Travel time calculation and location fallback
  • Resend — Transactional email delivery (event invitations, confirmations)
  • Apple Push Notification Service — Notification delivery

None of these services are used for advertising or cross-app tracking.

Calendar Integration

Apple Calendar

When you connect Apple Calendar:

  • We read upcoming events to identify which ones could benefit from preparation
  • Calendar data stays on your device unless you choose to import events
  • If you enable write-back, events you create in Composed are added to your Apple Calendar
  • You can disconnect your calendar at any time in Settings

Google Calendar

When you connect Google Calendar, Composed requests access to the calendar.events scope. This is used to:

  • Read your upcoming Google Calendar events so you can import them into Composed for preparation
  • Create and update events in your Google Calendar when you create or edit events in Composed (write-back)
  • Delete events from your Google Calendar when you delete the corresponding event in Composed

Composed's use of Google Calendar data adheres to Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Google Calendar data is only used to provide calendar synchronization features within Composed
  • Google Calendar data is not transferred to third parties except as necessary to provide the app's calendar features
  • Google Calendar data is not used for advertising or to build user profiles
  • Google Calendar data is stored securely with row-level security and is only accessible to the owning user

Your Google Calendar connection uses OAuth 2.0. Authentication tokens are stored securely in the iOS Keychain. You can disconnect Google Calendar at any time in Settings, which revokes Composed's access to your Google Calendar data.

Data Storage and Security

Your data is stored securely on Supabase (PostgreSQL) with row-level security. Each user can only access their own data. All connections use HTTPS/TLS encryption. Authentication tokens are stored in the iOS Keychain.

Photo attachments are stored in encrypted cloud storage accessible only to your account.

Data Retention

  • Events and notes: Retained as long as your account is active. Past events are archived but remain accessible.
  • Voice audio: Not retained. Transcribed and discarded immediately.
  • Location data: Not stored. Calculated in real-time only.
  • Photos: Retained with the associated event, note, or task until you delete them.
  • Cache data: Local device cache is cleared on sign-out.
  • Account deletion: All data is permanently deleted immediately upon account deletion, including events, notes, tasks, photos, profile information, and notification tokens.

Data Deletion

You can delete your account and all associated data at any time from Settings → Account → Delete Account. This action is immediate and irreversible. All events, notes, tasks, attachments, and profile data are permanently removed from our servers.

Location Data

Location is used for departure reminders and travel time calculation. When granted "While Using" permission:

  • Your current location is used to calculate real-time travel time to upcoming events
  • During active journeys, location updates are used for live progress tracking
  • Location data is processed in real-time and never stored on our servers
  • You can disable location access at any time in iOS Settings

Offline Access

Composed caches your data locally so the app works without an internet connection. Cached data is encrypted by the iOS file protection system and is cleared when you sign out.

Children

Composed is not intended for children under 13. We do not knowingly collect data from children.

Changes

We'll notify you of significant privacy policy changes through the app. Continued use after changes constitutes acceptance.

Contact

Questions about privacy? Email [email protected]