Skip to content

Privacy Policy

Last updated: May 9, 2026

What We Collect

Composed collects the minimum data needed to function:

  • Account info: Apple ID (name, email) when you sign in. Optional: username, phone number, and additional email addresses for social discovery and event sharing.
  • Events: Event titles, dates, times, locations, notes, and prep tasks you create.
  • Calendar data: If you connect your calendar, we read upcoming events to suggest prep checklists. We never modify your calendar without explicit permission.
  • Voice input: For real-time display, speech recognition uses Apple's on-device framework. For enhanced accuracy, audio is securely transmitted to our backend for processing via OpenAI's transcription API. Audio is used solely for transcription and is not stored after processing.
  • Photos: If you attach photos or screenshots to events, notes, or tasks, they are compressed and stored securely. Photos are only accessible to you.
  • Location: When you grant permission, your location is used to calculate departure times and provide travel alerts. Location is processed in real-time and is not stored on our servers.
  • Contacts: If you grant permission, contact information is hashed locally on your device using SHA-256 before being compared against our database to help you find friends. Raw contact data is never transmitted to our servers.

What We Don't Collect

  • We don't sell your data. Ever.
  • We don't use third-party analytics, advertising SDKs, or tracking frameworks.
  • We don't use the iOS advertising identifier (IDFA).
  • We don't store audio recordings. Audio is transcribed and immediately discarded.
  • We don't share personal information with advertisers.

How AI Is Used

Composed uses AI to parse natural language input and generate prep checklists:

  • Event parsing: When you speak or type an event, the transcribed text is sent to our backend which uses Anthropic Claude to extract structured event details (date, time, location, notes). The AI does not retain your data between requests.
  • Prep checklists: Event context is sent to generate personalized preparation tasks and tips. For flights, additional context (airports, international status) is included for relevant suggestions.
  • Screenshot parsing: When you import a screenshot (flight confirmation, hotel booking), the image is processed by Anthropic Claude to extract event details. The image is not retained by the AI after processing.

Third-Party Services

Composed uses the following services to operate. Your data is only shared with these providers as necessary for core app functionality:

  • Supabase — Database and authentication hosting (PostgreSQL with row-level security)
  • Anthropic (Claude) — AI event parsing, checklist generation, and screenshot analysis
  • OpenAI (Whisper) — Voice-to-text transcription (audio processed and immediately discarded)
  • Google Calendar API — Calendar synchronization (read, create, update, delete events with your permission)
  • Google Places API — Location search and venue information
  • Apple MapKit — Travel time calculation and location fallback
  • Resend — Transactional email delivery (event invitations, confirmations)
  • Apple Push Notification Service — Notification delivery

None of these services are used for advertising or cross-app tracking.

Email Communications

We send two kinds of emails:

  • Transactional emails — verification codes, event invitations, shared-event RSVPs, password resets, and subscription receipts. These are sent as part of core app functionality and are not subject to opt-in. You can't unsubscribe from verification emails while using an account that relies on them.
  • Tips & updates — an occasional note with new features, thoughtful reads, and behind-the-scenes content. This is opt-in only. You consent during onboarding (unchecked by default) or by enabling the "Tips & updates" toggle in Settings → Notifications. We record the timestamp of your consent for audit purposes.

Every "Tips & updates" email includes a one-click unsubscribe link. Clicking it immediately marks your account as unsubscribed and removes you from our mailing list — no further marketing email will be sent. You can also revoke consent anytime by flipping the Tips & updates toggle off in Settings. Transactional email is unaffected by unsubscribing.

Your consent is stored in your profile as a boolean with a timestamp. If you withdraw consent and later opt in again, we record the new consent timestamp. We don't send marketing email to anyone who has opted out or never opted in.

Support & Feedback

If you contact support — through the in-app Send Feedback sheet, the form on staycomposed.app/support, or by emailing [email protected] — we keep what you send so we can read it, reply to it, and follow up if a related issue appears later. Specifically:

  • The text of your message, the type you selected (bug / idea / general), and a timestamp.
  • If you're signed in: your account ID. If you submitted via the web form without an account: the reply email you provided. We use that solely to write back to you.
  • App version, build number, OS version, and device model when sent from the iOS app — these help us debug bug reports.
  • An optional screenshot if you attached one. Screenshots are kept in private storage accessible only to designated Composed administrators and are auto-deleted 90 days after submission. The text of your message remains on file as triage history.

Support messages are never used for marketing, never sold, and never used to train AI. If you'd like a specific message removed, email [email protected] with the timestamp.

In-App Purchases

Apple processes all purchases of Composed Pro. We never see your card number, billing address, or Apple ID email. After Apple confirms a purchase, your device tells our servers the transaction identifier, the product purchased, the purchase date, and (for subscriptions) the next renewal or expiration date. We use this only so that designated Composed administrators can see who purchased Pro and provide accurate support; it does not affect what features you have access to (that's controlled on-device by Apple's StoreKit framework). If Apple notifies us of a refund or revocation, we update the record so we don't accidentally count a refunded purchase as still active.

Promotional Grants

From time to time, we issue free Composed Pro access to users — at events, for early supporters, or in response to feedback. When we do this:

  • The recipient's email address is stored in our internal Pro grants table so the grant can be matched to their account when they sign in.
  • If the recipient already has a Composed account, their Pro access is activated immediately and the grant is marked claimed.
  • If the recipient doesn't have an account yet, the grant stays pending until they sign up with the same email address. Pending grants can be revoked by Composed at any time.
  • Only designated Composed administrators can issue grants. Every grant issuance is logged with the admin's user ID, so we have an audit trail of who granted what to whom.
  • Promotional grants cannot be sold, traded, or transferred by the recipient. They are personal benefits tied to the original email address.

If you'd like us to remove a grant from your account or delete the associated email record, email [email protected].

Calendar Integration

Apple Calendar

When you connect Apple Calendar:

  • We read upcoming events to identify which ones could benefit from preparation
  • Calendar data stays on your device unless you choose to import events
  • If you enable write-back, events you create in Composed are added to your Apple Calendar
  • You can disconnect your calendar at any time in Settings

Google Calendar

When you connect Google Calendar, Composed requests access to the calendar.events scope. This is used to:

  • Read your upcoming Google Calendar events so you can import them into Composed for preparation
  • Create and update events in your Google Calendar when you create or edit events in Composed (write-back)
  • Delete events from your Google Calendar when you delete the corresponding event in Composed

Composed's use of Google Calendar data adheres to Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Google Calendar data is only used to provide calendar synchronization features within Composed
  • Google Calendar data is not transferred to third parties except as necessary to provide the app's calendar features
  • Google Calendar data is not used for advertising or to build user profiles
  • Google Calendar data is stored securely with row-level security and is only accessible to the owning user

Your Google Calendar connection uses OAuth 2.0. Authentication tokens are stored securely in the iOS Keychain. You can disconnect Google Calendar at any time in Settings, which revokes Composed's access to your Google Calendar data.

Data Storage and Security

Your data is stored securely on Supabase (PostgreSQL) with row-level security. Each user can only access their own data. All connections use HTTPS/TLS encryption. Authentication tokens are stored in the iOS Keychain.

Photo attachments are stored in encrypted cloud storage accessible only to your account.

Data Retention

  • Events and notes: Retained as long as your account is active. Past events are archived but remain accessible.
  • Voice audio: Not retained. Transcribed and discarded immediately.
  • Location data: Not stored. Calculated in real-time only.
  • Photos: Retained with the associated event, note, or task until you delete them.
  • Support feedback: Message text retained as triage history. Attached screenshots auto-deleted 90 days after submission.
  • Purchase records: Retained for the life of the entitlement (lifetime IAP = forever; subscriptions until cancellation + Apple's standard window for refund disputes).
  • Cache data: Local device cache is cleared on sign-out.
  • Account deletion: All data is permanently deleted immediately upon account deletion, including events, notes, tasks, photos, support feedback, purchase records, profile information, and notification tokens.

Data Deletion

You can delete your account and all associated data at any time from Settings → Account → Delete Account. This action is immediate and irreversible. All events, notes, tasks, attachments, and profile data are permanently removed from our servers.

Location Data

Location is used for departure reminders and travel time calculation. When granted "While Using" permission:

  • Your current location is used to calculate real-time travel time to upcoming events
  • During active journeys, location updates are used for live progress tracking
  • Location data is processed in real-time and never stored on our servers
  • You can disable location access at any time in iOS Settings

Offline Access

Composed caches your data locally so the app works without an internet connection. Cached data is encrypted by the iOS file protection system and is cleared when you sign out.

Children

Composed is not intended for children under 13. We do not knowingly collect data from children.

Changes

We'll notify you of significant privacy policy changes through the app. Continued use after changes constitutes acceptance.

Contact

Questions about privacy? Email [email protected]. For general support, write to [email protected] or use the form at staycomposed.app/support.