Privacy — Fortify

This page explains what we collect, why, and how we handle it — in plain language, not legalese.

What we collect

Account: your chosen username, email address, and a hashed password. Usernames are visible to other people in your cohort; your real name is never asked for.
Daily reflection: check-ins (mood, energy, sleep, triggers, coping tools, optional notes), journal entries, and setback reflections.
Identity work: values, identity statements, goals, habit-replacement plans, if-then plans, environment audits, and future-self letters you write to yourself.
Tool usage: which coping tools you reach for and complete (breathing, grounding, urge-surfing, restructuring), and which lessons you finish.
Social activity: community posts, reactions, accountability-pair commitments, partner check-ins, mentorship messages, and SOS signals.
Subscription metadata from RevenueCat when you start a Fortify Pro trial or subscription (entitlement state, plan id, renewal status). We never see your card or store account details — those stay with Apple, Google, or RevenueCat.
Your timezone and a device push-notification token when you opt in.
Basic technical logs for reliability (IP at login, user-agent, error traces). These are kept 30 days.

What we do with it

Your check-ins and journal power your own Resilience Score and weekly pattern reports — shown only to you.
Your timezone anchors notifications and scoring to your local calendar.
Posts and reactions are visible to your cohort under your pseudonymous username + avatar only.
We do not sell your data. We do not run advertising. We do not share your data with third parties beyond the minimum infrastructure we need to run the service (hosting, push-notification delivery).

What your buddy sees

If you pair with an accountability buddy, they see your username, avatar, stage, the commitments you explicitly share with them, and when you send an SOS. They do not see your check-ins, your journal, your setback reflections, your mood history, or anything else. When you send an SOS, the notification to your buddy is intentionally anonymous and content-free — "Your buddy needs support" — so you decide what, if anything, to share.

Your rights

Export: download every byte of data Fortify has about you as a JSON file, at any time, from Settings or GET /api/users/me/export.
Delete: delete your account and everything tied to it in a single tap. Your data is removed immediately via database cascade.
Correction: edit your profile, change your email (with confirmation), change your password. Each rotates your session tokens.

Security details

Passwords are hashed with bcrypt (12 rounds) — we never store or log the plaintext. Auth tokens are short-lived and rotate on refresh; signing out or changing your password revokes every outstanding session immediately.

All traffic between your device and our servers uses HTTPS (TLS). Your journal entries, setback reflections, and messages are transmitted encrypted in transit and stored on encrypted disks — not end-to-end encrypted with a key only you hold. That means Fortify operators can, in principle, access that data if required by legal process or to investigate abuse. We do not read it as part of normal operation.

Who runs this

Fortify is built by a small team focused on getting the research right. Questions, concerns, or data requests: hello@fortify.app.

What Fortify is not

Fortify is a wellness and personal-growth companion. It is not a medical device, not a therapeutic service, not a healthcare product. If you're in crisis, please reach out to a licensed professional or your local emergency services.

Mentorship moderation

Fortify Mentorship is a 1:1 chat between members. To help keep these conversations safe, inbound mentorship messages are scanned on our servers for a small, curated list of high-risk phrases (suicidal ideation, self-harm, immediate danger). When a phrase matches, a safety alert is created for our team to review.

Moderators reviewing an alert can see the message that triggered it and the recent thread context (up to 10 messages) so they can decide whether to step in. They cannot see other users' conversations, your check-ins, journal entries, or any data outside the flagged thread. Every review is recorded in an internal audit log.

Outside of those reviews, your mentorship conversations are private. You can end any match at any time from inside the chat.