Skip to content
one good thing

Privacy Policy

Last updated: 21 February 2026

The short version

One Good Thing is a daily thought-starter app. We collect the minimum data needed to deliver your daily card, sync your collection across devices, and understand how the app is used. We do not sell your data. We do not run ads. We do not track you across other apps or websites.

What we collect

Account information

When you sign up (via Apple, Google, or email), we store your email address, authentication provider, and a unique user ID. If you sign in with Apple and choose to hide your email, we receive and store only your private relay address.

Your interactions

We record which daily cards you carry or let go, whether you shared a card, and your consecutive-day thread streaks. This data powers your Collection and syncs across devices via Firebase Firestore.

App preferences

Your notification time preference (morning or evening), subscription status, and trial start date are stored locally on your device and synced to our server to deliver time-sensitive emails.

Analytics

We use PostHog to understand how people use the app. We track behavioural events such as card views, carries, shares, and paywall interactions. PostHog automatically collects device type, OS version, app version, locale, and session duration. We do not collect your Apple advertising identifier (IDFA) and do not use App Tracking Transparency.

What we do not collect

  • Location data
  • Contacts, photos, camera, or microphone access
  • Health or fitness data
  • Advertising identifiers (IDFA)
  • Cross-app or cross-site tracking data
  • Payment card numbers (handled entirely by Apple)

Permissions

The app requests a single permission: notifications (local only, for your daily thought reminder). No other system permissions are requested.

Third-party services

  • Firebase Authentication and Firestore (Google) for sign-in and cloud data storage
  • Google Sign-In for Google OAuth
  • PostHog for product analytics
  • Resend for transactional emails
  • Apple StoreKit for subscription management

We do not use Firebase Analytics, Crashlytics, Cloud Messaging, or any advertising or attribution SDK.

Emails

We send a small number of transactional emails: a welcome email, trial reminders, and a win-back email if your subscription expires. If you sign in with Apple using a private relay address, we skip re-engagement emails that are unlikely to reach you. You can unsubscribe from any email by replying to it.

Cookies and website analytics

Our website at onegoodthing.space uses PostHog for analytics. PostHog sets a cookie and uses localStorage to track anonymous page views and button clicks. We do not use advertising cookies, social media trackers, or any cross-site tracking.

When you first visit the website, a banner asks whether you accept analytics cookies. If you decline, no analytics data is collected and no cookies are set by PostHog. You can change your preference at any time by clearing your browser's localStorage for this site.

The iOS app uses PostHog for in-app analytics. This is covered by the app's own privacy disclosure on the App Store and does not use browser cookies.

Your rights (GDPR and EEA users)

If you are in the European Economic Area, you have the right to:

  • Access a copy of the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Withdraw consent at any time (e.g., decline analytics cookies)
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, email us at hi@onegoodthing.space. We will respond within 30 days.

Legal basis for processing (GDPR)

We process your data under the following legal bases:

  • Consent for website analytics cookies (you can accept or decline via the cookie banner)
  • Contract performance for delivering the app service (your account, daily cards, collection sync)
  • Legitimate interest for in-app analytics and transactional emails that improve the service

Data storage and security

Your data is stored in Firebase Firestore (Google Cloud). Firestore security rules ensure that each user can only read and write their own data. Card content is read-only for all authenticated users. Local data is stored on-device via SwiftData and is protected by iOS device encryption.

Data deletion

You can delete your account and all associated data by contacting us at hi@onegoodthing.space. We will remove your user record, all interaction history, and any email records within 30 days.

Children

One Good Thing is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via email or an in-app notice. The date at the top of this page reflects the most recent revision.

Contact

Questions about this policy? Reach us at hi@onegoodthing.space.

← Back to homeTerms of Service →