Last updated: July 7, 2026
Maddy is a personal support app. Jeremy built it for his daughter first; now it helps other families too. It helps someone who needs a little extra scaffolding to get through their day, and it helps the people who love them stay connected and supportive. This policy explains what information the app collects, where it lives, who can see it, and how to get rid of it.
Plain language, no legalese. If something is unclear, email support@mymaddy.app.
When you use Maddy, the app stores the following information:
If you join the waitlist at mymaddy.app, we collect your email address. The signup form also includes an optional question, "Which best describes you?", with four answers: I have AuDHD, I love someone who does, I work with AuDHD clients, or Prefer not to say.
This question is optional. If you skip it, nothing is stored. If you answer, your response is stored alongside your email.
Why we ask: to personalize the emails Maddy sends to waitlist members. That means the welcome email after you sign up, a small number of update emails between now and our App Store launch, and the launch-day email. After launch, the same answer may shape the wording and topic mix of our regular Maddy email so it sounds like it was written for the person reading it. We do not use it for advertising, for sharing with third parties, or for any purpose beyond personalizing Maddy email.
How long we keep it: as long as you are subscribed to Maddy email. You can have it deleted at any time by emailing support@mymaddy.app, or by unsubscribing. When you unsubscribe, we delete your answer along with your email.
Sensitive personal information: under the California Consumer Privacy Act (as amended by the CPRA), self-identification as a person with AuDHD is sensitive personal information. You have the right to limit our use of it. Email support@mymaddy.app at any time and we will action your request and confirm by reply.
All data is stored in a Supabase Postgres database, hosted on the gfqjgdisuwzebaqjqseg project in the US East region (AWS us-east-1). Supabase is the infrastructure provider. See Supabase's Privacy Policy for their commitments as a data processor.
Session credentials are kept locally on your device in expo-secure-store (encrypted secure storage, not regular AsyncStorage) so you stay logged in between app launches.
Your data is scoped to your circle. A circle is the small group of people connected in the app, typically the supported person and one or more caregivers. Postgres Row-Level Security (RLS) enforces this at the database level: every query is filtered to the groups you belong to. If you're not in the circle, you can't read the data, not through the app, and not by querying the database directly.
Two categories of people have broader access as a matter of infrastructure:
Neither of these parties has any business reason to access your data, and their respective policies govern what they can do with it.
Maddy uses Sentry for crash and performance diagnostics. Crash and app-hang reports may include device type, OS version, app version, and a stack trace (with a short JS profile on hangs). Before any report leaves your device, the app strips personal identifiers: your email address, IP address, and authorization headers are removed. Diagnostics are not linked to your identity, and we do not use this data for advertising. Sentry's privacy policy applies to that data, where Sentry acts as our processor.
Morning reminders and other alerts are sent through Expo's push service, which relays them to Apple's Push Notification service (APNs) for delivery. As part of that relay, Expo receives your device push token and the notification payload (the reminder text) as a processor, and Apple then delivers it. Expo's and Apple's privacy policies govern that transmission. You can disable notifications at any time in your device's Settings app.
If you subscribe to Maddy, the purchase itself happens through Apple and your App Store account. Maddy never sees your payment details. We use RevenueCat to know whether your circle's subscription is active: RevenueCat receives purchase receipts from Apple and tells us the subscription status (product, entitlement, renewal period), which we store in our database keyed to your circle. RevenueCat acts as our processor; their privacy policy is at revenuecat.com/privacy. When you delete your account, your subscription records are removed from our database and the customer record in RevenueCat is deleted as part of the same process.
Maddy accounts are for people 18 and older. The app's account creation screen enforces this. The person being supported may be younger; in that case, an adult caregiver sets up and manages their account and consents to the information Maddy collects. We don't knowingly collect personal information from anyone under 13 without a parent or guardian's involvement. If you believe a child's data was submitted without appropriate consent, contact us at support@mymaddy.app.
The app includes in-app account deletion under the caregiver's Settings tab (scroll to the bottom). Tapping "Delete account" and confirming twice triggers a deletion process that cascades through all data associated with your account:
Your Supabase Auth account is then deleted. There is no recovery after this point.
We keep your data until you delete your account. There is no background retention after deletion, no archiving, and no backups that persist beyond Supabase's own infrastructure snapshot windows (which are part of their service, not ours).
If this policy changes in a meaningful way, Jeremy will notify circle admins through the in-app caregiver message surface. Continued use of the app after that notification constitutes acceptance of the updated terms. The "Last updated" date at the top of this page will reflect the most recent version.
Questions, data requests, or concerns: support@mymaddy.app
Reck the Fort LLC
mymaddy.app