Assertr

App privacy policy

Last updated: 18 April 2026 · Effective: 18 April 2026

This policy explains how Fortnight AI Ltd ("we", "us") collects and processes your personal data when you use the Assertr mobile application (the "App"). It is written for UK GDPR and UK Data Protection Act 2018 compliance and also applies to users in the EEA under the EU GDPR.

We are the data controller for personal data processed through the App. Registered office: 45 Woodland Close, Southampton SO18 5RD, United Kingdom. Company number 17085717.

1. What data we collect

  • Account data. Email, display name, authentication tokens, and sign-in provider identifiers if you sign in with a third-party provider.
  • Session voice recordings. Audio captured during a practice session is streamed to our speech and AI providers to generate the AI counterpart's responses and the post-session analysis. Audio is retained only as needed to produce and review feedback (see retention below).
  • Session content. Scenario configuration you provide (goal, arguments, opponent persona), transcripts, scores, and AI feedback text.
  • Progress data. XP, level, badges, streaks, and weekly challenge state.
  • Device and diagnostic data. Device model, OS version, app version, locale, crash reports, and performance metrics. IP address is processed transiently for network and abuse protection.
  • Subscription metadata. Entitlement state and store identifiers from the App Store or Google Play. We do not see your card details.

We do not collect special category data (for example, health or political opinions) by design. If you volunteer such data in a session, it will be processed as part of that session's audio/transcript.

2. How we use your data and lawful basis

  • Deliver the Service (process sessions, generate feedback, keep score), performance of our contract with you (UK GDPR Art. 6(1)(b)).
  • Keep the Service secure, stable, and abuse-free (diagnostics, anti-abuse signals), legitimate interests (UK GDPR Art. 6(1)(f)).
  • Improve the product and train models on session data: only with your explicit in-app consent (UK GDPR Art. 6(1)(a)). You can withdraw consent at any time in Settings; this will not affect processing already carried out.
  • Service communications (critical updates, policy changes, receipts), contractual necessity or legitimate interests.
  • Marketing emails, only if you subscribed to the waitlist or opted in; you can unsubscribe at any time.
  • Comply with legal obligations (tax, accounting, lawful requests), legal obligation (UK GDPR Art. 6(1)(c)).

3. Processors we share data with

We share data with sub-processors who act on our instructions under data processing agreements. Categories include cloud hosting, authentication, speech-to-text and AI inference, crash and analytics tooling, email delivery, and subscription billing via the App Store and Google Play. A current list of named sub-processors is available on request at privacy@assertr.app.

4. International transfers

Some processors are located outside the UK/EEA, primarily in the United States. Where that is the case, transfers are protected by the UK International Data Transfer Addendum, the EU Standard Contractual Clauses, or adequacy arrangements such as the UK-US Data Bridge, together with technical safeguards including encryption in transit and at rest.

5. Retention

  • Voice recordings, retained for up to 30 days to support feedback review and incident investigation, then deleted or irreversibly anonymised. If you have explicitly opted in to model improvement, recordings you agreed to share may be retained longer in a controlled, access-limited dataset.
  • Transcripts and session feedback, retained for the lifetime of your account so you can revisit history; deleted on account deletion.
  • Account data, retained while your account is active and for up to 90 days after deletion to handle backups and legal obligations, after which it is removed.
  • Diagnostics and logs, retained for up to 90 days.
  • Billing records, retained for up to 7 years to meet UK tax and accounting obligations.

6. Your rights

Under UK and EU GDPR you have the right to access, rectify, erase, restrict, or object to processing of your personal data, the right to data portability, and the right to withdraw consent. To exercise these rights:

  • Manage consent and delete your account in-app (Settings → Account).
  • Email privacy@assertr.app. We will respond within 30 days.
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local EEA supervisory authority.

7. Children

The App is not directed at children under 16. If we learn that a child under 16 has created an account, we will delete the account and associated data.

8. Security

We use encryption in transit and at rest, least-privilege access controls, logging, and regular patching. No system is perfectly secure; please report suspected vulnerabilities to security@assertr.app.

9. Changes to this policy

We will update the "Last updated" date and, for material changes, notify you in-app or by email at least 14 days before they take effect.

10. Contact

Privacy questions and data-rights requests: privacy@assertr.app.