AboutFAQSupportGet the App

Privacy Policy

Last updated: April 1, 2026

Overview

Manifesta (“we,” “our,” or “us”) operates the Manifesta mobile application (the “App”) and the website at manifesta.ai (the “Site”). This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and what choices you have.

We built Manifesta as a personal meditation tool. We have no advertising, no ad tracking, and we do not sell your data to anyone — ever. Our business model is a paid subscription, not your personal information.

By using the App or Site, you agree to the practices described in this policy. If you do not agree, please discontinue use of the App and Site.

The short version: We collect only what we need to create your personalized meditations and keep your account running. We send your intention text (not your name, email, or any identifying information) to AI services to generate meditations. We do not sell data, run ads, or track you across other apps.

Data We Collect

Account Information

When you create an account, we collect information depending on your chosen sign-in method:

  • Apple Sign-In:Your name and email address as provided by Apple. If you choose Apple's “Hide My Email” option, we receive only a private relay address — we never see your real email, and we fully support this feature.
  • Google Sign-In: Your name, email address, and profile photo URL as provided by Google.
  • Email/Password: The email address and display name you provide during registration. Your password is handled entirely by Firebase Authentication and is never stored by us in plaintext.
  • Anonymous Auth: You can use the App without creating a full account. In this case, we generate an anonymous identifier with no personal information attached.

For each account, we also store:

  • Authentication provider (Apple, Google, email, or anonymous)
  • Account creation date and last login date
  • Onboarding completion state
  • Subscription plan and status
  • Meditation preferences (selected voice, selected soundscape)
  • Streaks and usage statistics (sessions completed, total minutes)

User-Generated Content

As you use the App, we store the following content you create:

  • Intentions: The text you write to set the theme of your meditations.
  • Meditation history: Titles, durations, and timestamps of meditations you have completed.
  • Mood reflections: The emoji and/or text you provide before and after each meditation session.

Usage and Analytics Data

We collect anonymous analytics data through Firebase Analytics, including:

  • Screens visited within the App
  • Features used
  • Session duration
  • Device type and operating system version

This data is anonymous. We do not include your name, email, intention text, or any personally identifiable information in analytics events.

Crash Reports

If the App crashes, standard Firebase crash reports are generated automatically. These reports include device information, operating system version, and technical stack traces. They do not include your personal content (intentions, reflections, or meditation history).

Data We Do Not Collect

We do NOT collect:
  • Location or GPS data
  • Contacts or address book information
  • Photos, camera, or microphone data
  • Health or fitness data
  • Financial information (payments are processed entirely by Apple through the App Store and managed by RevenueCat — we never see your credit card number, billing address, or payment method details)
  • Data from other apps on your device
  • Advertising identifiers or cross-app tracking data
  • Browsing history outside the App

The App does not use push notifications at this time. If we add notifications in the future, we will update this policy and request your permission before sending any.

How We Use Your Data

We use the information we collect for the following purposes:

  • Meditation generation: Your intention text and preferences (voice, soundscape) are sent to our server-side Cloud Functions to generate a personalized meditation via AI.
  • Personalization: Your preferences, history, and streaks let us tailor the App experience to you.
  • Account management: Your authentication data lets you sign in, sync across devices, and manage your subscription.
  • Product improvement: Anonymous analytics help us understand which features are valuable and where we can improve.
  • Stability: Crash reports help us find and fix bugs.
  • Customer support: If you contact us, we use your information to respond to your request.

We do not use your data for advertising, user profiling for third parties, selling to data brokers, or any purpose other than operating and improving the App.

AI Processing

Manifesta uses AI to generate personalized meditation scripts and convert them to spoken audio. Here is exactly what happens and what data is involved:

Step 1: Script Generation (OpenAI)

When you request a meditation, your intention text, voice preference, and soundscape choice are sent from the App to our Firebase Cloud Functions (our server). Our server then sends only the intention text to the OpenAI API to generate a meditation script.

  • What is sent to OpenAI:Your intention text (e.g., “I want to feel calm before my presentation”).
  • What is NOT sent to OpenAI: Your name, email address, user ID, device information, or any other identifying data.
  • OpenAI's data policy:Under OpenAI's API usage terms, data sent through the API is not used to train their models. OpenAI retains API inputs for up to 30 days for abuse monitoring, then deletes them.

Step 2: Voice Synthesis (ElevenLabs)

The generated meditation script is then sent from our server to the ElevenLabs API, which converts it into natural-sounding spoken audio.

  • What is sent to ElevenLabs: The meditation script text only.
  • What is NOT sent to ElevenLabs: Your name, email address, user ID, original intention text, or any identifying information.
In summary:No personally identifiable information ever leaves our server to reach OpenAI or ElevenLabs. Only the content needed to produce your meditation — the intention text and the generated script — is shared with these services, and only the minimum required for each step.

Third-Party Services

We rely on the following third-party services to operate the App. Each service processes data as described below and is governed by its own privacy policy.

F

Firebase (Google)

Authentication, database, analytics, cloud functions, and crash reporting

Firebase is provided by Google and handles several core functions of the App:

  • Authentication: Manages sign-in via Apple, Google, email/password, and anonymous auth. Stores authentication tokens and session data.
  • Cloud Firestore: Stores your account data, intentions, meditation history, mood reflections, and preferences. Data is encrypted at rest and in transit.
  • Cloud Functions: Runs server-side code that processes meditation generation requests, calling the OpenAI and ElevenLabs APIs on your behalf.
  • Analytics: Collects anonymous usage data (screens visited, features used, session duration, device type, OS version). No personally identifiable information is included in analytics events.
  • Crashlytics: Collects crash reports with device information and stack traces to help us identify and fix issues.

Firebase Privacy and Security Documentation | Google Privacy Policy

O

OpenAI

AI meditation script generation

Your intention text is sent to the OpenAI API via our server-side Cloud Functions to generate a personalized meditation script. No personally identifiable information is included in the request — only the intention text.

Under OpenAI's API data usage policy, data submitted through the API is not used to train OpenAI's models. API inputs may be retained for up to 30 days for abuse and misuse monitoring, after which they are deleted.

OpenAI Privacy Policy | OpenAI API Data Usage Policy

E

ElevenLabs

AI voice synthesis for meditation audio

The generated meditation script (not your intention text, not your personal information) is sent to ElevenLabs to produce natural-sounding spoken audio. Only the script text is shared — no names, email addresses, user IDs, or any identifying data.

ElevenLabs Privacy Policy

R

RevenueCat

Subscription and in-app purchase management

RevenueCat manages the verification of your subscription status between the App and the Apple App Store. RevenueCat receives:

  • An anonymous app user ID (not your name or email)
  • Apple purchase receipts for subscription validation

RevenueCat does not receive your name, email address, intention text, meditation history, or any content you create in the App.

RevenueCat Privacy Policy

A

Apple App Store

Payment processing and app distribution

All payments for Manifesta subscriptions are processed entirely by Apple through the App Store. We never receive, process, or store your credit card number, billing address, or payment method details. Apple's payment processing is subject to Apple's own privacy policy.

Apple Privacy Policy

Local Storage

The App stores certain data locally on your device for performance and offline access:

  • User settings and preferences:Stored using Capacitor Preferences in the App's sandboxed local storage.
  • Downloaded meditation audio:When you download a meditation for offline listening, the audio file is saved to the App's sandboxed storage on your device. These files are accessible only to the App and are removed if you uninstall the App.

This local data never leaves your device unless you explicitly trigger a sync or backup through your device's operating system.

Data Security

We take the security of your data seriously and implement the following measures:

  • Encryption in transit: All communication between the App, our servers, and third-party services uses TLS (Transport Layer Security) encryption.
  • Encryption at rest:Data stored in Firebase Cloud Firestore is encrypted at rest using Google Cloud's default encryption.
  • Authentication security: Passwords are handled by Firebase Authentication and are never stored in plaintext. Sign-in with Apple and Google use industry-standard OAuth 2.0 protocols.
  • Server-side processing: AI requests are processed through our Firebase Cloud Functions, meaning your API keys and third-party credentials are never exposed to the client app.
  • Minimal data sharing: We share only the minimum data necessary with each third-party service (e.g., only intention text with OpenAI, only script text with ElevenLabs, only anonymous IDs with RevenueCat).
  • Sandboxed local storage:Downloaded files and local preferences are stored in the App's sandboxed container, inaccessible to other apps on your device.

While no method of electronic storage or transmission is 100% secure, we strive to use commercially acceptable means to protect your personal information. If we become aware of a security breach that affects your personal data, we will notify you in accordance with applicable law.

Data Retention

We retain your personal data and content for as long as your account is active and you continue to use the App. Specifically:

  • Account data, intentions, meditation history, and reflections: Kept while your account is active. Permanently deleted within 30 days of an account deletion request.
  • Anonymous analytics data: May be retained indefinitely in aggregate, anonymized form. This data cannot be linked back to you.
  • Crash reports:Retained by Firebase Crashlytics per Google's standard retention policies.
  • Locally stored data: Downloaded meditation audio and local preferences remain on your device until you delete them manually, delete your account, or uninstall the App.

Your Rights

Regardless of where you live, we provide the following rights to all users:

  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can request that we correct any inaccurate or incomplete personal data.
  • Deletion:You can delete your account and all associated data. This can be done directly in the App (Profile → Settings → Delete Account) or through our web-based account deletion page. All data will be permanently removed from our systems within 30 days.
  • Portability: You can request a copy of your data in a structured, machine-readable format.
  • Restriction: You can request that we restrict processing of your data in certain circumstances.
  • Objection: You can object to our processing of your data in certain circumstances.
  • Withdraw consent: Where processing is based on consent, you can withdraw your consent at any time.

To exercise any of these rights, contact us at support@manifesta.ai. We will respond to your request within 30 days.

Account deletion is always available.You can delete your account at any time from within the App (Profile → Settings → Delete Account) or at manifesta.ai/delete-account. No email required — you can do it yourself, instantly.

California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not charge you different prices, provide different quality of service, or deny you service for exercising your rights.
  • No sale of personal information: We do not sell your personal information. We have not sold personal information in the preceding 12 months, and we have no plans to do so.
  • No sharing for behavioral advertising: We do not share your personal information for cross-context behavioral advertising purposes.

To exercise your CCPA rights, contact us at support@manifesta.ai. We will verify your identity before fulfilling your request.

Children's Privacy

Manifesta is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. We do not knowingly allow children under 13 to create accounts or use the App.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us immediately at support@manifesta.ai. We will take steps to delete such information from our systems within a reasonable timeframe.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we discover that we have inadvertently collected personal information from a child under 13, we will promptly delete that information.

Cookies

The Manifesta website (manifesta.ai) does not use tracking cookies, advertising cookies, or third-party analytics cookies.

We may use strictly necessary cookies for basic site functionality, such as session management. These cookies are essential for the website to function and cannot be used to identify you personally.

The Manifesta mobile app does not use cookies. Local data storage in the App is handled through Capacitor Preferences and the device file system, as described in the Local Storage section above.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the “Last updated” date at the top of this page.
  • For material changes that affect how we handle your personal data, we will make reasonable efforts to notify you (for example, through an in-app notification or an email to the address associated with your account).
  • Your continued use of the App after any changes to this policy constitutes your acceptance of the updated policy.

We encourage you to review this page periodically for the latest information on our privacy practices.

Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

We will respond to all privacy-related inquiries within 30 days.