Privacy Policy
Privacy Policy
Effective Date: April 2, 2026
This Privacy Policy explains how Manifest Bestie ("we," "our," or "us") collects, uses, stores, and protects your information when you use our iOS application ("the App"). We are committed to transparency about our data practices and to protecting your privacy.
By using Manifest Bestie, you agree to the practices described in this policy. If you do not agree, please discontinue use of the App.
We collect different types of information depending on how you interact with the App. We do not require you to create an account, and we do not collect your email address, phone number, or physical address.
When you first set up the App, you provide the following information to personalize your experience:
First name or nickname
Age range (bracket, not date of birth)
Daily phone usage estimate
Life goals (up to 3 selections from preset options)
Personal beliefs (up to 3 selections from preset options)
Deep struggles (up to 3 selections from preset options)
Main obstacles (up to 3 selections from preset options)
Primary life area of focus
Feelings about your selected life area
Relationship with manifestation practices
Preferred alignment frequency (days per week)
Timeline readiness
A digital signature (drawn by you as part of the onboarding commitment)
This data is stored locally on your device only. It is not transmitted to our servers or any third party. It is used solely to personalize the App experience on your device.
Each time you use the App to generate a manifestation script, you provide:
Energy/focus area (selected from 6 preset options)
Vibe/mood (selected from 6 preset options)
"Calling in" text (optional free-text input, up to 500 characters, describing what you want to manifest)
Post-session mood rating (optional, 1–5 scale)
Your energy selection, vibe selection, and "calling in" text are transmitted to our server (a Cloudflare Worker) to generate your personalized manifestation script. See Section 3 (AI-Generated Content) for details on how this data is processed.
Your session history — including energy selected, vibe selected, the generated manifestation text, mood rating, and timestamp — is stored locally on your device only and is not transmitted to any external service.
If you use the App's focus/blocking feature, you select which apps to block during manifestation sessions. Your blocked app selections (app name, category, and bundle identifier) are stored locally on your device only and are shared with Apple's Screen Time framework solely to enforce the blocking schedule you set. We never read, track, or store your Screen Time usage data or app usage history.
The following data is collected automatically when you use the App:
Crash logs and diagnostics — collected by Apple through its standard diagnostics tools, subject to your device settings. We receive anonymized crash reports through App Store Connect.
Device attestation data — we use Apple's App Attest framework to verify that requests come from a genuine copy of the App on a real device. This involves generating a cryptographic key pair stored in your device's Secure Enclave and exchanging attestation/assertion tokens with our server. No personal information is included in these tokens.
Onboarding preferences (name, goals, beliefs, struggles, etc.) — to personalize the App experience on your device
Energy, vibe, and "calling in" text — to generate your personalized AI manifestation script
Session history and mood ratings — to show your progress, streaks, and insights within the App
Blocked app selections — to enforce focus sessions by blocking selected apps
Device attestation tokens — to verify request authenticity and prevent abuse
Crash logs — to diagnose and fix bugs
We do not use your data for advertising. We do not sell your data to third parties. We do not use your data for tracking as defined by Apple's App Tracking Transparency framework.
Manifest Bestie uses artificial intelligence to generate personalized manifestation scripts in four modalities: affirmations, gratitude, visualization, and "I am the exception."
When you request a manifestation script, the following data is sent from your device to our Cloudflare Worker (our backend server):
Your selected energy/focus area
Your selected vibe/mood
Your optional "calling in" free-text input (up to 500 characters)
The time of day
An anonymous user identifier (your RevenueCat app user ID — not linked to your real identity)
Our Cloudflare Worker forwards your energy, vibe, "calling in" text, and time of day to Google Gemini (Google's AI service) to generate your script. The anonymous user identifier is used only for subscription verification and rate limiting — it is not sent to Google.
Google Gemini receives the text of the manifestation prompt, which includes your energy area, vibe, time of day, and any "calling in" text you entered. Google processes this data to generate your script and returns the result.
Google does not receive your name, age, device identifier, or any onboarding data.
Per Google's API data usage policies, data sent through the Gemini API is not used by Google to train its models. For more information, see Google's Gemini API Terms of Service.
Your AI inputs are not permanently stored by us. Once the generated script is returned to your device, our server does not retain the prompt or the response. The generated script is stored locally on your device as part of your session history.
We use the following third-party services to operate the App. Each service receives only the minimum data necessary for its function.
What they receive: Purchase transactions, anonymized crash diagnostics (per your device settings), Screen Time blocking schedules
Purpose: Process subscription purchases, crash reporting, enforce app blocking
Their privacy policy: https://www.apple.com/legal/privacy/
What they receive: An anonymous app user ID (generated by RevenueCat, not linked to your real identity), subscription status, and purchase events
Purpose: Manage subscriptions, verify entitlements, process purchase restoration
Their privacy policy: https://www.revenuecat.com/privacy/
What they receive: Subscription status (synced from RevenueCat), paywall presentation events, and purchase flow outcomes (purchased, restored, cancelled)
Purpose: Present and manage paywall screens, optimize the subscription experience
Their privacy policy: https://superwall.com/privacy
What they receive: API requests containing your manifestation prompt data (as described in Section 3), standard connection metadata (IP address, request headers)
Purpose: Host our backend server (Cloudflare Worker) that processes AI generation requests and verifies device attestation
Their privacy policy: https://www.cloudflare.com/privacypolicy/
What they receive: Manifestation prompt text including your energy area, vibe, time of day, and optional "calling in" text (as described in Section 3)
Purpose: Generate personalized manifestation scripts
Their privacy policy: https://policies.google.com/privacy
Data protection assurance: We require that all third-party service providers handle your data with protections equivalent to or greater than those described in this Privacy Policy. Each provider listed above is bound by their own privacy policies and, where applicable, data processing agreements that govern how they handle data received from the App.
For clarity, Manifest Bestie does not collect or process:
Email addresses, phone numbers, or physical addresses
Precise or coarse location data
Photos, videos, or audio
Contacts or address book data
Browsing history or search history outside the App
Health or fitness data (the App is not connected to HealthKit)
Financial information (all purchases are processed by Apple and RevenueCat — we never see your payment details)
Screen Time usage data or app usage statistics (the Screen Time framework enforces blocking without giving us access to your usage data)
All onboarding preferences, session history, mood ratings, and blocked app selections are stored in a local database (SQLite) on your device. This data exists only on your device and is permanently deleted when you uninstall the App.
Our Cloudflare Worker does not persist your AI generation requests or responses. Requests are processed in real-time and discarded.
Device attestation records (cryptographic key identifiers used to verify your device) are stored on our server for the duration of your use of the App.
RevenueCat: Retains anonymous purchase records for as long as needed to manage your subscription. See their privacy policy for details.
Superwall: Retains paywall interaction data per their privacy policy.
Apple: Retains purchase and crash data per their privacy policy and your device settings.
Google Gemini: Per Google's API terms, API inputs are not retained for model training. See Google's data retention policies for details.
Delete local data: Uninstall the App from your device. This permanently deletes all locally stored data including your onboarding preferences, session history, and blocked app selections.
Revoke Screen Time access: Go to your device's Settings > Screen Time > Manifest Bestie to revoke the App's Screen Time authorization at any time.
Disable crash reporting: Adjust your device's Settings > Privacy & Security > Analytics & Improvements to control what diagnostic data is shared with app developers.
Request deletion of server-side data: Contact us at support@manifestbestie.app to request deletion of any device attestation records associated with your device.
Revoke consent: You may stop using the App at any time. Uninstalling the App removes all local data and stops all data collection.
If you are located in the EEA, you have the following additional rights under the General Data Protection Regulation:
Right to access: You may request a copy of the personal data we hold about you.
Right to rectification: You may request correction of inaccurate data.
Right to erasure: You may request deletion of your data ("right to be forgotten").
Right to data portability: You may request your data in a structured, machine-readable format.
Right to object: You may object to the processing of your data.
Right to withdraw consent: You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Legal basis for processing: We process your data based on (a) your consent, given by using the App, and (b) our legitimate interest in providing and improving the App's functionality. For AI content generation, the legal basis is contract performance — generating the script you requested.
To exercise any of these rights, contact us at support@manifestbestie.app. We will respond within 30 days.
If you are a California resident, you have the right to:
Know what personal information we collect and how it is used
Delete your personal information
Opt out of the sale of personal information — we do not sell your personal information to any third party
Non-discrimination — we will not discriminate against you for exercising your privacy rights
To exercise these rights, contact us at support@manifestbestie.app.
Manifest Bestie is intended for users aged 13 and older. We do not knowingly collect personal information from children under the age of 13.
If you are between 13 and 17 years old, you should review this Privacy Policy with a parent or guardian before using the App.
If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@manifestbestie.app.
We take reasonable measures to protect your information:
On-device encryption: Your local data is protected by your device's built-in encryption (iOS Data Protection).
Secure transmission: All data transmitted between the App and our server uses HTTPS/TLS encryption.
Device attestation: We use Apple's App Attest framework to verify that requests originate from a genuine, unmodified copy of the App.
Secure key storage: Attestation keys are stored in your device's Secure Enclave and never leave the device.
No account credentials: Since no account is required, there are no passwords or login credentials to compromise.
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
We may update this Privacy Policy from time to time. When we make changes:
The "Effective Date" at the top of this page will be updated
For material changes, we will notify you through the App or by other reasonable means
Your continued use of the App after changes take effect constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.
If you have questions about this Privacy Policy, your data, or wish to exercise any of your privacy rights, contact us at:
Email: support@manifestbestie.app