Who we are
I’d Rather is made by Worth Spreading, a sole proprietorship (eenmanszaak) registered in the Netherlands with the Chamber of Commerce (KVK). Worth Spreading is the data controller for the processing described here. Contact: support@worthspreading.com.
The idea in one line
The app is built to know as little about you as possible: no account is required, there are no ads, we sell nothing about you, and the app never monitors what you do elsewhere on your phone.
What we process, and why
1. Your swaps (the content you type)
A swap is text you write: what you tend to do (“scrolling in bed”), what you’d rather do, optionally why, what sets it off, and optionally a person’s name it’s dedicated to. This can be sensitive — it describes your habits. It lives on your device.
- Stored: on your device. If you sign in, also in your personal space in our database (Google Firebase / Firestore), so you can restore it on a new phone. Without an account, your swaps are never uploaded for storage.
- Safety check: when you save a swap, its text is sent once to our server (Google Cloud Functions, EU region europe-west1) where an AI model (Google Gemini) classifies it — only so the app can respond with care and crisis resources if what you wrote sounds like more than a habit (for example self-harm or an eating disorder). The text is processed for that answer and is not stored by our functions. Your approximate region (from your phone’s locale, e.g. “NL”) is included so crisis resources match your country.
- AI features (Premium): if you ask for suggestions, the app sends the relevant swap texts you already see on screen (plus your count and the hour of day) to the same EU-region server, which asks Google Gemini for suggestions. Used to answer you; not stored by our functions.
- Legal basis: performing our contract with you (Art. 6(1)(b) GDPR) for storage and sync; our legitimate interest in user safety (Art. 6(1)(f)) for the safety check — we believe an app in this category owes you that check, and it is designed to see only the sentence you chose to save.
2. A name you might write about someone else
You can dedicate a swap to a person (“for Sam”). That name is part of your swap text: it stays on your device, syncs only if you sign in, and is never sent to the AI or shown to anyone else. Please only write down what you’d be comfortable keeping in a private note about them; you can edit or delete it any time. If you ask us to delete your data, their name goes with it.
3. Account data (only if you sign in)
Signing in is optional and free — it exists so your record survives a lost phone. We process your email address and sign-in provider (Google, or an email sign-in link). We use it to identify your backup and for nothing else. Legal basis: contract (Art. 6(1)(b)).
Technical note: the app also creates an anonymous Firebase identity on first launch (a random user ID, no name or email). This is what lets the safety check and purchases work without an account. Legal basis: legitimate interest in operating and protecting the service (Art. 6(1)(f)).
4. Purchases
Premium is bought through Apple’s App Store or Google Play — we never see your payment details. Our subscription processor, RevenueCat, receives your random user ID and the store’s receipt so your Premium works across your devices. Legal basis: contract (Art. 6(1)(b)).
5. App events (analytics)
Usage counting is off by default. If you turn on the “Help improve I’d Rather” switch (You → Privacy & data), we count a small, fixed set of app events through Google Firebase Analytics — for example “onboarding completed”, “a swap was logged”, “the paywall was viewed”, “a placement guide was opened”. These events never contain your swap text, name, or email; they include the device-level identifiers Firebase uses to count installs. We use them for one purpose: to see whether the app actually helps, and where it loses people. Legal basis: your consent (Art. 6(1)(a)) — usage counting is off by default, only runs if you turn on the switch, and you can turn it off any time. Advertising-ID collection is disabled outright.
6. Notifications
Reminders are scheduled locally on your phone — no push servers. Their text includes your swap sentence, so it may be visible on your lock screen; you control notifications entirely in Settings.
7. App lock
If you set a PIN it is stored on your device as a salted hash (not readable as the number you chose), never in the cloud. Face ID / biometric checks happen entirely on your device — we never receive biometric data.
8. Abuse protection
To keep the AI features from being abused, the app sends a device-integrity attestation (Apple App Attest / Google Play Integrity via Firebase App Check) with server requests, and our server rate-limits AI requests per user (a daily counter, kept as a number only).
Who helps us (processors)
We do not sell or rent personal data. There are no advertising SDKs, no data brokers, and no crash-reporting SDK in the app.
How long we keep things
- On your device: until you delete the app or use “Delete everything”.
- Your cloud backup: until you delete your account (or ask us). Signing out keeps the backup so you can come back — deleting removes it.
- AI requests: not stored by our functions; the daily rate-limit counter is a number tied to your random ID and is deleted together with your account.
- App events (only if you opted in) are kept at an identifiable level for 14 months; after that only aggregated statistics remain. Withdrawing consent stops collection immediately.
- Subscription records at RevenueCat: kept as required for billing history.
Your rights
You have all GDPR rights: access, rectification, erasure, portability, restriction, objection, and withdrawal of any consent — without affecting prior processing. In the app: You → Privacy & data → Export my data (a JSON file of your swaps, count and settings — the app-lock PIN is deliberately not included) and Delete everything (erases device + cloud, no email needed). For anything else, or if something doesn’t work: support@worthspreading.com — we respond within one month. You can complain to the Dutch supervisory authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl), or your local EU authority.
Children
I’d Rather is not directed at children under 16 and we do not knowingly process their data. If you believe a child is using the app with an account, contact us and we will delete the data.
Changes
If this policy changes in a way that matters, we’ll say so in the app and on this page, with the date above. We won’t quietly repurpose your data — new purposes mean new consent or a new legal basis, explained here first.