← Back to Reflection Messenger

Privacy Policy

Effective Date: March 24, 2026

Reflection Messenger (“Reflection”, “we”, “our”, or “us”) is a messaging service that helps people communicate more thoughtfully in difficult relationships. This Privacy Policy explains how we collect, use, and protect your information.

Information We Collect

Account Information

When you create an account, we collect:

  • Phone number — used to verify your identity and route messages
  • Display name — optional, stored for your convenience within the app

Messages

  • Incoming and outgoing SMS/MMS messages routed through your Reflection number
  • AI discussion messages you exchange with the built-in AI assistant
  • Message metadata such as timestamps and delivery status

Device Information

  • Device identifier — a stable ID used to bind your authentication token to your device
  • Push notification token — used to deliver notifications to your device (if enabled)

Usage Data

  • Standard server logs including IP addresses, request timestamps, and error information
  • These logs are retained for operational purposes and automatically rotated

How We Use Your Information

  • Message routing — delivering SMS/MMS between you and your contacts via Twilio
  • Tone analysis — analyzing incoming messages using pattern matching to generate summaries (this happens entirely on our servers)
  • AI summaries and chat — when you request an AI summary or use the AI discussion feature, message content is sent to Anthropic’s Claude API for processing. Before sending, we scrub personally identifiable information (names, phone numbers, email addresses) from the content
  • Authentication — verifying your identity via SMS code
  • Notifications — sending push notifications for new messages

Encryption

All message content (message bodies and AI summaries) is encrypted at rest using AES-256-GCM encryption with per-user encryption keys. This means:

  • Your messages are encrypted before being stored in our database
  • Each user has a unique encryption key derived from their account
  • Even in the event of a database breach, message content cannot be read without the server-side encryption secret

Third-Party Services

We use the following third-party services:

Service Purpose Data Shared
Twilio SMS/MMS routing, phone number provisioning, phone verification Phone numbers, message content (in transit)
Anthropic (Claude API) AI message summaries and discussion Scrubbed message content (PII removed)
Expo Push notifications Push notification tokens, device identifiers
Neon Database hosting Encrypted message data, account information
Fly.io Application hosting All application data (in memory during processing)

Each of these services has their own privacy policies governing how they handle data.

Data Retention

  • Messages are retained as long as your account is active
  • Account data is retained as long as your account exists
  • You may request deletion of your account and all associated data at any time by contacting us

Your Rights

You have the right to:

  • Access your data through the app
  • Delete your account and all associated data
  • Export your message history (coming soon)

Children’s Privacy

Reflection Messenger is not intended for use by anyone under the age of 13. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or via your registered phone number.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: [email protected]