Short version: We don't collect personal data. No accounts, no tracking, no cookies, no advertising. Your progress stays on your device. Text you submit for AI analysis is processed in real-time and not stored. Anonymous vote counts (no IPs, no identifiers) are aggregated for 3 days to show how many users recognized a pattern.
Narcissos ("we", "the app", "the service") is a psychoeducation tool that helps users understand narcissistic behavior patterns. We operate the web app at narcissos.app and an iOS app available through the Apple App Store. Your privacy is central to our design — we built the app so personal data collection is structurally impossible.
Your game progress, streak, points, level, daily task status, achievements, favorites, scan history, case archive, settings, and language preference are stored only on your device using localStorage (web) or UserDefaults (iOS). This data never leaves your device and is never sent to our servers.
A random UUID is generated on first launch and stored locally as a device identifier. It is never transmitted to our servers.
Scanner and Simulator input: When you submit text to the AI Scanner or AI Simulator, the text is sent to our Vercel-hosted proxy (/api/gemini), which forwards it to Google's Gemini API for analysis. The response is returned to your device. We do not store, log, or retain the text you submit. The text passes through our proxy in real-time and is discarded immediately.
Daily Case: The "Case of the Day" feature generates a fictional psychoeducation scenario each day via Google's Gemini API. The generated case is cached briefly on our servers (up to 25 hours) so all users of the same language see the same case that day. The case is fictional and contains no user data.
Daily Dose: The daily scenario is similarly generated via AI and cached for all users. No user data involved.
When you vote on a case ("I recognize / Somewhat / I don't") we send only three values to our server: the date, your language, and your vote choice. We then store:
case:vote:2026-04-23:fi:yes = 42) — anonymous aggregate numbers onlyAll vote-related data has a hard 3-day expiration, after which it is automatically deleted from our database. We do not use vote data for any purpose other than showing aggregate counts ("42 users recognize this pattern").
Because we store only aggregate counts and short hashes without any identifier, this data does not constitute personal data under GDPR Recital 26.
iOS: Premium subscriptions are handled by Apple's StoreKit. We receive an anonymous entitlement confirmation from Apple; we do not receive your payment details, name, or email. To manage or cancel an iOS subscription, open Settings → Subscription → Manage subscription in the app, or open the Settings app on your device → Apple ID → Subscriptions → Narcissos.
Web: Premium subscriptions use Stripe Checkout. Stripe handles all payment and identity data (card number, billing email, address); we receive only an opaque customer ID and subscription ID used to verify your premium status. These IDs are stored in a signed token (HMAC-SHA256) on your device. We do not maintain our own customer database — Stripe is the data controller for billing data.
How to cancel a web subscription: open Settings → Subscription → Manage subscription in the app. This opens the Stripe-hosted Customer Portal where you can cancel, change payment method, view invoices, or update billing information. Cancellation takes effect at the end of your current billing period. You may also cancel at any time by emailing info@mentalhealthclub.fi.
To prevent abuse we use short-lived IP-based rate limits on our API endpoints. Rate-limit counters are held in server memory for a maximum of 24 hours and are not persisted to disk or any database.
We do not use cookies, analytics, tracking pixels, device fingerprinting, or any form of user tracking. We do not use advertising SDKs. We do not integrate Facebook Pixel, Google Analytics, Mixpanel, or similar services.
Narcissos is rated 12+ in the App Store. The app discusses relationship dynamics (family, workplace, friendships, romantic relationships) in an educational context and is intended for teens and adults. It is not directed at children under 12. We do not knowingly process data from children under 12. If you believe a child has used the app, contact us and we will delete any relevant data (though by design there is no personal data to delete).
Because we do not collect personal data, most GDPR rights do not apply in the traditional sense. Specifically:
For the brief time your IP hash is held to prevent double-voting, you may contact us to request earlier deletion.
Our servers (Vercel, Upstash) operate from data centers in the EU and US. Data processing is minimal and transient. No long-term storage of identifiable data occurs in either region.
Narcissos is a psychoeducation tool, not a diagnostic or therapeutic service. AI analyses are educational estimates, not psychological diagnoses. We do not provide medical advice. If you are experiencing distress or have concerns about a relationship, please contact a licensed mental health professional.
We may update this policy occasionally. Changes will be posted on this page with an updated date at the top. Material changes will be announced in the app.
Questions about this policy or your data? Contact us at: info@mentalhealthclub.fi