Privacy Policy

How Main Character handles account data, proof, integrations, Google Health, media, AI-assisted features, and deletion requests.

Privacy Policy

Last updated: June 10, 2026

This policy explains how Main Character LLC ("Main Character," "we," "us," or "our") handles information when you use maincharacter.game, our web app, mobile companion app, and related services (the "Service").

We wrote this to be readable first. Some sections are specific because the product handles sensitive things like Google Health, media, voice, proof, and AI-assisted features.

Quick read

  • We use your information to run Main Character: accounts, habits, tasks, proof, integrations, AI-assisted features, payments, support, safety, and security.
  • You choose whether to connect integrations. Google Health is separate from Google sign-in and asks for its own permission.
  • We do not sell your personal information.
  • We do not use Google Health data or consumer health data for ads, data brokers, credit or lending decisions, or medical decisions.
  • We do not use Google Health data to train AI models.
  • Main Character is for habit tracking, personal reflection, proof, and wellness-style motivation. It is not medical care, medical advice, or an emergency service.

What we collect

We collect different information depending on which features you use.

Account and product basics

  • Account and authentication. Name, email, username, provider account IDs, profile photo, magic-link state, passkey metadata, and linked sign-in providers such as Google, Discord, GitHub, or X. We use this to create your account, sign you in, secure your account, and prevent abuse.
  • Profile and public settings. Display name, username, avatar, bio, social links, public profile setting, and selected public habits or progress. We use this to show the profile and proof you choose to share.
  • Habits, tasks, and proof. Goals, habits, tasks, check-ins, streaks, XP, Aura, notes, links, proof rules, completion evidence, timestamps, and related metadata. This is the core product data that lets Main Character track progress and show history.

Sensitive or connected data

  • Google Health and health-related proof. Google Health user ID, OAuth tokens, read-only activity, fitness, and sleep permissions, steps, active zone minutes, distance, total calories burned, sleep duration, daily summaries, proof rules, completion evidence, and sync status. We use this only for health-metric habit proof and related trends.
  • AI assistant data. Tasks, notes, capture items, preferences, reflections, proof, connected-source data you authorize, prompts, model outputs, and assistant personalization data. We use this to generate plans, summaries, recommendations, drafts, classifications, recaps, and other assistant outputs inside the Service.
  • Media, mobile, and wearables. Photos, videos, audio, voice captures, uploaded files, transcripts, captions, OCR text, labels, search text, analysis metadata, device diagnostics, and camera/Bluetooth/wearable context. We use this for capture, proof, transcription, mobile companion, and wearable companion features.
  • Integrations and webhooks. Connected-source IDs, provider metadata, webhook payloads, provider secrets, sync status, event IDs, external object metadata, and integration diagnostics. We use this to connect outside services, ingest proof or context, rotate secrets, debug sync, and avoid duplicate processing.
  • X/social proof. Public post IDs, public post text/metadata, mention metadata, check-in classification, reply status, and provider evidence when you connect or interact with X features. We use this to detect public check-ins, create proof, and post replies when you authorize those features.

Operations data

  • Payments and billing. RevenueCat app user ID, entitlement, product, purchase provider, billing status, renewal status, management URL, webhook event IDs, sync status, and related invoice/payment metadata. We use this for subscriptions, plan changes, refunds, taxes, and billing support. RevenueCat manages subscription aggregation across web and iOS, Apple handles App Store in-app purchases, and Stripe may handle web card processing underneath RevenueCat Web Billing; we do not store full card numbers.
  • Analytics and observability. IP address, device/browser type, pages viewed, feature interactions, timestamps, error data, performance data, and coarse usage events. We use tools such as PostHog, Google Analytics, and Sentry to understand usage, fix bugs, protect the Service, and measure reliability.
  • Support and communications. Messages you send us, support form details, email address, feedback, and related correspondence. We use this to respond to you, resolve issues, improve the Service, and keep records of requests.

We do not receive your password from third-party sign-in providers.

What we do not do

  • We do not sell personal information.
  • We do not use Google Health data or consumer health data for ads, retargeting, data brokers, creditworthiness, lending, insurance underwriting, employment decisions, or medical decisions.
  • We do not use Google Health data to train AI models. Google Health data is not used for model training.
  • We do not send raw user content to analytics, logs, or evaluation tools by default.
  • We aim to keep secrets, tokens, raw health payloads, and free-form health details out of logs and error reports.

Google Health and consumer health data

Google Health is optional. Connecting Google Health does not connect your Google login account for health access. Health access uses a separate Google OAuth flow.

Current Google Health access is limited to read-only activity, fitness, and sleep data used for habit proof: steps, active zone minutes, distance, total calories burned, and sleep duration. We do not request broad future scopes "just in case."

If we add new Google Health data types or new uses, we will update the relevant disclosures and ask for any required consent before using that data in the new way.

Google's own policies and controls also apply to your Google account and the Google permission screen. You can review Google's Google API Services User Data Policy and Google's account/privacy controls for more detail.

Because health and wellness information can be sensitive, we also publish a separate Consumer Health Data Privacy Notice.

How we use information

We use information to:

  • create, secure, and maintain your account;
  • provide habit tracking, task tracking, proof, streaks, progress, public profiles, and sharing features;
  • connect integrations you authorize and keep their sync state accurate;
  • operate AI-assisted features you choose to use;
  • process subscriptions, plan changes, refunds, and billing support through RevenueCat, Apple, and Stripe where applicable;
  • send transactional emails and respond to support requests;
  • prevent fraud, abuse, spam, security incidents, and unauthorized access;
  • debug the Service, measure reliability, and improve product quality;
  • comply with law and enforce our Terms of Service.

We may use aggregated or de-identified information to understand usage patterns and improve the Service, but we do not use aggregated or derived Google Health data for prohibited Google Health purposes.

How we share information

We share personal information only in these situations:

  • Service providers. We use providers for hosting, infrastructure, storage, databases, payments, analytics, observability, email, AI model/infrastructure services, security, fraud prevention, and customer support. Examples include Vercel, RevenueCat, Apple, Stripe, PostHog, Google Analytics, Sentry, Resend, Cloudflare/R2 or Vercel Blob storage where configured, and AI infrastructure/model providers used by the app.
  • AI providers. AI features may send the minimum user-scoped data needed to provide the requested feature. Unless we explicitly tell you otherwise, your content is not used to train third-party models by default. Google Health data is not used for model training.
  • Integrations you connect. When you connect a third-party service, that service may receive requests or actions you authorize. Its terms and privacy policy also apply.
  • Public sharing you choose. If you enable a public profile or make proof/content public, that information may be visible to anyone.
  • Legal, safety, and security. We may disclose information when needed for law, legal process, enforceable government request, our Terms, security investigation, fraud prevention, or protection of rights, property, or safety.
  • Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to this policy and applicable law.

We do not sell personal information. We do not share Google Health data or consumer health data for advertising, data-broker, credit/lending, or medical-decision purposes.

Cookies and analytics

We use cookies and similar technologies for authentication, preferences, security, analytics, and product reliability. You can control cookies through your browser settings, but disabling cookies may break account features.

We use analytics and observability tools to understand public-site usage, product events, errors, and performance. We keep these tools as content-minimized as practical.

Retention and deletion

We keep information for as long as needed to provide the Service, operate features you use, comply with law, resolve disputes, enforce agreements, prevent abuse, and maintain security.

In plain terms:

  • Product records you intentionally keep, such as account, profile, habits, tasks, check-ins, proof, settings, and durable saved records, stay until you delete them, your account is deleted, or a feature policy removes them.
  • Raw connected-source content is generally fetched on demand or cached briefly unless a feature needs a durable local copy.
  • Media and derived media metadata are retained according to the feature and storage scope used for that asset.
  • Logs, telemetry, and audit records are minimized where practical and retained for security, debugging, abuse prevention, and reliability.
  • Payment records may be retained by RevenueCat, Apple, Stripe, and by us as needed for billing, accounting, tax, fraud prevention, and legal compliance.

When you disconnect Google Health, we revoke or remove local tokens where possible and delete imported Google Health observations, summaries, pending sync jobs, proof rules, and completion evidence tied to that Google Health source.

When we complete an account deletion request, we delete or de-identify personal information associated with the account unless we need to keep limited information for legal, tax, accounting, security, fraud prevention, dispute resolution, or backup reasons. Backup copies may take additional time to age out of normal backup cycles.

You can request account deletion at maincharacter.game/account/delete. We try to respond to privacy and deletion requests within 30 days, though verification, legal requirements, or complex requests may take longer.

Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of certain personal information. You may also have rights related to consumer health data.

You can:

  • disconnect connected sources in settings where available;
  • disable public profile visibility;
  • delete or edit content where product controls are available;
  • unsubscribe from marketing emails through the email's unsubscribe link;
  • control cookies through your browser;
  • manage Google permissions through your Google account;
  • request access, correction, deletion, or a copy of information through our contact form.

We may need to verify your identity before fulfilling a privacy request.

Security

We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, alteration, and disclosure. These include encryption in transit, credential and token protections, access controls, and monitoring. No system is perfectly secure, and using the Service involves risk.

Children

The Service is not directed to anyone under 18. We do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has provided personal information, contact us and we will take appropriate steps.

Other services

The Service may link to or integrate with third-party services. Their privacy practices are governed by their own policies. Review those policies before connecting or using third-party services.

Changes to this policy

We may update this policy as the Service changes. If we make material changes, we will provide notice by email, in-product notice, or a prominent site notice where appropriate. If a change materially affects how we use Google user data or health data, we will provide any required notice or consent before using that data in the new way.

Contact

For privacy requests or questions, contact Main Character LLC through our contact form.