invoq
The practiceWhy it worksPricingDownload
Legal · 01

Privacy Policy

Last updated: 23 May 2026

This Privacy Policy describes how invoq (“we”, “us”) collects, uses, shares, and protects your personal data when you use the invoq iOS app and this website (together, the “Service”). It applies to users in the European Union, the United Kingdom, the EEA, Switzerland, California, and globally to the extent local law applies.

If anything here is unclear, write to support@magentic.nl.

1. Who we are

Data controller: Magentic BV, Ruyschstraat 77-2, 1091BX Amsterdam, the Netherlands. KvK registration number: 99971879.

If you are in the EU/EEA and have a complaint we have not resolved, you have the right to lodge it with your national Data Protection Authority.

2. What data we collect, and why

2.1 Account data

  • Apple ID identifier and (optionally) name + email received via Sign in with Apple. Used to create and authenticate your account. Lawful basis: contract performance.
  • Anonymous user identifier if you choose “Begin” without signing in. Used to associate your local session with the server until you sign in.

2.2 Practice data

  • Onboarding answers: goal, scene, identity, obstacle, plan, action pattern, aesthetic preference, voice preference, morning time. Provided by you. Used to generate your daily visualisation script.
  • Commitments / completions you record in the app. Used to feed the next day’s script with context. Lawful basis: contract performance.

2.3 Generated content

  • Daily script (text) generated by Anthropic on our behalf.
  • Daily audio (MP3) generated by ElevenLabs on our behalf, then stored in a private Supabase Storage bucket. Lawful basis: contract performance + explicit consent for AI processing (see §3).

2.4 Subscription data

  • Receipt and entitlement state received from Apple via RevenueCat. We do not see your card number — Apple processes payment. Lawful basis: contract performance, legal obligation (tax).

2.5 Device data

  • Timezone (read locally, never your location).
  • iOS version, device model via Expo when you install the app.
  • Crash logs and diagnostic dataif you opt in via iOS Settings → Privacy & Security → Analytics. Lawful basis: legitimate interest in keeping the app working.

2.6 What we never collect

  • Photos you add as reference images stay on your device. They are never uploaded.
  • Your location.
  • Contacts, calendar, microphone, or any other system data.
  • Identifiers from your Apple ID beyond the one Apple gives us during sign-in.

3. AI processing: what is sent, and to whom

To generate your daily visualisation, we send the following to our AI sub-processors:

Sub-processorPurposeWhat we send
Anthropic, PBC (Claude API)Write a 2-minute daily script tailored to your answersThe non-personal text of your goal, scene, identity, obstacle, plan, action pattern, aesthetic preference, voice preference, and recent commitments. Never your name, email, Apple ID, photos, or device identifiers.
ElevenLabs Inc. (Text-to-speech)Convert the script into spoken audioThe script text (above) and your chosen voice label. Never your name, email, Apple ID, photos, or device identifiers.

This processing happens only after you have explicitly accepted the in-app AI Processing consent screen. You can withdraw consent at any time in Settings → Privacy → AI processing. Withdrawal stops the generation of new sessions; sessions already generated remain available on your device.

Lawful basis: explicit consent (GDPR Art. 6(1)(a) and Art. 9 where applicable).

4. Other sub-processors

Sub-processorPurposeRegion
Apple Inc.Sign in with Apple identity tokens, in-app paymentsUS / EU
Supabase Inc.Authentication, database, audio file storageEU — Ireland (eu-west-1)
RevenueCat Inc.Subscription lifecycle and receipt validationUS
Anthropic, PBCAI script generationUS
ElevenLabs Inc.Text-to-speechUS
Netlify, Inc.Marketing website hostingEU / Global edge
Google LLCGoogle Analytics 4 (consent-gated, IP anonymised)US

We have signed a Data Processing Agreement (DPA) with each sub-processor that requires GDPR-compliant safeguards. International transfers rely on the EU Standard Contractual Clauses (SCCs).

5. How long we keep your data

  • Account, onboarding, goals: until you delete your account.
  • Daily sessions (text + audio): until you delete your account.
  • Subscription receipts: retained 7 years after expiration for tax compliance.
  • Backups: rolling 30-day window. A deleted account is removed from backups within 30 days.

6. Your rights

You have the right to:

  • Access a copy of your data — via Settings → Privacy → Download my data, or by writing to the address above.
  • Rectification — edit your onboarding answers in Settings.
  • Erasure — via Settings → Account → Delete account.
  • Portability — your export is a standard JSON file.
  • Restriction or objection — write to us at the address above.
  • Withdraw consent at any time — via Settings → Privacy → AI processing.
  • Lodge a complaint with your national Data Protection Authority.

We respond to requests within 30 days.

7. Children

invoq is not directed to children under 13 (or under 16 in the EU). If we learn we have collected data from a child, we will delete it immediately.

8. Security

Audio files are stored in a private bucket with row-level security. Auth tokens are stored in iOS Keychain via expo-secure-store. All network traffic uses TLS.

9. Changes to this policy

We will update the Last updated date above when the policy changes. Material changes will be surfaced in-app the next time you open it.

10. Contact

support@magentic.nl
Magentic BV
Ruyschstraat 77-2
1091BX Amsterdam
The Netherlands

PrivacyTermsCookiesImprint← Back to invoq
© 2026 invoq · Magentic BV · Amsterdam
PrivacyTermsCookiesImprintsupport@magentic.nl