Privacy Policy

Last updated: May 12, 2026

Introduction

This Privacy Policy explains how Diverge ("Diverge," "we," "our," or "us") collects, uses, shares, and protects your personal information when you use our mobile application and website (together, the "Service").

Diverge is a productivity app designed for neurodivergent users — including people with ADHD, autism, and other cognitive differences. Because some of what you tell us and store with us may relate to mental health or cognitive function, we treat your information with care.

We are based in Australia. By using the Service, you understand your information will be processed as described below. If you do not agree with this Policy, please do not use the Service.

Information We Collect

Account Information

When you create an account, we collect:

  • Your name
  • Email address
  • Authentication credentials (or, if you sign in with Apple or Google, the identifier and email those providers return to us)
  • Profile photo and other profile details you choose to add

Onboarding and Profile Data

During onboarding and in Settings, you may share:

  • Your neurodivergence type(s) (e.g., ADHD, autism)
  • Productivity challenges you face
  • Notification and feature preferences

This information may relate to your mental health or cognitive function. We treat it as sensitive information under the Australian Privacy Principles and as special category data under the EU/UK GDPR, and only process it with your explicit consent and for the purpose of personalising the Service.

Productivity Content

When you use Diverge, we store the content you create:

  • Tasks, subtasks, and to-do items
  • Brain-dump notes
  • Energy-level assignments
  • Schedules, recurring task templates, and other planning data
  • Feature suggestions and votes

You may include personal or health-related information in this content at your discretion. It is stored under your account and is not visible to other users.

Voice Data (Brain Dump)

The Brain Dump feature lets you capture tasks by voice. When you record:

  • Audio is processed to produce a text transcript
  • The transcript is saved as productivity content under your account
  • We do not retain the original audio after transcription

Microphone access is requested only when you use this feature and can be revoked in your device settings at any time.

Device, Usage, and Diagnostic Data

We automatically collect:

  • Device type, model, operating system version, language, and time zone
  • App version, installation identifier, and crash/error logs
  • IP address (collected by our backend and analytics providers)
  • Aggregated events about which features you use (e.g., "task created," "focus session completed")
  • For our website: browser type, pages viewed, time on page, and referrer

On iOS, we use Apple's App Tracking Transparency framework. We will ask your permission before any third-party SDK uses your device's advertising identifier for cross-app tracking. You may decline, and you can change this choice in your iOS settings at any time.

Subscription and Purchase Data

Subscriptions on iOS are handled by Apple's App Store, with our subscription manager RevenueCat acting on our behalf. We do not see or store your full payment card details. We do receive:

  • Anonymised transaction identifiers
  • Subscription status (active, trial, cancelled, etc.)
  • The plan you are on

How We Use Your Information

We use your information to:

  • Provide the Service — host your tasks, sync between devices, send notifications you've opted into, and run the features you use
  • Personalise your experience — use onboarding answers and usage patterns to tailor the Service
  • Communicate with you — send transactional emails (sign-in, password reset, billing receipts), respond to support, and (only with your consent) send product news
  • Improve the Service — analyse usage to fix bugs, plan features, and improve performance
  • Detect fraud and abuse — protect the Service and our users
  • Comply with legal obligations — meet our obligations under Australian, EU, US, and other applicable laws

Legal bases under the EU/UK GDPR

We rely on:

  • Performance of a contract — to provide the Service you signed up for
  • Legitimate interests — to improve the Service, prevent fraud, and run our business (balanced against your rights)
  • Consent — for marketing communications, processing of sensitive (health-related) data, and ATT-based tracking
  • Legal obligation — where we are required by law

You can withdraw consent at any time in the app or by contacting us.

How We Share Your Information

We share your information only with the following categories of recipients.

Service Providers

We use these providers to operate the Service. Each is bound by contract to use your data only as we instruct.

ProviderPurposeLocation
SupabaseBackend hosting, database, authenticationUnited States
Apple App Store / RevenueCatSubscription billing and entitlement managementUnited States
OneSignalPush notificationsUnited States
Firebase (Google)Crash reporting, analytics, remote configurationUnited States
Meta (Facebook SDK)App install attribution and deferred deep links (only with ATT consent)United States
Google Sign-InAuthentication (only if you choose Google)United States
Apple Sign-InAuthentication (only if you choose Apple)United States

Other Recipients

  • Business transfers — if Diverge is involved in a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to this Policy
  • Legal and safety — we may disclose information if we believe in good faith it is required by law, court order, or to protect rights, property, or safety

We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising as defined under California law.

International Data Transfers

Diverge is operated from Australia. Some of our service providers are based in the United States or other regions. When your data is transferred outside your home country we use safeguards such as the European Commission's Standard Contractual Clauses (where applicable) and contractual data-protection commitments with each provider.

Data Retention

We keep your information for as long as your account is active. If you delete your account:

  • Account, productivity content, and profile data are deleted within 30 days
  • Anonymous, aggregated usage data may be retained for analytics
  • Some data may be retained longer where required by law (e.g., billing records for tax purposes)

You can request deletion at any time — see "Your Rights" below.

Your Rights

Australia (Australian Privacy Principles)

You have the right to access and correct the personal information we hold about you, and to complain about how we handle your data. Contact us at hello@getdiverge.com. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (oaic.gov.au).

EU / UK (GDPR / UK GDPR)

You have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability (receive your data in a structured, machine-readable format)
  • Withdraw consent
  • Lodge a complaint with your local data protection authority

California (CCPA / CPRA)

California residents have the right to:

  • Know what personal information we collect, use, disclose, and share
  • Access and delete your personal information
  • Correct inaccurate personal information
  • Limit our use and disclosure of sensitive personal information
  • Opt out of sale or sharing of personal information (we do not sell or share for cross-context behavioural advertising)
  • Non-discrimination for exercising your rights

To exercise your rights, email hello@getdiverge.com. We will respond within the timeframe required by applicable law.

Children's Privacy

The Service is not directed at children. You must be at least 13 years old to use Diverge, or older if your jurisdiction requires a higher age of digital consent (for example, 16 in some EU member states). We do not knowingly collect personal information from children under that age. If you believe a child has provided us information, contact us and we will delete it.

Security

We use industry-standard security measures (encryption in transit, access controls, isolated tenant data) to protect your information. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you and the relevant authorities where required by law.

Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated through the app or by email at least 30 days before they take effect, where practicable, and we will update the "Last updated" date above. Continuing to use the Service after an update means you accept the revised Policy.

Contact Us

Diverge (Australia)

Email: hello@getdiverge.com

For privacy questions, exercising your rights, or making a complaint, contact us at the email above. We aim to respond within 30 days.