Back to Home

Privacy Policy

Last updated: April 19, 2026

This Privacy Policy describes how Rebuild ("we," "us," or "our") collects, stores, uses, and shares information when you use the Rebuild mobile application ("App") and https://getrebuild.app ("Website"). Rebuild is an alcohol-recovery support tool. By using the App you agree to this policy.

1. Your account

Rebuild requires an account so your recovery data can sync across your devices. When you register — through email, Apple, or Google sign-in — we collect:

  • A name or display name (if you choose to provide one)
  • An email address (used as your login and for password reset)
  • An avatar image (optional)
  • A timezone (derived from your device) to time reminders correctly

You can delete your account at any time from the Profile screen. Account deletion is permanent and removes all associated data from our servers within 30 days.

2. Recovery data we sync

To let you restore your journey on a new device, we sync the following recovery data to our servers, stored encrypted at rest:

  • Drink sessions you log (count, drink type, time, optional notes)
  • Sober days and streaks
  • Recovery milestones unlocked
  • Daily commitments ("morning pledge")
  • Evening check-ins ("stayed strong" / "had a drink")
  • Your settings (goal, baseline drinking pattern, your "why", savings targets, notification preferences)

This data is used solely to power the App's features for you. We do not sell it, use it for advertising, or share it with third parties except as strictly required for the App to function (see sections 4 and 5).

3. Buddy features and data you share

Rebuild lets you pair with one recovery buddy. When you are paired, the following data becomes visible to your buddy for accountability:

  • Your sober-day count and current milestone
  • Whether you completed your morning pledge and evening check-in today
  • Timeline of activity (milestones reached, pledges kept, SOS events)
  • Reactions, comments, and reflections you explicitly send them
  • Messages you send through the SOS / craving support channel, including any context tags or text you type

Your buddy does not see the specific drinks you log, your body weight or biological sex, your savings data, or any notes you mark private.

SOS messages are delivered in near-real time to your buddy via push notification and WebSocket. They are visible only to the two of you and to us (to operate the service, detect abuse, and comply with law). They are retained for 6 months and then permanently deleted.

Weekly reflections use a "blind reveal" — neither of you sees the other's answer until both have submitted. Once revealed, both reflections become visible to each other and remain in your shared history.

You can unpair at any time from the buddy screen. When you unpair, each partner retains a copy of their own messages; shared data (reactions, comments, reflections, timeline entries) is archived but no longer visible in the App.

4. Infrastructure and service providers

We use the following third parties strictly to operate the App. Each is contractually required to keep your data confidential and use it only for our service:

  • Cloud hosting — servers running the Rebuild backend (Laravel + PostgreSQL + Redis + Reverb) to store your synced data and deliver realtime events.
  • Firebase Cloud Messaging (Google) — to deliver push notifications. The notification payload may contain a short title/body and a type identifier (e.g. "your buddy needs you"), but never your full recovery data.
  • Firebase Analytics + Crashlytics (Google) — anonymous usage analytics and crash reports. We do not send recovery content to analytics. Opt-out is available in Settings.
  • RevenueCat — to manage your Rebuild Pro subscription. RevenueCat receives your user id and your purchase history, not your recovery data. Payment processing is handled entirely by Apple or Google.
  • Apple Sign In / Google Sign In — if you choose these login methods.

5. Health data — special protection

The recovery data you log (drinks, cravings, sober days, milestones, SOS events) is sensitive health-related data. We treat it with the highest care:

  • It is never sold, rented, or traded.
  • It is never used for advertising or marketing beyond the App itself.
  • It is never shared with insurers, employers, or third-party data brokers.
  • Access inside our team is limited to the engineers who need it to operate and support the service, and is logged.
  • It is encrypted in transit (TLS 1.2+) and at rest (AES-256).

6. Notifications

Rebuild sends two kinds of notifications:

  • Local — scheduled reminders created on your device (evening check-in, milestone proximity). These never leave the device.
  • Push — delivered via Firebase Cloud Messaging for events that originate server-side (your buddy sent a reaction, a milestone was crossed, a buddy SOS). You can disable all notifications from system settings, or turn off specific categories inside the App.

7. Analytics opt-out

You can disable anonymous analytics and crash reporting at any time from Settings → Privacy. The App will continue to function normally.

8. Your rights

Depending on your jurisdiction (EU, UK, California, and others), you may have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion
  • Export your data in a portable format
  • Object to certain processing
  • Withdraw consent for optional processing (such as analytics)

To exercise any of these rights, email hello@musthaveappscorp.com. We will respond within 30 days.

9. Data retention

We retain your account and recovery data for as long as your account is active. SOS messages are retained for 6 months. If you delete your account, we remove your data from active systems within 30 days; encrypted backups are purged within 90 days. Anonymous analytics events are retained according to Firebase's default retention (up to 14 months).

10. Data location

Our servers are operated in the United States and the European Union. By using the App, you consent to your data being transferred to and processed in these regions. We use standard contractual safeguards for international transfers where required.

11. Children's privacy

Rebuild is not intended for anyone under 18. We do not knowingly collect data from children. If we learn that we have collected data from someone under 18, we will delete it.

12. Security

We use industry-standard encryption (TLS 1.2+) in transit and AES-256 at rest, JWT-based session tokens, and access controls over our internal systems. No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a breach that affects you, we will notify you without undue delay and as required by law.

13. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced inside the App and by email. The revision date at the top reflects the current version.

14. Contact

Questions, data requests, and privacy concerns: hello@musthaveappscorp.com.