Maani

Maani Privacy Policy

Effective Date: May 18, 2026

This Privacy Policy explains how onEins LLC, 3833 Powerline Rd, Suite 101-K, Fort Lauderdale, Florida 33309, United States ("onEins," "we," "us," or "our") collects, uses, discloses, retains, and protects information when you use the Maani iOS application, Maani Pro subscriptions, live card preview pages, and related services (together, the "Service").

Contact: info@oneins.studio, +1 754-222-4516, or the postal address above.

1. Summary

Maani is designed as a local-first app. Most manifestation cards, profile details, selected images, fulfilled-card status, ritual settings, and Screen Time selections are stored on your device by default.

Some features require data to leave your device:

  • Daily affirmations: card details, optional card image, recent affirmation history for the card, and selected profile context are sent to our backend and then to OpenAI to generate an affirmation.
  • Subscriptions: Apple StoreKit transaction information is sent to our backend to verify Maani Pro access.
  • Temporary live preview sharing: card title, caption, and front/back card images are uploaded to our backend so recipients can view the shared card in a browser.
  • Optional iCloud backup: selected app data is stored in your private iCloud database through Apple's CloudKit service.
  • Notifications, paywalls, attribution, and analytics: limited identifiers, device/app information, subscription status, and coarse lifecycle tags may be processed by OneSignal, Superwall, AppsFlyer, Apple, and our backend.

We do not require an onEins account to use Maani. We do not sell your manifestation card content. We do not use card content to train our own AI models.

2. Scope

This Policy applies to Maani and related backend and web preview services. It does not apply to third-party services that have their own privacy practices, including Apple, iCloud, App Store, OpenAI, Cloudflare, OneSignal, AppsFlyer, Superwall, or services you choose when sharing content through the iOS share sheet.

3. Information Stored Locally on Your Device

Maani may store the following information locally on your device:

  • Profile information you enter, such as name, age, gender, sexuality, self-description, dream-life description, vision tags, pain tags, profile image, ritual settings, ritual streak, and last ritual date.
  • Manifestation card information, such as card title, caption, images, fulfilled status, creation date, and local image filenames.
  • Daily affirmation cache and fallback/error state.
  • Ritual preferences, including background music preferences and hold duration.
  • Screen Time or Family Controls selections, lock times, and ritual completion state used to lock or unlock selected apps, app categories, or web domains.
  • Anonymous installation ID stored in the iOS Keychain.
  • Onboarding completion state and app settings.
  • Motion values used for card visual effects while the app is active.

Local data remains on your device until you delete it in the app where available, delete the app, reset your device, or remove it through iOS storage, backup, or device-management controls. iOS system backups may separately back up app data depending on your Apple settings.

4. Optional iCloud Backup

Maani includes an optional in-app iCloud backup and restore feature using Apple's CloudKit private database. When you use this feature, selected Maani data may be stored in your private iCloud database, including profile backup records, profile image, manifestation cards, card images, fulfilled status, card creation dates, lock times, backup date, app version, and backup size metadata.

iCloud backup data is associated with your Apple Account and managed by Apple. It may count against your iCloud storage. Apple controls iCloud infrastructure, security, account access, deletion, and availability. You can manage iCloud through Apple settings and Apple's privacy tools.

Maani's own backend does not receive your iCloud backup records.

5. Information We Collect Through Our Backend

Our backend is hosted on Cloudflare Workers, Cloudflare D1, and Cloudflare R2. Depending on the feature you use, our backend may process:

  • Anonymous installation ID.
  • App Attest challenges, App Attest key identifiers, public keys, sign counts, attestation/assertion data, request method/path/body hash, and related security metadata.
  • StoreKit transaction JWS data, Apple original transaction ID, app account token, product ID, subscription status, expiration date, Apple notification UUID, notification type/subtype, signed date, and related entitlement metadata.
  • Card ID, card title, card caption, optional card image, selected profile context used for affirmation generation, recent affirmation history sent for non-repetition, time zone, local date, generated daily affirmation text, OpenAI response ID, cache expiration, and usage-quota records.
  • Shared card title, caption, public slug, front image, back image, image object keys, creation date, and expiration date for temporary live preview links.
  • AppsFlyer attribution data synced from the app, including AppsFlyer ID, IDFV, App Tracking Transparency status, OS version, app version, purchase event metadata, product ID, transaction IDs, currency/revenue information received from Apple notifications, and delivery status for AppsFlyer server-to-server events.
  • Operational logs, error logs, timestamps, IP address and network metadata that may be processed by Cloudflare or our infrastructure to deliver, secure, monitor, and debug the Service.

We do not receive your full card library, Screen Time app selections, iCloud backup records, or local photos unless a specific feature sends limited data as described in this Policy. Daily affirmations may send selected profile context as described below.

6. Daily Affirmations and OpenAI

When you request or view a daily affirmation for a card, Maani sends limited generation context to our backend, currently the card title and caption, optional card image, recent affirmation history for that card, selected profile context, card ID, local date, time zone, anonymous installation ID, and subscription verification data.

Selected profile context may include your name, age, gender, sexuality, self-description, dream-life description, vision tags, pain tags, and commitment level when available. Our backend sends this context, the card details, optional card image, and recent affirmation history to OpenAI through the OpenAI API to generate one short affirmation. The request is configured with response storage disabled (store: false). We store the generated affirmation, response ID if provided, local date, and expiration metadata so the app can show the same daily affirmation without regenerating it repeatedly.

Do not include sensitive information in card titles, captions, images, or profile fields unless you are comfortable with that information being processed by our backend and OpenAI for affirmation generation.

7. Shared Cards and Live Preview Links

If you create a live preview link, Maani uploads the card title, caption, and front/back JPEG images to our backend. We generate a public slug and a browser-accessible card page. Anyone with the link may view the shared card until the link expires or is disabled.

Live preview links are intended to expire after 7 days. Shared card images are stored in Cloudflare R2 and are configured to be removed after approximately 8 days. Minimal database records for shared links, such as slug, title, caption, image keys, created date, and expiration date, may remain longer for operational, abuse-prevention, legal, or debugging purposes unless deletion is required or requested.

If you share a card as an image, text, or link through the iOS share sheet, the receiving app, website, or person handles that shared content under their own terms and privacy policy.

8. Subscriptions and Apple

Maani Pro purchases are processed by Apple through in-app purchase. We do not receive your payment card number or full Apple Account billing details.

To verify Pro access, the app sends StoreKit transaction JWS data and an anonymous installation ID to our backend. Our backend verifies subscription status with Apple and stores entitlement records such as product ID, original transaction ID, status, expiration, and update timestamps. Apple may also send App Store Server Notifications to our backend so we can update subscription status.

Apple's own privacy policy and App Store terms apply to Apple-billed purchases and subscription management.

9. Notifications and OneSignal

Maani uses OneSignal to support push notifications and notification-related app messaging. When OneSignal is configured, the app identifies the installation with the anonymous installation ID and may process a push subscription ID, push token, notification permission status, device/app information, and notification interaction information.

Maani sends limited lifecycle tags to OneSignal, such as subscription status, whether onboarding is complete, card count bucket, whether lock setup is complete, Screen Time authorization status, and ritual streak bucket. We do not intentionally send card titles, card captions, profile sexuality, profile images, or full Screen Time selections to OneSignal.

You can control notification permissions in iOS Settings. Disabling notifications stops push delivery, but some service or installation records may remain with OneSignal unless deleted.

10. Attribution, Tracking, and AppsFlyer

Maani uses AppsFlyer for advertising attribution, marketing measurement, fraud prevention, and purchase event measurement. The app may send AppsFlyer ID, IDFV, App Tracking Transparency status, OS version, app version, and anonymous installation ID to our backend. AppsFlyer may also collect technical identifiers and app/device event information through its SDK.

If you allow tracking through Apple's App Tracking Transparency prompt, AppsFlyer and Maani may process the IDFA for attribution. If you deny tracking, we do not intentionally access the IDFA, but limited attribution and measurement data that does not use IDFA may still be processed where permitted.

Our backend may send purchase event metadata to AppsFlyer server-to-server, including anonymous installation ID, AppsFlyer ID, transaction/product metadata, event time, currency, and revenue amount from Apple subscription notifications.

You can change tracking permission in iOS Settings. AppsFlyer also provides opt-out mechanisms through its own privacy resources.

11. Paywalls and Superwall

Maani uses Superwall to present and manage paywalls. The app identifies the installation to Superwall using the anonymous installation ID and may send paywall placement information, such as whether the paywall was shown from onboarding, profile, or settings. Superwall may process paywall interactions, device/app information, and subscription-related events as needed to provide its service.

We do not intentionally send card content, profile images, or full local profile details to Superwall.

12. Device Permissions and Apple Features

Maani may use Apple permissioned features:

  • Photos picker: lets you select specific images for profile or cards. Maani receives only the images you choose through the picker.
  • Notifications: lets Maani and OneSignal send reminders or app messages if permitted.
  • App Tracking Transparency: asks whether you allow tracking for advertising measurement.
  • Screen Time/Family Controls: lets you select apps, categories, or web domains to shield during lock routines. The detailed selection is stored locally and used through Apple's frameworks.
  • iCloud/CloudKit: supports optional backup and restore.
  • Device motion: used locally for visual card effects while the app is active; motion readings are not intentionally stored or sent to our backend.
  • StoreKit: supports in-app purchases, subscription status, and restore purchases.

You can manage many permissions in iOS Settings.

13. How We Use Information

We use information to:

  • Provide and operate Maani and Maani Pro.
  • Store and display local cards, profile settings, rituals, and fulfilled cards.
  • Generate and cache daily affirmations.
  • Verify subscriptions and prevent unauthorized Pro access.
  • Create and serve temporary shared card previews.
  • Provide iCloud backup and restore through Apple's CloudKit service.
  • Send notifications and app messages.
  • Measure advertising performance, subscription events, and paywall performance.
  • Maintain security, prevent fraud and abuse, enforce rate limits, verify App Attest, and protect backend endpoints.
  • Debug, monitor, analyze, and improve the Service.
  • Respond to support, privacy, legal, and compliance requests.
  • Comply with law, enforce our Terms, and protect rights, safety, and property.

14. How We Disclose Information

We may disclose information to:

  • Apple, for App Store distribution, StoreKit purchases, subscriptions, App Store Server Notifications, iCloud/CloudKit, App Attest, notifications, and device permissions.
  • Cloudflare, for backend hosting, database, object storage, rate limiting, security, and web delivery.
  • OpenAI, for daily affirmation generation based on limited card context and selected profile context.
  • OneSignal, for notifications and lifecycle tags.
  • AppsFlyer, for attribution, marketing measurement, fraud prevention, and purchase event measurement.
  • Superwall, for paywall presentation and subscription-related paywall events.
  • Service providers, contractors, and professional advisors who support our operations under appropriate confidentiality or data protection obligations.
  • Authorities or third parties when required by law, legal process, platform rules, or to protect rights, safety, and security.
  • Another entity in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar business transaction.
  • Recipients or the public, when you choose to share content through a live preview link, image, text, or another sharing method.

15. International Transfers

onEins is based in the United States. Our service providers may process information in the United States and other countries. If you access Maani from outside the United States, your information may be transferred to countries that may not provide the same level of data protection as your home jurisdiction. Where required, we rely on appropriate transfer mechanisms such as contractual safeguards, provider data processing terms, or other lawful bases.

16. Retention

We retain information for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Typical retention practices include:

  • Local app data: retained on your device until you delete it, delete the app, reset the device, or change iOS backup/storage settings.
  • iCloud backup data: retained in your private iCloud database until deleted through Maani's restore/backup behavior where available, Apple settings, iCloud account controls, or Apple privacy tools.
  • Daily affirmation records: intended as short-lived daily cache records with expiration metadata; expired records may remain in operational databases or backups until cleanup, legal retention, or deletion processes apply.
  • Shared live preview links: intended to be viewable for 7 days; shared images are configured for deletion after approximately 8 days; minimal link metadata may be retained longer for operations, security, abuse prevention, legal compliance, or debugging.
  • Subscription and purchase records: retained as needed to verify access, process App Store Server Notifications, reconcile purchases, prevent fraud, handle support, comply with tax/accounting/legal obligations, and enforce our Terms.
  • App Attest, challenge, security, and operational records: retained as needed for security, fraud prevention, abuse prevention, debugging, and legal compliance.
  • Attribution and AppsFlyer event records: retained as needed for marketing measurement, fraud prevention, billing/reconciliation, legal compliance, and provider requirements.
  • OneSignal, AppsFlyer, Superwall, Apple, OpenAI, and Cloudflare records: retained according to those providers' policies and our configuration with them.

17. Your Choices

You can:

  • Delete or edit cards and profile content in Maani where the app provides controls.
  • Delete Maani from your device to remove local app data from that device, subject to iOS backups and iCloud behavior.
  • Manage iCloud and device backup settings in iOS Settings.
  • Manage or cancel Maani Pro through your Apple Account subscription settings.
  • Restore purchases through Apple where available in the app.
  • Disable notifications in iOS Settings.
  • Deny or change App Tracking Transparency permission in iOS Settings.
  • Use Apple's privacy tools for Apple Account and iCloud data.
  • Contact us to request access, correction, deletion, or other rights for information we control.

Deleting the app does not cancel an Apple-billed subscription and does not necessarily delete data already shared with recipients, third-party apps, Apple, iCloud backups, or temporary public links.

18. Privacy Rights

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or appeal of a privacy decision. You may also have the right to lodge a complaint with a data protection authority.

To exercise rights for information controlled by onEins, contact us using the contact details in this Policy. We may need to verify your request before responding. Because Maani does not use an onEins account, we may only be able to locate backend records if you provide information such as your anonymous installation ID, shared link slug, relevant Apple transaction information, or other details sufficient to identify the record.

For information controlled by Apple, OpenAI, Cloudflare, OneSignal, AppsFlyer, Superwall, or another third party, you may also need to contact that provider directly.

19. California and U.S. State Privacy Notice

This section describes categories of personal information that may be collected or disclosed, depending on how you use Maani:

  • Identifiers: anonymous installation ID, AppsFlyer ID, IDFV, IDFA if you allow tracking, push subscription ID, Apple transaction identifiers, IP address, App Attest key ID.
  • Commercial information: subscription product ID, purchase status, renewal/expiration status, transaction metadata, purchase event data.
  • Internet or electronic network activity: app events, attribution events, backend requests, shared-link views, notification interactions, paywall interactions.
  • User content: card titles, captions, selected card images, shared card previews, generated affirmations, profile image, optional profile fields stored locally or in iCloud.
  • Sensitive personal information: optional profile fields such as gender, sexuality, self-description, dream-life description, vision tags, pain tags, and any sensitive content you choose to enter. These fields are primarily local-first and are not intentionally sent to our backend unless included in content you submit to a networked feature.
  • Inferences or preferences: coarse lifecycle tags, ritual streak bucket, card count bucket, subscription status, onboarding status, lock setup status.
  • Device and diagnostics data: OS version, app version, device identifiers, technical logs, error data, motion values used locally for visual effects.

We use these categories for the purposes described in this Policy. We disclose categories of information to the providers and recipients described in this Policy.

We do not sell your manifestation card content. We may "share" identifiers and event data with AppsFlyer for advertising attribution or cross-context advertising measurement as those terms may be defined under some U.S. state privacy laws. You can opt out of tracking by denying or disabling App Tracking Transparency permission in iOS Settings and by using available AppsFlyer opt-out tools.

We do not knowingly collect personal information from children under 13. We do not use sensitive personal information to infer characteristics for purposes other than providing and operating Maani, unless you direct us by using a feature.

20. GDPR, UK GDPR, and EEA/UK Notice

If you are in the EEA, UK, or a similar jurisdiction, our legal bases may include:

  • Contract: to provide Maani, Maani Pro, subscriptions, restore purchases, shared links, and requested features.
  • Consent: for permissions or processing where consent is required, such as App Tracking Transparency, notifications, or certain marketing/analytics activities depending on jurisdiction.
  • Legitimate interests: to secure the Service, prevent fraud, verify subscriptions, debug, improve reliability, measure non-sensitive app performance, handle support, and protect rights and safety.
  • Legal obligation: to comply with tax, accounting, consumer protection, privacy, platform, and legal requirements.
  • Vital interests/public interest: in rare cases where necessary to protect safety or comply with urgent legal obligations.

You may have rights to access, correct, delete, restrict, object, port your data, withdraw consent, and complain to a supervisory authority. Contact us to exercise rights for data we control.

21. Children's Privacy

Maani is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through Maani, contact us and we will take appropriate steps to delete information we control.

Users under the age of majority must use Maani only with permission and supervision from a parent or legal guardian.

22. Security

We use administrative, technical, and organizational measures designed to protect information, including Apple's platform security, iOS Keychain for the anonymous installation ID, App Attest for backend request protection, HTTPS, access controls, provider security features, and limited backend processing.

No method of transmission or storage is completely secure. You are responsible for protecting your device, Apple Account, passcode, iCloud account, shared links, and any content you choose to share.

23. Third-Party Privacy Resources

The following third-party privacy resources may be relevant:

  • Apple Privacy Policy: https://www.apple.com/legal/privacy/
  • Apple iCloud Terms: https://www.apple.com/legal/internet-services/icloud/
  • Apple subscription management help: https://support.apple.com/en-us/118428
  • Cloudflare Privacy Policy: https://www.cloudflare.com/policies/privacy/
  • OpenAI API Data Controls: https://developers.openai.com/api/docs/guides/your-data
  • OneSignal privacy and personal data documentation: https://documentation.onesignal.com/docs/handling-personal-data
  • AppsFlyer Services Privacy Policy: https://www.appsflyer.com/legal/services-privacy-policy/
  • AppsFlyer opt-out: https://www.appsflyer.com/legal/opt-out/
  • Superwall Privacy Policy: https://superwall.com/legal/privacy-policy.html

Third-party links may change. Each provider is responsible for its own privacy practices.

24. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the app, App Store listing, website, or other reasonable means. The updated Policy will be effective when posted or when otherwise stated. Your continued use of Maani after the effective date means you acknowledge the updated Policy.

25. Contact

onEins LLC
3833 Powerline Rd, Suite 101-K
Fort Lauderdale, Florida 33309
United States

Email: info@oneins.studio
Phone: +1 754-222-4516
Website: https://www.oneins.studio