Behold | Privacy Policy

Last Updated: 11 May 2026

This update (11 May 2026) introduces magic link (passwordless email) sign-in for customers who subscribe through our website before installing the iOS app. It adds disclosures about authentication data and our authentication provider, Google Firebase Authentication.

Introduction

Thank you for using Behold. At Behold, we believe in the power of technology for human progress, productivity, and wellbeing. We also believe in clear and unambiguous rules when it comes to privacy.

Our guiding principles are simple:

  • Your app data stays on your device: Your practices, boundaries, schedules, and app selections are stored locally on your device, not on our servers.
  • Minimal account data: For customers who subscribe through our website, we create a lightweight account tied only to your email address so we can authenticate you on the iOS app via a magic link. We do not store names, profile information, or any other personal identifiers.
  • Minimal data by design: We collect only what is strictly necessary to authenticate web-acquired customers, provide subscriptions, and respond to support requests.
  • No tracking: We do not track you across apps or websites and do not use advertising identifiers.
  • No selling of data: We will never sell personal data to third parties.
  • You are the customer: Behold is funded by subscriptions, not advertising.

Data Controller

Next Wave Apps is the data controller responsible for your personal data.

  • Company: Next Wave Apps
  • Address: Mathenesserdijk 397B, 3026GE, Rotterdam, The Netherlands
  • KVK Number: 98243691
  • Contact Email: [email protected]
  • Founder: Ralph Hermeling

How Behold Stores Your Data

On-Device Data Storage

All data created while using the Behold app is stored locally on your device, including:

  • Practices and boundaries
  • Schedules and preferences
  • App selections for focus and restrictions
  • App state and configuration

This data is:

  • Not transmitted to Next Wave Apps servers
  • Not backed up to our infrastructure
  • Fully controlled by you through your device

If you delete the app, this data is removed unless restored via your device's own backup mechanisms (e.g. iCloud device backup, managed entirely by Apple).

Account Data Storage

Account data (email address and authentication identifiers) is stored by our authentication provider, Google Firebase Authentication, on Google infrastructure. See Accounts and Authentication below.

Screen Time / FamilyControls Data

Behold uses Apple's FamilyControls, ManagedSettings, and DeviceActivity APIs to enable focus and presence features.

We process only:

  • App bundle identifiers you explicitly select to restrict
  • Boundary and practice schedules
  • App categories selected by you

Important clarifications:

  • We do not collect app usage durations
  • We do not monitor activity in other apps
  • We do not transmit Screen Time data off your device

All Screen Time–related processing happens entirely on-device, using Apple-provided APIs.

Accounts and Authentication

When an account is created

An account is created for you if you start a subscription or trial through our website (beholdhq.com) before installing the iOS app. The account allows you to sign into the iOS app and access the subscription you purchased on the web.

Customers who download Behold directly from the App Store and subscribe through Apple in-app purchase do not have an account with us. No login is required for this path.

Data collected for authentication

For accounts, we process:

  • Your email address (provided during web checkout)
  • A unique user identifier generated by our authentication provider
  • Authentication timestamps and session tokens required to keep you signed in

How magic link login works

When you request to sign in, we send a one-time login link to your email address. Tapping the link in the iOS app verifies your identity and creates an authenticated session on your device. We do not store passwords because there are none.

Authentication provider

We use Google Firebase Authentication (Google Ireland Limited / Google LLC) to manage accounts and send magic links. Firebase processes your email address, user identifier, and authentication events on Google infrastructure. Firebase Authentication data may be stored on Google servers located in the United States.

Google acts as a data processor on our behalf under a Data Processing Agreement, and international data transfers are covered by Standard Contractual Clauses and the EU–U.S. Data Privacy Framework.

More information about Firebase privacy practices: https://firebase.google.com/support/privacy

Subscription & Payment Data

Behold offers optional paid subscriptions.

Apple App Store

  • Apple processes all in-app purchases
  • Behold never receives credit card or payment details
  • Apple provides subscription status to the app

Superwall

  • Superwall is used to manage paywalls and subscription logic
  • Superwall may process limited subscription-related data (e.g. product identifiers, paywall impressions, conversion events)
  • This data is processed according to Superwall's own privacy policy

Behold does not store payment card data on its own servers.

Data We Collect Directly

Behold collects the following personal data directly:

  • Email address — used to (a) authenticate web-acquired customers via magic link login, and (b) respond to your inquiry if you contact us for support.
  • Authentication identifiers and session data — generated when you use magic link login (see Accounts and Authentication above).

We do not collect names, phone numbers, billing details, profile photos, or any other personal identifiers. We do not offer Sign in with Apple, Google, or other social logins.

What We Do NOT Collect

Aside from the email address and authentication data described above, Behold does not collect:

  • Advertising identifiers (IDFA)
  • Location data (GPS)
  • Contacts, photos, or media
  • Health or fitness data
  • Browsing history
  • Cross-app usage data
  • Analytics or attribution data
  • Social login data (Apple ID, Google, etc.)
  • Sensitive personal data (religion, political views, etc.)

How We Use Your Data

We use data only to:

  1. Operate core app functionality
  2. Enable Screen Time–based focus features
  3. Authenticate web-acquired customers via magic link login
  4. Process subscriptions via Apple and Superwall
  5. Respond to user support requests
  6. Send optional notifications (practice reminders, service messages)

Third-Party Services

Behold integrates only with the following third parties:

Authentication

  • Google Firebase Authentication (Google Ireland Limited / Google LLC) — processes email addresses and authentication events to enable magic link sign-in. Acts as a data processor on our behalf.

Subscriptions & Paywalls

  • Superwall — paywall and subscription management

Apple Frameworks

  • StoreKit
  • FamilyControls
  • ManagedSettings
  • DeviceActivity
  • Push Notifications

Website Hosting

  • Cloudflare — hosting for our public website only (no app or user account data is stored on Cloudflare)

We confirm that any third party with whom Behold shares user data — including those listed above — is contractually required to provide protection of user data equivalent to that described in this policy.

Cookies and Website Data

Our website (www.usebehold.com) uses only essential cookies required for basic functionality. We do not use advertising or tracking cookies.

Legal Basis for Processing (GDPR)

Under GDPR, we process personal data based on:

  • Contractual necessity: To provide subscriptions, authenticate web-acquired customers, and deliver app functionality
  • Legal obligation: To comply with tax and accounting requirements
  • Legitimate interests: To maintain app security and respond to support requests

International Data Transfers

Authentication data processed by Google Firebase Authentication may be transferred to and stored on servers in the United States. These transfers are protected by Standard Contractual Clauses and Google's certification under the EU–U.S. Data Privacy Framework, as set out in the Google Cloud Data Processing and Security Terms.

Data Retention

  • On-device app data remains under your control and is removed when you delete the app (unless restored from your device's backup).
  • Account data (email address, user identifier, authentication tokens) is retained for as long as your account is active. You may request deletion at any time by emailing [email protected]; on deletion we remove your record from Firebase Authentication.
  • Support emails are retained only as long as necessary to resolve your inquiry and meet legal obligations.
  • Subscription records held by Apple or Superwall are subject to their own retention policies and applicable law.

You may request deletion of any data we control at any time.

Your Rights

You have the right to:

  • Access your personal data
  • Request correction
  • Request deletion
  • Restrict or object to processing
  • Withdraw consent where applicable
  • Data portability
  • Lodge a complaint with your local supervisory authority (in the Netherlands: Autoriteit Persoonsgegevens)

To exercise these rights, contact: [email protected]

Children's Privacy

Behold is not intended for children under 13. We do not knowingly collect personal data from children under 13.

Changes to This Policy

We may update this Privacy Policy as Behold evolves. Material changes will be communicated through the app or website prior to taking effect.

Contact Us

As a digital wellbeing company, we want to bring you peace and balance in your use of digital technology. Privacy is core to your peace of mind, so we take extra care with it.

© 2026 Next Wave Apps. All rights reserved.

Logo Behold

Limit distracting apps so you can focus on God, relationships, and what truly matters. Helping you stay present through daily practices and boundaries

Support Privacy Terms
© 2026 All rights reserved.