Plain language. No fine print, because we have nothing to hide in fine print.
What this covers
Next Right Step is in beta. There is a real app, real accounts, and real data being stored. This page tells you exactly what that data is, where it lives, and how to delete it.
What the app collects
When you create an account in the app, we collect:
- Your first and last name — optional, and you can make them up if you wish
- Your sobriety date — optional, only if you set one
- Your recovery tasks and task completion records — default tasks, tasks you added, tasks you marked complete, and when.
- Your email address – optional, only if you set one. This will be used to allow you to login to the same account on more than one device and to identify you if you want us to delete your data. (As of May 8, 2026 email address is not collected so any account deletion requests cannot yet be honored).
The app also stores a random identifier generated on first launch to recognize your device. It is not tied to any hardware ID, advertising ID, or anything that identifies you as a person.
What we do not collect
- Payment information (the beta is free; if paid features are added we will use a third-party payment processor and update this page before we do)
- Location data
- Hardware device identifiers or advertising IDs
- Contacts, calendar, camera, microphone, or photos
- Behavioral data sold to or shared with advertisers – in the future we plan to use this data to improve the application but we are not currently doing this
- Crash reports or analytics of any kind – in the future we plan to use this data to improve the application but we are not currently doing this
Where your data lives
Your data lives in two places.
On your device: the app stores your tasks, completions, and account info in a local database in the app’s private storage. This data stays on your device until you uninstall the app or clear app data in your device settings. Session tokens are stored separately in your device’s encrypted storage (iOS Keychain or Android EncryptedSharedPreferences).
On our server: account info, tasks, and completions are synced to a private server we control directly.
This website: The Next Right Step website and app backend are hosted by WordPress.com and DigitalOcean, respectively — both operated by Automattic. No third-party analytics platforms, no email marketing tools, no ad-tech infrastructure of any kind.
The app contacts one external service beyond our own backend to fetch public recovery meeting data. No user data or identifiers are sent in these requests.
Email and the website
If you provide your email address on the website, it is collected and stored by Jetpack, a plugin made by Automattic (who also hosts this site). We use it only to send beta invites and updates about Next Right Step and our privacy policies. We do not use it for advertising and do not share it with any other party.
You can unsubscribe at any time using the link in any email we send. To request deletion of your email address, email nextrightstepapp@proton.me.
For details on how Automattic handles data, see the Automattic Privacy Policy.
Infrastructure logging
Our web server logs every inbound request, including IP addresses, in standard server logs. These logs are kept for 14 days and then automatically deleted. Our application server does not read or store IP addresses — they exist only in those short-lived server logs.
AI and machine learning
There is no AI or machine learning in the app right now. If that changes, we will tell you before it changes, explain what would be sent and why, and give you the option to delete your data first.
How we use your data
To run the app. Your sobriety streak exists so you can see it. Your tasks and their completions exist so the app can show you what you have done.
That is it. We do not analyze your data to sell insights. Note that in the future we likely will analyze your data to build improve the application for everyone.
Anonymity
Your first name and last initial is the only identity information the app asks for, and it is optional — you can leave it blank or make something up. Nothing in the app requires your real name. Anonymity is not a product feature — it is a commitment that goes back to why peer recovery has worked for nearly a century. We take it the same way.
How to delete your account
Email nextrightstepapp@proton.me with the subject line “Delete my account.” We will delete your account and all associated data within 14 days and confirm when it is done. No questions, no retention period, no win-back attempt.
Note: We don’t currently have an ability to collect your email address in the application so we can’t currently can’t honor deletion requests, but as soon as we have that functionality we will make account deletion requests possible.
A few things worth saying plainly
We will not share your data with insurers, employers, or advertisers. Period.
We will not cooperate with anyone trying to identify a specific user beyond what a valid legal order requires. If we receive one, we will respond narrowly, push back on overreach, and notify you if we are legally permitted to. To date, we have never received one.
We recommend that you use a personal device that is not managed by your employer. We have no visibility into your local device, but it is worth doing on any app like this one.
We also recommend you use a a non-obviously configured unlock feature on your device.
When this page changes
If we add AI features, third-party services, or change what data we collect, we will update this page and notify you by email before the change takes effect. You will see exactly what changed and why.
Questions
Email nextrightstepapp@proton.me. A real person will read it.
Last updated: May 8, 2026