Privacy Policy

Effective Date: December 25, 2025 | Version 1.0

Introduction

Welcome to GritForge ("we," "our," "us," or the "Company"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App") and related services (collectively, the "Services").

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information (email address, name, password)
  • Goals and habits you create within the app
  • Progress entries and journal reflections
  • App preferences and settings

1.2 Information Collected Automatically

Usage Data:

  • App interactions and feature usage
  • Login timestamps and frequency
  • Goal creation and modification patterns
  • Progress logging frequency and timing
  • Notification interaction data

Device Information:

  • Device type and model
  • Operating system and version
  • Unique device identifiers (for authentication and notifications)
  • Time zone settings
  • App version

1.3 Information from Third Parties

If you choose to sign in using Google Sign-In or Apple Sign-In, we receive:

  • Your email address
  • Your display name (if provided)
  • A unique identifier from the authentication provider

We do not receive or store your password from third-party authentication providers.

2. How We Use Your Information

2.1 Providing and Improving the Services

  • Creating and managing your account
  • Storing and syncing your goals and progress across devices
  • Generating AI-powered coaching feedback personalized to your data
  • Calculating streaks, compliance rates, and progress statistics
  • Delivering notifications and reminders based on your schedule
  • Analyzing usage patterns to improve app functionality

2.2 Personalization

  • Tailoring AI coaching tone based on your recent progress
  • Generating personalized journal prompts for quick logging
  • Customizing notification content based on your streak status
  • Providing comeback messages when you return after breaks

2.3 Safety and Security

  • Detecting and preventing fraud, abuse, and security incidents
  • Enforcing our Terms of Service
  • Complying with legal obligations
  • Protecting the rights and safety of users

3. AI-Generated Content and Processing

GritForge uses artificial intelligence to provide personalized coaching.

3.1 What We Process with AI

  • Goal Information: Title, description, and type are used to generate relevant feedback
  • Progress Entries: Your progress descriptions and on-track status inform AI coaching tone
  • Historical Patterns: Recent progress history (up to 30 entries) helps contextualize feedback
  • Behavioral Metrics: Streak length, compliance rate, and activity gaps influence coaching approach

3.2 AI Service Provider

We use OpenAI's GPT-4o-mini model to generate:

  • Personalized coaching feedback
  • Journal prompt placeholders
  • Comeback messages

Your data sent to OpenAI includes:

  • Goal title and description
  • Recent progress descriptions
  • Calculated metrics (streak, compliance rate)
  • First name (if provided) for personalization

Your data sent to OpenAI does NOT include:

  • Your email address
  • Your full account information
  • Your device identifiers
  • Other identifying information beyond first name

3.3 AI Data Retention by Provider

According to OpenAI's data usage policies: API data is not used to train their models, data is retained for 30 days for abuse monitoring then deleted, and we do not opt into any training programs.

3.4 Content Moderation

Before processing with AI, we screen goal and progress content using OpenAI's Moderation API to prevent processing of inappropriate content, ensure a safe user experience, and block content that violates our Terms of Service.

4. How We Share Your Information

We do not sell your personal information. We do not share your data for advertising purposes.

4.1 Service Providers

We use trusted third-party services to operate our App:

Service Purpose Data Shared
Supabase Database hosting, authentication Account data, goals, progress
OpenAI AI feedback generation Goal content, progress content, first name
Expo/React Native App framework, notifications Device tokens, push notifications

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation.

4.3 Business Transfers

If GritForge is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Storage and Security

5.1 Security Measures

We implement industry-standard security measures including:

  • Encryption in Transit: All data transmitted uses TLS 1.2 or higher
  • Encryption at Rest: Sensitive data is encrypted in our database
  • Secure Authentication: Passwords are hashed using bcrypt
  • Row-Level Security: Database policies ensure users can only access their own data
  • Access Controls: Administrative access is limited and audited

6. Data Retention

Data Type Retention Period Justification
Account Information Until account deletion + 30 days Account functionality
Goals and Progress Until account deletion + 30 days Service delivery
AI-Generated Feedback Until account deletion + 30 days Service functionality
Crash/Error Logs 90 days Troubleshooting
Aggregated Analytics Indefinitely (anonymized) Product improvement

Account Deletion

When you delete your account: your account is immediately deactivated, within 30 days all personal data is permanently deleted, and aggregated anonymized data may be retained for analytics.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data
  • Data Portability: Request your data in a portable format
  • Opt-Out: Opt out of push notifications and marketing communications
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, use the Settings menu in the App or contact us at support@gritforge.io.

8. Children's Privacy

GritForge is not intended for children under 13 years of age (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete that information as quickly as possible. If you believe we have inadvertently collected information from a child, please contact us at support@gritforge.io.

9. International Data Transfers

GritForge operates globally. Your information may be transferred to and processed in countries other than your own.

When we transfer data internationally, we use appropriate safeguards including Standard Contractual Clauses approved by the European Commission, data processing agreements with all service providers, and encryption of data in transit and at rest.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or in-app notification at least 30 days before the changes take effect. Minor updates will be posted with a new "Last Updated" date. Your continued use of the Services after changes take effect constitutes acceptance of the updated Privacy Policy.

11. GDPR Compliance (EEA Users)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure - "right to be forgotten" (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to withdraw consent (Article 7)
  • Right to lodge a complaint with a supervisory authority (Article 77)

12. CCPA Compliance (California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect and how it is used
  • Right to access your personal information
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to non-discrimination for exercising your rights

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@gritforge.io

Summary of Key Points

What we collect Email, name, goals, progress, device info
Why we collect it To provide AI coaching and habit tracking
Do we sell data? No, never
Who receives data? Only essential service providers (Supabase, OpenAI)
How long we keep it Until you delete your account + 30 days
Your rights Access, correct, delete, port, opt-out
Security Encryption, access controls, RLS
Children Not for users under 13 (16 in EEA)
AI processing Used for personalization, not training
Contact support@gritforge.io