Privacy Policy

Last Updated: January 2025

1. Data Controller

Gradience is operated by Leon Potgieter. For any privacy-related inquiries, you can contact us at:

Email: privacy@getgradience.com

Platform Availability: Gradience is available on iOS and Android devices. Some features (Apple Watch app, iOS home screen widget) are exclusive to iOS devices due to platform limitations.

2. Data We Collect

We collect the following types of personal data when you use Gradience:

2.1 Account Information

• Email address: Used for account creation, authentication, and communication
• Name: Used for personalization within the app
• Password: Stored in encrypted (hashed) format for account security
• Authentication tokens: If you use Google OAuth or Apple Sign-In for login
• Anonymous session data: If you use the app without creating an account, we create a temporary anonymous session with:
  • Anonymous authentication token (7-day expiration)
  • Optional device identifier for session recovery
  • All anonymous data is automatically deleted after 7 days of inactivity

2.2 Habit Tracking Data

• Habit information: Habits you create, including names, goals, and custom descriptions
• Daily logs: Your daily habit completion status (Full, Fallback, or Paused)
• Progress history: Historical tracking data for visualizing your progress
• AI-generated content: Fallback suggestions generated by our AI service

2.3 Technical Data

• Device information: Device model, operating system version, app version number (we do NOT collect device IDs or advertising identifiers)
• Usage analytics: Features you use, habits created/completed, time spent in app (used solely to improve app functionality - not for advertising or cross-app tracking)
• Timestamps: When you create habits, log activities, and use features
• Crash logs: Technical diagnostics if the app crashes (to fix bugs)
• Device-specific storage (iOS only): If you use the Apple Watch app or iOS home screen widget, your habit data is stored locally on your device using Apple's App Group shared storage container. Authentication tokens are securely transferred between your iPhone and Apple Watch via encrypted Apple WatchConnectivity framework. This data remains on your device and is not transmitted to third parties.

3. How We Use Your Data

We use your personal data for the following purposes:

3.1 Service Provision

• Create and manage your Gradience account
• Enable you to track and manage your habits
• Generate AI-powered fallback suggestions tailored to your habits
• Sync your data across devices (when multi-device sync is implemented)

3.2 Communication

• Send important service updates and notifications
• Respond to your support requests and inquiries
• Notify you of new features (if you've opted in)

3.3 Improvement & Analytics

• Analyze usage patterns to improve the app experience
• Fix bugs and optimize performance
• Develop new features based on user needs

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Gradience service you signed up for
• Legitimate Interest: Improving our service, preventing fraud, and ensuring security
• Consent: For optional features like marketing communications (where applicable)
• Legal Obligation: Complying with applicable laws and regulations

5. Third-Party Services

We use the following third-party services that may process your data:

5.1 Neon.tech (Database Hosting)

• Purpose: Secure storage of your account and habit data
• Location: EU/US data centers (compliant with GDPR)
• Data Shared: All account and habit information

5.2 Anthropic Claude API (AI Service)

• Purpose: Generate personalized fallback habit suggestions
• Data Shared: Habit descriptions and context (no personally identifiable information)
• Retention: AI-generated suggestions are stored for up to 3 months, then automatically deleted

5.3 Google OAuth (Optional Authentication)

• Purpose: Allow you to sign in using your Google account
• Data Shared: Name, email address, profile information (as authorized by you)
• Privacy Policy: Google Privacy Policy

5.4 Apple Sign-In (Optional Authentication)

• Purpose: Allow you to sign in using your Apple ID
• Data Shared: Name, email address (as authorized by you). Apple may provide a private relay email address to protect your identity.
• Privacy Policy: Apple Privacy Policy

6. Data Retention

We retain your data for the following periods:

• Active accounts: Data is retained as long as your account is active
• Anonymous accounts: Temporary anonymous sessions (for users who try the app without creating an account) are automatically deleted after 7 days of inactivity. All associated habit data, logs, and AI-generated content are permanently removed.
• Deleted accounts: Data is permanently deleted within 30 days of account deletion
• AI-generated content: Automatically deleted after 3 months
• Backup data: Retained for up to 90 days for disaster recovery, then permanently deleted

7. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

7.1 Right to Access

You can request a copy of all personal data we hold about you.

7.2 Right to Rectification

You can update or correct your information directly in the app or by contacting us.

7.3 Right to Erasure ("Right to be Forgotten")

You can request complete deletion of your account and all associated data at any time.

How to delete your account:

• In the app: Go to Settings → Account → Delete Account, then confirm deletion
• Via email: Send a request to privacy@getgradience.com
• Timeline: All data will be permanently deleted within 30 days
• What gets deleted: Account information, all habits, logs, AI-generated content, and backups

7.4 Right to Data Portability

You can request a copy of your data in a machine-readable format (JSON/CSV).

7.5 Right to Object

You can object to certain types of data processing (e.g., marketing communications).

7.6 Right to Restrict Processing

You can request that we temporarily limit how we use your data.

8. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is transmitted using TLS/SSL encryption
• Password Security: Passwords are hashed using bcrypt before storage
• Access Controls: Limited employee/developer access to production data
• Regular Audits: Periodic security reviews and vulnerability assessments
• Secure Hosting: Data is hosted on GDPR-compliant infrastructure (Neon.tech)

9. Children's Privacy

Gradience is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• GDPR-compliant data processing agreements with third-party services

11. Cookies & Tracking

Gradience uses minimal tracking technologies:

• Essential Cookies: Required for authentication and app functionality (cannot be disabled)
• Analytics: Currently not implemented (will update this policy if added)

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

• We will update the "Last Updated" date at the top of this page
• We will notify you via email if changes are significant
• Continued use of Gradience after changes constitutes acceptance of the updated policy

13. Contact & Support

For Privacy & Legal Matters

If you have privacy-related questions, complaints, or wish to exercise your GDPR rights:

• Privacy Email: privacy@getgradience.com
• Response Time: We aim to respond within 48 hours

For General Support & Inquiries

For app support, feature requests, bug reports, or general questions:

• Support Email: info@getgradience.com
• In-App Support: Settings → Help & Support (when implemented)

If you're not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection authority:

• EU residents: Find your local DPA
• UK residents: Information Commissioner's Office (ICO)