GratiStellar-legal

Privacy Policy for GratiStellar

Effective Date: November 17, 2025
Last Updated: December 18, 2025

Introduction

Welcome to GratiStellar (“we,” “our,” or “the App”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our gratitude journaling application.

By using GratiStellar, you agree to the collection and use of information in accordance with this policy.

---

1. Information We Collect

1.1 Personal Information You Provide

Account Information:

• Display Name: You provide a display name when creating your account
• Email Address (Optional): If you choose to link your account to email authentication
• Password (Optional): If you choose email authentication, encrypted and stored securely

Gratitude Entries:

• Text content of your gratitude entries
• Timestamps of when entries are created, modified, or deleted
• Custom colors and visual preferences for entries
• Galaxy/collection names you create

App Preferences:

• Font size settings
• Language preferences
• App settings and configurations

1.2 Automatically Collected Information

Device Information:

• Device model and manufacturer
• Operating system version
• Unique device identifiers
• App version

Usage Data:

• Features used within the app
• Crash reports and error logs
• Performance metrics
• App launch and usage patterns

Technical Data:

• IP address (temporarily, for Firebase services)
• Network information (connectivity status)

1.3 Information We Do NOT Collect

We explicitly DO NOT collect:

• Location data
• Contact lists
• Photos or media files (beyond app data)
• Microphone or camera access
• Any data from other apps on your device

---

2. How We Use Your Information

2.1 Core App Functionality

• Gratitude Storage: Store and sync your gratitude entries across your devices
• Account Management: Manage your account and authentication
• Data Synchronization: Sync your data securely via Firebase Cloud Firestore
• Backup & Restore: Enable you to export and restore your personal data

2.2 App Improvement

• Analytics: Understand how users interact with the app to improve features
• Crash Reporting: Identify and fix bugs and crashes (via Firebase Crashlytics)
• Performance Monitoring: Ensure the app runs smoothly

2.3 Legal Compliance

• Comply with legal obligations
• Protect against fraud or security issues
• Enforce our Terms of Service

---

3. Data Storage and Security

3.1 Local Storage

• Encryption: All data stored on your device is encrypted using industry-standard encryption
• Secure Storage: Sensitive data uses platform-specific secure storage (Keychain on iOS, EncryptedSharedPreferences on Android)

3.2 Cloud Storage

• Firebase Cloud Firestore: Your data is stored on Google’s Firebase servers
• Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption
• Encryption at Rest: Firebase encrypts all data at rest using AES-256

3.3 Security Measures

• Authentication: Secure authentication via Firebase Authentication
• Access Control: Firestore security rules ensure you can only access your own data
• Rate Limiting: Protection against abuse and unauthorized access
• Input Validation: All user input is validated and sanitized
• Regular Security Updates: We regularly update dependencies and security patches

3.4 Data Retention

• Active Data: Retained as long as your account is active
• Deleted Entries: Soft-deleted entries are kept for 30 days (recoverable from Trash)
• Permanent Deletion: After 30 days, deleted entries are permanently removed
• Account Deletion: Upon account deletion, all data is removed within 30 days

---

4. Third-Party Services

We use the following third-party services that may collect information:

4.1 Firebase (Google)

Services Used:

• Firebase Authentication
• Cloud Firestore (database)
• Firebase Crashlytics (crash reporting)
• Firebase Analytics (usage analytics)

Data Shared: User ID, device information, app usage data, crash reports

Privacy Policy: https://firebase.google.com/support/privacy

4.2 Google Sign-In (Optional)

If you choose to use Google Sign-In for authentication.

Privacy Policy: https://policies.google.com/privacy

---

5. Data Sharing and Disclosure

5.1 We DO NOT Sell Your Data

We will NEVER sell, rent, or trade your personal information to third parties.

5.2 Limited Sharing

We only share your information in the following circumstances:

With Your Consent: When you explicitly agree to sharing

Service Providers: Firebase/Google services for app functionality only

Legal Requirements:

• To comply with legal obligations
• To protect our rights or safety
• In response to valid legal requests (court orders, subpoenas)

Business Transfers: In the event of a merger, acquisition, or sale of assets (users will be notified)

---

6. Your Rights and Choices

6.1 Access and Control

Access Your Data:

• View all your gratitude entries within the app
• Export your data using the backup feature

Modify Your Data:

• Edit or delete gratitude entries at any time
• Update your display name
• Change your email or password

Delete Your Data:

• Delete individual entries (recoverable for 30 days)
• Permanently delete entries from Trash
• Delete your entire account (see Section 6.4)

6.2 Export Your Data (Data Portability)

• Backup Feature: Export all your data in an encrypted format
• File Format: Encrypted JSON with all gratitudes, settings, and metadata
• GDPR Compliance: Compliant with data portability requirements

6.3 Opt-Out Options

Analytics:

• Currently, analytics are essential for app improvement
• Future versions may include an opt-out option

Email Communications:

• We currently do not send marketing emails
• Account-related emails (if any) cannot be opted out

6.4 Account Deletion

To delete your account and all associated data:

1. Open the app
2. Go to Settings → Account
3. Select “Delete Account”
4. Confirm deletion

OR Email us at: gratistellar@gmail.com

Data Removal Timeline:

• Immediate: Access to your account is revoked
• Within 30 days: All data is permanently deleted from our servers
• Some data may remain in backups for up to 90 days

---

7. Children’s Privacy

GratiStellar is not intended for children under the age of 13 (or applicable age in your jurisdiction).

• We do not knowingly collect personal information from children
• If you believe a child has provided us with personal information, please contact us
• We will promptly delete such information

---

8. International Data Transfers

• Your data may be transferred to and stored on servers located outside your country
• Firebase servers are located in various regions globally
• We ensure appropriate safeguards are in place for international transfers
• By using the app, you consent to these transfers

For EU Users:

• We comply with GDPR requirements
• Firebase is Privacy Shield certified and uses Standard Contractual Clauses

---

9. Your Regional Rights

9.1 European Union (GDPR)

If you are in the EU, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data (“right to be forgotten”)
• Restrict processing
• Data portability
• Object to processing
• Lodge a complaint with your supervisory authority

9.2 California (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect
• Know if we sell or disclose your information (we don’t)
• Access your personal information
• Delete your personal information
• Opt-out of sale of personal information (we don’t sell data)
• Non-discrimination for exercising your rights

9.3 Canada (PIPEDA)

If you are a Canadian resident, you have the right to:

• Access your personal information
• Challenge the accuracy and completeness of your data
• Withdraw consent for data processing
• File a complaint with the Privacy Commissioner of Canada

9.4 Other Jurisdictions

We respect and comply with privacy laws in all jurisdictions where our app is available.

---

10. Cookies and Tracking

We do NOT use cookies in the mobile app.

Firebase Analytics may use similar technologies (SDKs) to track app usage. This data is anonymized and used solely for app improvement.

---

11. Changes to This Privacy Policy

• We may update this Privacy Policy from time to time
• We will notify you of any material changes via:
  • In-app notification
  • Email (if you’ve provided one)
  • Update to “Last Updated” date at the top of this policy
• Continued use after changes constitutes acceptance of the new policy

---

12. Data Breach Notification

In the unlikely event of a data breach:

• We will investigate immediately
• Affected users will be notified within 72 hours
• We will take all necessary steps to mitigate harm
• Relevant authorities will be notified as required by law

---

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data:

Email: gratistellar@gmail.com
Response Time: We aim to respond within 48 hours

For data access requests, account deletion, or privacy concerns, please email us with “Privacy Request” in the subject line.

---

14. Consent

By using GratiStellar, you consent to:

• This Privacy Policy
• Collection and use of information as described
• Transfer of data as necessary for app functionality

You can withdraw consent at any time by deleting your account.

---

15. Additional Information

15.1 Open Source

This app uses open-source libraries. Their respective privacy policies and licenses are available in the app’s settings.

15.2 Offline Functionality

• The app works offline; data is stored locally until you connect to the internet
• Sync occurs automatically when connected
• All local data is encrypted

15.3 Anonymous Usage

• You can use the app with just a display name (no email required)
• Anonymous accounts have limited data recovery options
• We recommend linking to email for data security

---

Thank you for trusting GratiStellar with your gratitude journey. We take your privacy seriously and are committed to protecting your personal data.

---

This privacy policy was last updated on November 17, 2025 and is effective immediately.