Privacy Policy

At RingsADay, we believe your habits and goals are deeply personal. This Privacy Policy explains how we collect, use, and protect your data when you use our iOS app. We are committed to transparency and giving you control over your information.

• 1. Data Controller
• 2. Information We Collect
• 3. How We Use Your Information
• 4. Legal Basis for Processing
• 5. Third-Party Services
• 6. Data Retention
• 7. Your Privacy Rights
• 8. International Data Transfers
• 9. Security
• 10. Children's Privacy
• 11. Changes to This Policy
• 12. Contact Us

The data controller responsible for your personal information is:

We collect only the information necessary to provide you with a seamless habit-tracking experience:

2.1 Account Information

• User ID: Anonymous identifier generated when you first use the app
• Email Address: Optional, only if you choose to upgrade from anonymous authentication
• Authentication Data: Managed securely through Firebase Authentication

2.2 Habit & Goal Data

• Goal Information: Goal names, types (time up/down/counter), target times, colors, and categories
• Progress Data: Daily progress records, timer sessions, elapsed time, and completion status
• Custom Categories: Category names and organization preferences

2.3 Device Information

• Push Notification Token: To send you goal reminders
• Device Sync Data: Timer state synced between iPhone and Apple Watch

2.4 Purchase Information

• Subscription Status: Premium subscription status managed through RevenueCat
• Transaction Records: Purchase history for subscription management

We use your information only for the following purposes:

• Provide App Functionality: Store your goals, track progress, and sync data across your devices
• Cloud Sync: Enable seamless synchronization between your iPhone and Apple Watch
• Send Notifications: Deliver reminders for your goals (only if you grant permission)
• Manage Subscriptions: Process premium subscriptions and restore purchases
• Customer Support: Respond to your inquiries and provide technical assistance
• Improve the App: Fix bugs and improve app performance (no behavioral tracking)

For users in the European Economic Area (EEA), we process your data based on:

• Your Consent: You agree to this Privacy Policy when you use the app
• Contractual Necessity: Processing is necessary to provide the habit-tracking service you requested
• Legitimate Interests: Improving app functionality and providing customer support

RingsADay uses the following trusted third-party services to operate:

• Active Users: Your data is retained as long as your account is active
• Deleted Goals: Deleted goals and progress are removed immediately from our servers
• Account Deletion: If you delete your account, all associated data is permanently deleted within 30 days
• Inactive Accounts: Accounts inactive for more than 3 years may be deleted to comply with data minimization principles

You have the following rights regarding your personal data:

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers (Firebase, RevenueCat) operate.

Safeguards: These transfers are protected by:

• Standard Contractual Clauses approved by the European Commission
• Firebase and RevenueCat compliance with GDPR requirements
• Encryption of data in transit and at rest

We take the security of your data seriously and implement industry-standard measures to protect it:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest
• Secure Authentication: Firebase Authentication with industry-standard security protocols
• Access Controls: Data is isolated per user ID with strict access controls
• Keychain Storage: Sensitive identifiers stored in iOS Keychain
• Regular Updates: We regularly update our security practices and dependencies

While we implement strong security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but strive to use commercially acceptable means to protect your data.

RingsADay is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@ringsaday.app, and we will promptly delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via in-app notification or email (if provided)
• Request your consent if required by law

We encourage you to review this Privacy Policy periodically. Your continued use of RingsADay after changes are made constitutes acceptance of those changes.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: