Privacy Policy

Effective Date: 1st August 2025

Version: 0.0.1

Your Privacy Matters

At Transformation Buddy, we believe your personal transformation journey should remain personal. This Privacy Policy explains how we collect, use, protect, and respect your information.

Key Privacy Principles

• Data Minimization: We only collect what we need to provide our service
• Your Control: You decide what data to share and can delete it anytime
• Transparency: Clear explanations of what we do with your information
• Security First: Industry-standard encryption and security practices
• No Selling: We never sell your personal data to third parties

1. Information We Collect

Information You Provide

• Account Information: Email address, name, password
• Profile Data: Display name, preferences, profile picture (optional)
• Content: Goals, journal entries, habit tracking, progress notes
• Communications: Support messages, feedback, survey responses

Automatically Collected Information

• Usage Data: Features used, time spent, navigation patterns
• Technical Data: Device type, operating system, app version
• Analytics: Crash reports, performance metrics (anonymized)
• Location: Only if you explicitly enable location-based features

Information We Don't Collect

• Financial Data: Payment processing handled securely by Stripe
• Sensitive Categories: Health, political, religious beliefs (unless you voluntarily share)
• Unnecessary Personal Data: We don't collect information we don't need

2. How We Use Your Information

Primary Uses

• Service Delivery: Provide app functionality, sync across devices
• Personalization: Customize your experience, AI-powered insights
• Account Management: Authentication, subscription management, support
• Communication: Service updates, important notices, optional marketing

AI & Machine Learning

• Personalized Insights: AI analysis of your goals and progress (processed securely)
• Content Suggestions: Recommendations based on your transformation journey
• Pattern Recognition: Help identify trends in your progress
• Privacy Protection: AI processing uses anonymized/pseudonymized data when possible

Analytics & Improvement

• Service Enhancement: Identify popular features, fix bugs, improve performance
• Research: Understand user needs (always with anonymized data)
• Security: Detect fraud, abuse, and security threats

3. Information Sharing

We Share Information With:

Service Providers (Data Processors)

• Cloud Storage: Firebase/Google Cloud for data storage and sync
• Payment Processing: Stripe for subscription management
• Analytics: Google Analytics for app usage insights (anonymized)
• Support Tools: Help desk software for customer support
• AI Services: Secure AI providers for personalized insights

Legal Requirements

• When required by law, court order, or legal process
• To protect rights, property, or safety of users or others
• In connection with business transfers (with user notification)

We Never Share:

• Personal data for marketing purposes
• Individual user data with other users (unless you explicitly choose to share)
• Content of your journals or goals with anyone outside our secure system
• Information with data brokers or advertisers

4. Data Security

Security Measures

• Encryption: Data encrypted in transit and at rest
• Access Controls: Strict employee access controls and training
• Regular Audits: Security assessments and penetration testing
• Secure Infrastructure: Industry-leading cloud providers with certifications

Your Security Role

• Strong Passwords: Use unique, strong passwords
• Device Security: Keep your devices secure and updated
• Account Monitoring: Report suspicious activity immediately
• Backup Awareness: We backup your data, but you can export it too

5. Your Privacy Rights

Access & Control

• View Your Data: Access all your information through the app or by request
• Download Data: Export your information in a portable format
• Correct Information: Update or correct your personal information
• Delete Account: Permanently delete your account and associated data

Communication Preferences

• Marketing Emails: Opt out of marketing communications
• Push Notifications: Control which notifications you receive
• Data Processing: In some regions, object to certain data processing

Regional Rights

• GDPR (EU): Right to access, rectify, erase, port, restrict, and object
• CCPA (California): Right to know, delete, opt-out, and non-discrimination
• Other Jurisdictions: Rights as provided by local privacy laws

6. Data Retention

How Long We Keep Data

• Active Accounts: Data retained while account is active and for service provision
• Deleted Accounts: Data securely deleted within 30 days of account deletion
• Legal Requirements: Some data may be retained longer if required by law
• Backups: Backup systems purged according to our data lifecycle policies

Automated Deletion

• Inactive Accounts: Accounts inactive for 3+ years may be automatically deleted
• Advance Notice: We'll email you before any automated deletion
• Easy Reactivation: Simple process to reactivate if contacted in time

7. Children's Privacy

Age Requirements

• Minimum Age: Must be 13+ to create an account
• Parental Consent: Ages 13-15 in some regions require parental consent
• Special Protections: Additional privacy protections for users under 18

If We Learn a Child Under 13 Has an Account

• Immediate Action: Account will be suspended and parent contacted
• Data Deletion: Personal information will be deleted promptly
• Reactivation: Account can be reactivated with proper parental consent

8. International Data Transfers

Global Service

• Primary Storage: Data primarily stored in secure US and EU data centers
• Transfer Safeguards: Adequate protection mechanisms for international transfers
• Regional Compliance: Compliance with local data protection laws

9. Third-Party Services

Integrated Services

• Authentication: Google Sign-In, Apple Sign-In (optional)
• Cloud Sync: Firebase for cross-device synchronization
• Payments: Stripe for secure payment processing

Third-Party Privacy

• Their Policies: Third-party services have their own privacy policies
• Limited Integration: We integrate only essential features
• Your Choice: You control which integrations to use

10. Changes to This Policy

Updates

• Material Changes: Email notification for significant privacy changes
• Minor Updates: Notification via app or website
• Continued Use: Continued use constitutes acceptance of updated policy
• Version Control: Previous versions available upon request

11. Contact Us

Privacy Questions

• Privacy Officer: privacy@transformationbuddy.com
• General Support: help@transformationbuddy.com
• Data Requests: Use the "Download My Data" feature in app settings
• Address: [Your Business Address]

Data Protection Officer (if required)

• DPO Contact: dpo@transformationbuddy.com
• Role: Independent oversight of data protection practices

12. Regulatory Information

Certifications & Compliance

• SOC 2 Type II: Annual security and availability audits
• GDPR Compliance: Full compliance with EU data protection regulation
• CCPA Compliance: California Consumer Privacy Act compliance
• Privacy Shield: [If applicable] EU-US Privacy Shield Framework

---

Your trust is essential to us. We're committed to protecting your privacy while helping you achieve your transformation goals. If you have any questions or concerns, please don't hesitate to reach out.

*Last updated: January 2025*