Grit Privacy Policy

1. What Information Do We Collect?

Information You Provide

Name: Optional during registration
Authentication Data: Google Sign-In through Firebase OAuth (optional)
Social Media Profile: Name, email, profile picture from social login

Grit App Specific Data

Liked Quotes: Quotes you've marked as favorites or liked
User Quotes: Any custom quotes you've created or saved
Quote Images: Images you've created using our quote editor (stored in Firebase Storage)

Data Stored Locally Only (Not Collected by Us)

Life Area Preferences: Your chosen areas of improvement (Personal Growth, Work & Leadership, Knowledge & Learning, Emotions & Experiences, Creativity & Imagination, Love & Relationships, Spirituality, Humanity & Society, Happiness & Positivity)
Daily Dose Settings: Reminder frequency, timing preferences, and notification settings
App Theme Preferences: Your selected app themes (dark, light, amoled, midnight, sunset, forest, ocean, lavender, monochrome)
Quote Editor Settings: Quote customizations (color, alignment, style, text size, background contrast, opacity)
Audio Preferences: Background sounds settings and preferences
Category Selections: Your preferences from our 50+ available quote categories

Automatically Collected Information

Device Data: Mobile device ID, model, manufacturer, operating system, app version
Usage Data: App features accessed, timestamps, user interactions, session duration
Location Data: General location based on IP address (approximate location only)
Subscription Data: Purchase history, subscription status via RevenueCat
Advertising Data: Advertising ID, ad interaction data via AdMob
Performance Data: Crash logs, diagnostics, and app performance metrics

Device Permissions

Storage Permission: To save quote images to your device gallery (Optional)
Notification Permission: To send daily motivational reminders (Optional)
Internet Permission: To sync quotes and display ads

                Important: We do NOT collect sensitive personal information such as race, religion, sexual orientation, health data, or precise location data. Our app is designed for users 13 years and older. We collect only the minimum data necessary to provide our services and follow data minimization principles.
            

2. How We Process Your Information

We process your information for the following purposes and will not use your data beyond these stated purposes:

Account creation and authentication
Sending daily reminder notifications according to your schedule
Customer support and user inquiries
App improvement and analytics
Security and fraud prevention
Legal compliance
Providing personalized advertisements through AdMob

                Data Processing Principles: We process your data fairly, lawfully, and transparently. We use your data only for the purposes stated above and do not engage in any secondary use of your personal information without your explicit consent.
            

3. Legal Bases for Processing

We process your information based on the following legal bases, matched to specific processing activities:

Processing Activity	Legal Basis	Description
Account creation, authentication	Contract Performance	Necessary to provide our services
Personalized quotes, notifications	Consent	Based on your explicit permission
App analytics, improvement	Legitimate Interests	To improve app functionality and user experience
Security, fraud prevention	Legitimate Interests	To protect users and our services
Legal compliance, data retention	Legal Obligations	Required by applicable laws
Personalized advertising	Consent	Based on your advertising preferences

Consent Withdrawal: Where processing is based on consent, you can withdraw your consent at any time through app settings or by contacting us. This will not affect the lawfulness of processing based on consent before withdrawal.

4. Information Sharing

We share information with trusted third-party service providers under strict data processing agreements:

Service Category	Provider	Purpose	Data Shared	Transfer Mechanism
Analytics	Firebase Analytics	App usage insights	Usage patterns, device info	Google Cloud adequacy decision
Cloud Storage	Google Cloud Platform	Secure data storage	User preferences, quotes data	Google Cloud adequacy decision
Authentication	Firebase OAuth	User sign-in	Name, email, profile picture	Google Cloud adequacy decision
Advertising	AdMob (Google)	Relevant ads	Advertising ID, usage data	Google Cloud adequacy decision
Subscriptions	RevenueCat	Payment processing	Purchase history, subscription status	Standard Contractual Clauses
Cloud Storage	Firebase Storage	Quote images and media	User-generated content	Google Cloud adequacy decision

We do not sell, trade, or otherwise transfer your personal information to third parties for their marketing purposes. All third-party service providers are contractually bound to protect your data and use it only for the specified purposes.

5. Third-Party Websites and Services

Our app may contain links to third-party websites or integrate with third-party services. This privacy policy does not apply to such third-party websites or services.

Social Media Sharing

When you share quotes to social media platforms, you are subject to those platforms' privacy policies and terms of service.

Google Services

We use various Google services (Firebase, AdMob, Google Cloud). Google's privacy policy applies to their processing of your data: https://policies.google.com/privacy

                Important: We are not responsible for the privacy practices of third-party websites or services. Please review their privacy policies before providing any personal information.
            

6. Consent Management

You have granular control over your consent for different data processing activities:

Managing Your Consent

Personalized Quotes: Enable/disable in Settings > Personalization
Push Notifications: Manage in Settings > Notifications or device settings
Analytics: Opt-out in Settings > Privacy
Personalized Ads: Control through device settings or Google Ad Settings
Data Processing: Contact us to withdraw consent for specific processing

Consent Withdrawal

You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal. Withdrawing consent may limit certain app functionalities.

                Easy Opt-Out: Use our in-app privacy controls or contact heliosbytes@gmail.com to manage your consent preferences.
            

7. Data Breach Response

We have comprehensive procedures in place to handle potential data breaches:

Our Response Process

Detection: 24/7 monitoring and automated alerts
Assessment: Immediate risk evaluation within 1 hour
Containment: Immediate steps to stop the breach
Investigation: Root cause analysis and impact assessment
Notification: Users and authorities notified as required by law

User Notification

In case of a data breach that may affect your rights and freedoms, we will:

Notify you within 72 hours of discovery
Provide clear information about the breach
Explain the likely consequences
Describe measures taken to address the breach
Provide recommendations for protecting yourself

6. Cookies & Tracking Technologies

We use various tracking technologies to enhance your experience:

Types of Tracking Technologies

Analytics Cookies: Firebase Analytics to understand app usage patterns
Advertising Cookies: AdMob for personalized advertising
Functional Cookies: To remember your preferences and settings
Session Data: To maintain your login state and app preferences

Mobile App Identifiers

Advertising ID: Used for personalized ads and analytics
Device ID: For app functionality and security
Firebase Installation ID: For analytics and app services

Managing Tracking

You can limit ad tracking through your device settings:

iOS: Settings > Privacy & Security > Apple Advertising > Limit Ad Tracking
Android: Settings > Google > Ads > Opt out of Ads Personalization

7. Social Logins

We offer Google Sign-In for your convenience through Firebase OAuth.

Google Sign-In Data

When you sign in with Google, we receive:

Name
Email address
Profile picture
Google account ID

Data Usage

This information is used solely for:

Account creation and authentication
Personalizing your app experience
Providing customer support

You can disconnect your Google account from Grit at any time through your device's account settings.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence.

Data Transfer Locations

Primary Storage: Google Cloud Platform servers (United States)
Processing: New Delhi, India
Third-Party Services: United States (Google, RevenueCat servers)

Transfer Safeguards

We ensure appropriate safeguards are in place:

Google Cloud Platform's global security and compliance measures
Standard Contractual Clauses (SCCs) with service providers
Adherence to applicable data protection laws
Encryption in transit and at rest

                EU/UK Users: Data transfers are conducted in accordance with GDPR requirements using appropriate transfer mechanisms.
            

9. Data Retention

We retain your information only as long as necessary for the purposes outlined in this policy.

Data Type	Retention Period	Reason
Account Information	Until account deletion	Service provision
Quote Preferences	Until account deletion	Personalization
Usage Analytics	26 months	App improvement
Crash Logs	90 days	Bug fixes
Support Inquiries	2 years	Customer service
Subscription Data	7 years	Legal compliance
Advertising Data	2 years	Ad personalization

Automatic Deletion

Some data is automatically deleted:

Session data when you close the app
Temporary cache files periodically
Old analytics data after retention periods

10. How We Keep Your Information Safe

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
Firebase Security: Google's enterprise-grade security infrastructure
Access Controls: Role-based access with multi-factor authentication
Regular Security Audits: Automated and manual security assessments
Secure APIs: All API endpoints protected with authentication

Operational Safeguards

Employee training on data protection
Incident response procedures
Regular security updates and patches
Monitoring and alerting systems
Secure development practices

Data Breach Response

In the event of a data breach, we will:

Notify affected users within 72 hours
Report to relevant authorities as required by law
Take immediate steps to contain the breach
Provide regular updates on our response

                Note: While we use industry-standard security measures, no system is 100% secure. We continuously work to improve our security posture and recommend you use strong passwords and keep your device updated.
            

11. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

Universal Rights

Access: Request a copy of your personal data
Rectification: Correct inaccurate information
Erasure: Delete your personal data
Portability: Transfer your data to another service
Objection: Object to certain processing activities
Restriction: Limit how we process your data
Withdraw Consent: Withdraw consent for processing based on consent

How to Exercise Your Rights

Delete Your Account and Data:

Open the Grit app
Go to Settings
Open the Account section
Sign in if not already signed in
Tap "Delete Account"
Confirm deletion

Other Rights Requests:

Email us at heliosbytes@gmail.com with your request. We will respond within 30 days.

Notification Settings

You can manage notifications:

In-app: Settings > Notifications
Device settings: App notifications
Completely disable through device settings

12. Do-Not-Track Signals

We currently do not respond to Do-Not-Track (DNT) signals from web browsers as there is no universally accepted standard for how to respond to such signals.

Alternative Privacy Controls

Instead, you can control tracking through:

Device Settings: Limit ad tracking in your device settings
Google Ad Settings: Opt out of personalized ads
App Permissions: Revoke permissions in device settings
Account Deletion: Delete your account to stop all data collection

Future DNT Support

We monitor developments in DNT standards and may implement support for standardized DNT signals in the future.

13. US Residents Specific Rights

If you're a US resident, you may have additional rights under state privacy laws (CCPA, CPRA, and other state laws):

California Residents (CCPA/CPRA)

Right to Know: What personal information is collected, used, shared, or sold
Right to Access: Request access to your personal information
Right to Correct: Correct inaccuracies in your personal information
Right to Delete: Delete your personal information
Right to Opt-Out: Opt out of the sale or sharing of personal information
Right to Limit: Limit use of sensitive personal information
Right to Non-Discrimination: Not be discriminated against for exercising your rights

Information Category	Collected	Examples	Purpose
Identifiers	Yes	Name, email, device ID, advertising ID	Account management, personalization
Commercial Information	Yes	Purchase history, subscriptions	Service provision
Internet Activity	Yes	App usage, interactions, preferences	App improvement, personalization
Geolocation	Limited	General location from IP address	Content localization
Biometric Information	No	Not collected	N/A
Sensitive Personal Information	No	Not collected	N/A

Sales and Sharing

Important: We do NOT sell your personal information to third parties. We may share certain information with service providers as described in Section 4, but this is not considered a "sale" under CCPA.

Exercising Your Rights

To exercise your California privacy rights, contact us at heliosbytes@gmail.com or use the account deletion feature in the app.

Other State Laws

Residents of Virginia, Colorado, Connecticut, and other states with privacy laws have similar rights. Contact us to exercise your rights under applicable state laws.

14. Other Regions

European Union & United Kingdom (GDPR/UK GDPR)

Under GDPR and UK GDPR, you have enhanced rights including:

Right to be informed: Clear information about data processing
Right of access: Request access to your personal data
Right to rectification: Correct inaccurate data
Right to erasure: Request deletion of your data
Right to restrict processing: Limit how we process your data
Right to data portability: Transfer your data to another service
Right to object: Object to processing based on legitimate interests
Right to withdraw consent: Withdraw consent at any time

Canada (PIPEDA)

Canadian users have rights under PIPEDA including access to personal information and the right to challenge the accuracy of data.

Australia & New Zealand (Privacy Act)

Australian and New Zealand users have rights under their respective Privacy Acts, including access to personal information and correction of inaccuracies.

Brazil (LGPD)

Brazilian users have rights under LGPD including access, correction, deletion, and portability of personal data.

India (Digital Personal Data Protection Act 2023)

As an Indian company, we comply with India's Digital Personal Data Protection Act 2023, providing Indian users with rights including access, correction, deletion, and data portability.

Singapore (PDPA)

Singapore users have rights under PDPA including access to personal data and correction of inaccuracies.

Contact: To exercise your rights under any regional privacy law, contact us at heliosbytes@gmail.com and specify your location and the right you wish to exercise.

15. Children's Privacy

The Grit app is designed for users aged 13 and older. We are committed to protecting children's privacy and comply with applicable children's privacy laws.

Age Restrictions

Minimum Age: 13 years old globally
European Union: 16 years old or age of digital consent in your country
Account Creation: Users must confirm they meet the minimum age requirement

COPPA Compliance (US)

Our app is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

GDPR Article 8 Compliance (EU/UK)

For users in the EU/UK, we do not process personal data of children under 16 (or the applicable age in your member state) without verifiable parental consent.

Parental Controls

Parents and guardians can:

Review and delete their child's account
Refuse to permit further collection of their child's information
Request access to their child's personal information

If You Are a Parent

If you believe your child under 13 has provided personal information to us, please contact us immediately at heliosbytes@gmail.com. We will investigate and take appropriate action to remove the information.

                Important: COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and we ensure full compliance by restricting our service to users 13 and older.
            

16. Policy Updates

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You

In-App Notification: Updates will be announced in the app
Email Notification: If you've provided an email, we'll notify you of significant changes
Last Updated Date: Always check the "Last Updated" date at the top of this policy

Types of Updates

Minor Updates: Clarifications, formatting, or contact information changes
Material Changes: Significant changes to data collection, use, or sharing practices
Legal Updates: Changes required by new laws or regulations

Your Options

When we make material changes:

You'll receive advance notice (typically 30 days)
You can review the changes before they take effect
You can choose to delete your account if you disagree
Continued use of the app constitutes acceptance of the updated policy

Version History

We maintain a record of significant policy changes. You can request information about previous versions by contacting us.

17. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

HeliosBytes

Email: heliosbytes@gmail.com

App: Grit - Daily Motivational Quotes

Response Time: We aim to respond within 48 hours

What to Include in Your Request

When contacting us about privacy matters, please include:

Your name and contact information
Your location (country/state)
Specific privacy right you wish to exercise
Account information (if applicable)
Detailed description of your request or concern

Emergency Contact

For urgent privacy matters or suspected data breaches, please email us immediately with "URGENT - PRIVACY" in the subject line.

18. Data Management

We provide you with comprehensive control over your personal data through various self-service options and account management features.

Account Management

Through the Grit app, you can:

View Account Info: Access your profile and account details
Update Preferences: Modify your life area preferences and daily dose settings
Manage Notifications: Control reminder frequency and timing
Theme Settings: Change app themes and customization options
Export Data: Download your saved quotes and preferences
Delete Account: Permanently remove your account and data

Data Download

You can request a copy of your personal data in a commonly used, machine-readable format:

Account information and preferences
Saved quotes and favorites
App usage statistics
Customization settings

Data Deletion Process

When you delete your account:

Your account is immediately deactivated
Personal data is queued for deletion within 30 days
Some data may be retained for legal compliance (as outlined in Section 9)
You'll receive confirmation of account deletion

Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit it to another service provider where technically feasible.

Backup and Recovery

We maintain secure backups of your data for service continuity. Backup data is subject to the same privacy protections and retention policies as primary data.

                Remember: Some data may be retained in our systems for legal compliance, security, or legitimate business purposes even after account deletion, as outlined in our retention policy.
            