Privacy Policy

1. Introduction

Groundr ("we", "our", or "us") operates the Groundr mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our App.

Groundr is designed to help users reduce compulsive usage of dating applications. Given the sensitive nature of this purpose, we take your privacy extremely seriously. We are committed to protecting your data and being transparent about our practices.

By using the App, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

• Email address: used for account creation and authentication
• Authentication tokens: securely stored on your device to keep you signed in

You may also sign in using Apple Sign-In or Google Sign-In, in which case we receive only a unique identifier and, if you choose to share it, your email address. We do not receive your Apple or Google password.

2.2 Onboarding Questionnaire

During onboarding, you may voluntarily provide information about:

• Your goals and motivations for using the App
• Frequency and duration of dating app usage
• Emotional triggers
• Life impact and consequences
• Previous attempts to reduce usage
• Age range
• First name

This information is stored locally on your device only. It is not transmitted to our servers and is used solely to personalize your in-app experience.

2.3 Journal and Check-In Data

When you use the daily check-in feature, you may provide:

• Day quality rating
• Emotional states and triggers
• Context of your day
• Personal notes (free text)

This data is stored on our servers to enable cross-device sync and provide you with historical insights.

2.4 App Blocking and Usage Data

The App collects the following to provide its core blocking functionality:

• Blocking rules you create (schedules, time limits, day selections)
• Blocking events: records of when you resisted or gave in to the urge to open a blocked app
• Daily usage time for apps you choose to block (used only for time-limit enforcement)
• Rule toggle history: when rules are enabled or disabled

We do not collect the names of apps you have installed. On iOS, app selections are represented as opaque tokens that we cannot decode. On Android, selected app package names are stored locally on your device only.

2.5 Streaks and Gamification

• Current and longest streaks
• Points earned and badges unlocked
• Blocking statistics (total minutes, resistance count)

2.6 Reminders and Motivations

Personal reminders and motivational reasons you create are stored on our servers for cross-device access.

2.7 Device Information

• Device operating system (iOS or Android)
• Push notification token (Firebase Cloud Messaging)
• A unique installation identifier

2.8 Subscription Information

If you subscribe to a premium plan, your purchase is processed by Apple (App Store) or Google (Play Store). We receive:

• Subscription status (active, expired, etc.)
• Subscription plan identifier
• Expiry date

We do not have access to your payment method, credit card number, or billing address. All payments are handled by Apple or Google.

2.9 Monthly AI-Generated Reports

Once per month, the App can generate a personalized written summary of your usage patterns and check-ins for the previous month. To produce this summary, we send a set of anonymized statistical aggregates to Anthropic PBC (the provider of the Claude language model), which acts as a data processor under our instructions.

Data sent to Anthropic includes only:

• Numeric counts (number of check-ins, blocking events, distinct days active)
• Distribution buckets (frequency by day-of-week, by hour-of-day, by emotional state preset, by trigger preset)
• Onboarding context useful for tone calibration: stated objective, age range, language preference
• An ephemeral, single-use request identifier (UUID) for log correlation

Data NOT sent to Anthropic:

• Your account email or any direct identifier
• Your user_id (it is never present in the LLM payload)
• The names of any apps you have selected to block
• Free-text personal notes from your journal entries
• Any payment, subscription, or device information

You can disable monthly reports at any time from Settings > Practice > Monthly reports. When disabled, no data is sent to Anthropic for your account.

Anthropic processes inputs solely to generate the response and does not use API inputs to train its models. Inputs and outputs may be retained by Anthropic for up to 30 days for abuse and safety monitoring before deletion, in accordance with their published API privacy commitments.

3. Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract performance (Article 6(1)(b)): processing necessary to provide the App's core features (account management, app blocking, journaling, streaks, subscription management).
• Consent (Article 6(1)(a)): push notifications, analytics (Mixpanel), and optional onboarding questionnaire data. You can withdraw consent at any time.
• Legitimate interests (Article 6(1)(f)): crash reporting (Sentry) and security monitoring to maintain App stability and protect our users.

4. How We Use Your Information

We use your information exclusively to:

• Provide the App's core functionality: app blocking, usage tracking, journaling, streaks, and gamification
• Personalize your experience: display your progress, patterns, and statistics
• Send push notifications: reminders, streak alerts, and motivational messages (only if you opt in)
• Improve the App: understand usage patterns to fix bugs and improve features (via anonymized analytics)
• Manage subscriptions: verify premium access
• Generate optional monthly reports: produce a personalized written summary of your check-in patterns once per month, using anonymized statistical aggregates (see Section 2.9). This feature can be disabled at any time.

We never use your data for:

• Advertising or ad targeting
• Selling to third parties
• Profiling for purposes unrelated to the App's core function

5. Third-Party Services

6. Data Storage and Security

• Server data is stored on Supabase servers located in the European Union (Austria).
• Local data (onboarding quiz, cached data) is stored on your device. Authentication tokens use encrypted storage (iOS Keychain / Android Keystore).
• All data is encrypted in transit using TLS/HTTPS.
• Database access is protected by Row Level Security (RLS), ensuring users can only access their own data.

6.1 International Data Transfers

When you have not disabled monthly reports, anonymized statistical aggregates (as described in Section 2.9) are transmitted to Anthropic PBC, which operates in the United States. This transfer is performed under appropriate safeguards as required by GDPR Articles 44-49, including Standard Contractual Clauses where applicable. No directly identifying personal data is transferred.

7. Data Retention

• Your data is retained as long as your account is active.
• When you delete your account, all server-side data is permanently deleted, including any monthly reports generated for your account.
• Local data is cleared when you uninstall the App.
• Anonymized analytics data (Mixpanel, Sentry) may be retained for up to 12 months after account deletion.
• Aggregated payloads sent to Anthropic for monthly report generation may be retained by Anthropic for up to 30 days for abuse and safety monitoring, after which they are deleted by Anthropic.

8. Your Rights

Depending on your jurisdiction (including under the EU GDPR), you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and all associated data
• Export your data in a portable format
• Withdraw consent at any time
• Object to data processing

To exercise any of these rights, contact us at contact@groundr.app.

You can also delete your account directly from the App (Settings > Delete Account). This will permanently remove all your data from our servers.

You also have the right to lodge a complaint with your local data protection authority. For users in France, you may contact the CNIL (Commission Nationale de l'Informatique et des Libertés).

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly via email or in-app notification without undue delay.

10. Children's Privacy

Groundr is not intended for use by anyone under the age of 17. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Sensitive Data Acknowledgment

We acknowledge that data collected by Groundr may be considered sensitive, as it relates to behavioral patterns around dating app usage. We handle this data with the highest level of care:

• We apply strict access controls to all data
• We do not share identifiable behavioral data with third parties
• Analytics data is anonymized (only a random UUID, no personal identifiers)
• Onboarding questionnaire responses remain on your device

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the App or by email. The "Last updated" date at the top indicates the most recent revision.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: contact@groundr.app
• Website: https://groundr.app