Privacy Policy

ByteFrost AB ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). Please read this Privacy Policy carefully.

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the App.

1. Information We Collect

1.1 Anonymous Usage

You can use the App without creating an account. When you use the App anonymously:

• Your data is stored locally on your device
• We do not collect any personal information
• Your habits, goals, and tracking data remain entirely on your device

1.2 Information You Provide When You Sign In

If you choose to create an account, we collect:

• Email Address: Used for account authentication and account recovery
• Habit and Goal Data: Information about your habits, goals, progress, and tracking activities that you create within the App

1.3 Health Data (Optional)

If you choose to enable health data synchronization, we may collect:

• Steps count
• Calories burned
• Other health metrics you choose to sync

Important: Health data synchronization is entirely optional and requires your explicit consent. You can enable or disable this feature at any time in the App settings. Health data is accessed through Apple Health (iOS) or Google Health Connect (Android) and is subject to their respective privacy policies.

1.4 Payment Information

When you purchase a subscription:

• Payment processing is handled entirely by Apple App Store or Google Play Store
• We do not collect, store, or have access to your payment card information
• We receive only basic transaction information (such as whether a purchase was successful) from RevenueCat, our subscription management service

1.5 Information We Do NOT Collect

We do not collect:

• Your name or physical address
• Phone number
• Precise location data
• Browsing history or cookies
• Analytics or tracking data (we do not use Google Analytics or similar services)

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the App: Store your habits, goals, and progress across your devices
• Authenticate your account: Verify your identity when you sign in
• Sync your data: Enable access to your data across multiple devices
• Process payments: Manage your subscription through our payment processor
• Improve the App: Understand how the App is used to fix bugs and improve features
• Communicate with you: Respond to your inquiries and provide customer support
• Comply with legal obligations: Meet legal and regulatory requirements

3. How We Store Your Information

3.1 Data Storage

Your data is stored securely using:

• Supabase: Our database and authentication provider. Supabase provides enterprise-grade security and is compliant with industry standards including SOC 2 Type II and GDPR
• End-to-end encryption: All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols

3.2 Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

• Secure data transmission using encryption
• Regular security updates and monitoring
• Access controls and authentication requirements
• Secure server infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

4. Third-Party Services

We use the following third-party services to operate the App:

4.1 Supabase

• Purpose: Database hosting and user authentication
• Data shared: Email address, habit and goal data
• Privacy Policy: https://supabase.com/privacy

4.2 RevenueCat

• Purpose: Subscription management and payment processing
• Data shared: User identifier, subscription status, purchase history
• Privacy Policy: https://www.revenuecat.com/privacy

4.3 Apple App Store / Google Play Store

• Purpose: App distribution and payment processing
• Data shared: Purchase information (handled directly by Apple/Google, not by us)
• Privacy Policies:
  • Apple: https://www.apple.com/legal/privacy/
  • Google: https://policies.google.com/privacy

4.4 Apple Health / Google Health Connect (Optional)

• Purpose: Synchronize health and fitness data (only if you opt in)
• Data shared: Steps, calories burned, and other metrics you choose to sync
• Privacy Policies:
  • Apple Health: https://www.apple.com/legal/privacy/data/en/health-app/
  • Google Health Connect: https://support.google.com/googleplay/answer/9888358

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

We may share your information only in the following circumstances:

• Service Providers: With third-party service providers (Supabase, RevenueCat) who help us operate the App, as described in Section 4
• Legal Requirements: If required by law, court order, or governmental regulation
• Protection of Rights: To protect our rights, property, or safety, or that of our users or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity

6. Your Data Rights

6.1 Access and Export Your Data

You have the right to access and export all of your data stored in the App. You can export your data at any time through the App settings.

6.2 Delete Your Account and Data

You have the right to delete your account and all associated data at any time. When you delete your account:

• All your personal information is permanently deleted from our servers
• Your habits, goals, and tracking data are permanently deleted
• This action cannot be undone
• You can delete your account through the App settings

6.3 Modify Your Information

You can modify your habit and goal data at any time through the App.

6.4 Opt Out of Health Data Sync

You can enable or disable health data synchronization at any time through the App settings.

6.5 Additional Rights (EEA/UK Residents)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us at contact@byte-frost.com.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide you with the App.

• Anonymous users: Data is stored only on your device and is not retained by us
• Signed-in users: We retain your data until you delete your account
• After account deletion: All personal data is permanently deleted within 30 days
• Legal obligations: We may retain certain information if required by law or for legitimate business purposes (such as fraud prevention)

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

Our service providers (Supabase, RevenueCat) may process data in various locations worldwide. When we transfer your data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

9. Children's Privacy

The App is intended for users aged 13 and older (or 16 and older in the European Economic Area). We do not knowingly collect personal information from children under these age limits.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at contact@byte-frost.com, and we will delete such information from our systems.

10. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

To exercise these rights, please contact us at contact@byte-frost.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated Privacy Policy in the App
• Updating the "Last Updated" date at the top of this Privacy Policy
• Sending you a notification through the App or via email (if applicable)

Your continued use of the App after any changes indicates your acceptance of the updated Privacy Policy.

12. Do Not Track Signals

The App does not track users across third-party websites or apps. We do not respond to "Do Not Track" signals because we do not track our users over time and across third-party websites.

13. Your Consent

By using the App, you consent to this Privacy Policy. If you create an account, you explicitly consent to the collection and use of your email address and habit/goal data as described in this Privacy Policy.

If you enable health data synchronization, you explicitly consent to the collection and use of your health data as described in this Privacy Policy.

15. Legal Basis for Processing (EEA/UK Residents)

If you are located in the EEA or UK, our legal basis for collecting and using your personal information depends on the specific information and context:

• Consent: When you provide explicit consent (e.g., health data synchronization)
• Contract: When processing is necessary to provide the App services you've requested
• Legitimate Interests: When we have a legitimate business interest (e.g., improving the App, fraud prevention) that doesn't override your rights
• Legal Obligation: When we must comply with legal requirements

Summary: We collect minimal data (email and habit tracking data when you sign in, health data only if you opt in). We do not sell your data. You can export and delete your data at any time. We use industry-standard security measures to protect your information.