PRIVACY POLICY

Effective Date: February 1, 2025

Your privacy is important to us. This Privacy Policy explains how Guttae AB ("Guttae", "we", "us"), a Swedish company (Org.nr 559266-9948), with its registered office in Stockholm, Sweden, collects, uses, and protects your personal data when you use the Daily Pact mobile application and related services (the "Services").

We comply with applicable data protection legislation, including the General Data Protection Regulation (GDPR). Guttae AB is the data controller for the processing of personal data described in this policy.

1. WHAT DATA WE COLLECT

Account Information

When you create an account, we collect information provided through your authentication method (such as Apple Sign-In), which may include:

• Display name
• Email address (if provided by the authentication provider)
• Authentication identifiers

Usage Data

We collect data about how you use the Services, including:

• Challenge completions and records
• Group memberships and challenge participations
• App interactions and feature usage
• Device information (device type, operating system version)

Photos

If you choose to set a group image, we request access to your photo library. The selected image is uploaded and stored on our servers to display within the group. We do not access or collect any other photos from your device.

Push Notification Tokens

If you enable push notifications, we collect your device push notification token to deliver notifications about your friends' challenge completions and other relevant updates.

Subscription Data

Subscription and payment information is processed by Apple App Store or Google Play Store. We receive subscription status information (active, expired, etc.) but do not store your payment details directly.

2. HOW WE USE YOUR DATA

We process your personal data for the following purposes:

• Provide the Services: To create and manage your account, enable group participation, track challenge progress, and deliver the core app functionality.
• Notifications: To send push notifications about friends' challenge completions and app updates, based on your notification preferences.
• Improve the Services: To analyze usage patterns, fix bugs, and develop new features. We use anonymized and aggregated data for this purpose wherever possible.
• Subscription management: To verify and manage your subscription status and provide access to premium features.
• Communication: To respond to your inquiries and provide customer support.
• Legal compliance: To comply with applicable laws and regulations.

3. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds under the GDPR:

• Contract performance: Processing necessary to provide the Services you have requested (Article 6(1)(b) GDPR).
• Legitimate interest: Processing necessary for our legitimate interests in improving and maintaining the Services, provided this does not override your fundamental rights (Article 6(1)(f) GDPR).
• Consent: Where you have given specific consent, such as for push notifications (Article 6(1)(a) GDPR). You may withdraw consent at any time.
• Legal obligation: Processing necessary to comply with legal requirements (Article 6(1)(c) GDPR).

4. DATA SHARING

We do not sell your personal data. We may share your data with:

• Other group members: Your display name, challenge completions, and progress are visible to members of groups you join. This is core to the accountability functionality of the Services.
• Service providers: We use third-party services to operate the app, including Firebase (authentication), RevenueCat (subscription management), and Expo (push notifications). These providers process data on our behalf under appropriate data processing agreements.
• Legal requirements: We may disclose data if required by law, regulation, or legal process.

5. DATA RETENTION

We retain your personal data for as long as your account is active or as needed to provide the Services. When you delete your account, we will delete or anonymize your personal data within a reasonable period, except where retention is required by law.

Challenge records and group data associated with your account will be removed upon account deletion.

6. DATA TRANSFERS

Your data may be processed by service providers located outside the EU/EEA. Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data in accordance with the GDPR.

7. YOUR RIGHTS

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you.
• Right to rectification: You have the right to request correction of inaccurate personal data.
• Right to erasure: You have the right to request deletion of your personal data. You can delete your account directly in the app settings.
• Right to restriction: You have the right to request restriction of processing of your personal data.
• Right to data portability: You have the right to receive your personal data in a structured, machine-readable format.
• Right to object: You have the right to object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, please contact us at info@guttae.se.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or another relevant supervisory authority.

8. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encrypted data transmission, secure authentication, and access controls.

9. ACCOUNT DELETION

You can delete your account at any time directly within the app by navigating to Settings → Delete Account. When you delete your account, we will permanently delete your personal data, including your profile information, challenge records, and group memberships. Data that has already been anonymized or aggregated may be retained. Account deletion is processed promptly and is irreversible.

Active subscriptions are not automatically cancelled when you delete your account. Please cancel any active subscriptions through the Apple App Store or Google Play Store before deleting your account to avoid continued billing.

10. CHILDREN'S PRIVACY

The Services are not intended for children under 13 years of age (or under 16 in certain jurisdictions). We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us at info@guttae.se.

11. TRACKING AND ADVERTISING

Daily Pact does not track you across other companies' apps or websites, and we do not use advertising identifiers. We do not display third-party advertisements in the app. We do not participate in ad networks or sell data for advertising purposes.

The app does not use cookies. We may use basic analytics to collect anonymized, aggregated usage data solely to improve the Services.

12. YOUR CALIFORNIA PRIVACY RIGHTS

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

• Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you.
• Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to opt-out of sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, please contact us at info@guttae.se.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy within the Services or by other reasonable means. Your continued use of the Services after such changes constitutes acceptance of the updated policy.

14. CONTACT

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Guttae AB
Org.nr 559266-9948
Stockholm, Sweden
Email: info@guttae.se