Privacy Policy
This Privacy Policy explains how the Goalzly mobile application ("Goalzly", the "App", "we", "us", "our") collects, uses, stores, and shares your information, and the rights you have over it.
Goalzly is operated by an individual developer (the "data controller" for the purposes of the EU/UK General Data Protection Regulation ("GDPR")).
- Operator: Akash Datadin
- Contact for privacy requests:as.datadin@gmail.com
If you do not agree with this Policy, please do not use the App.
1. Summary
- We collect the information you need to have an account and the content you create in the App (your goals, tasks, notes, reviews, streaks, and similar).
- We do not use third-party analytics, advertising, or tracking SDKs. We do not track you across other apps or websites, and we do not sell your data.
- Your content is stored in our cloud database (Supabase, EU region) and is isolated so that only your account can access it.
- You can delete your account and all associated cloud data at any time from within the App.
2. Information we collect
2.1 Account and identity data
Depending on how you sign in, we collect:
- Email address — when you sign up with email/password, or as provided by Apple or Google when you use "Sign in with Apple" or "Sign in with Google". If you use Apple's private email relay, we only receive the relay address.
- Name — the display name you enter during onboarding, and (optionally) the name provided by Apple or Google at sign-in.
- Authentication identifiers — a user ID (UUID) assigned to your account, and the identifiers of the sign-in providers you have linked (e.g. Apple, Google). Passwords, where used, are handled and stored in hashed form by our authentication provider (Supabase); we never see your plain-text password.
2.2 Content you create in the App
- Profile settings — your yearly goal, chosen Daily Pace, and theme colour.
- Goals and tasks — monthly targets, tasks/to-dos (titles, descriptions, deadlines, urgency, comments, completion status and dates).
- Notes — free-form notes and brain-dump text you write, optionally linked to a task.
- Day Balance items — your daily Day Balance entries (goal work vs. everything else).
- Streaks and sessions — streak counts, streak freezes and dates, and Focus Timer / Challenge session status.
- Reviews and reflections — your weekly, monthly, and quarterly reviews, including free-text reflections (for example how you felt, your biggest win or challenge, what gave or drained your energy, and your intentions for the next period).
Some of this content is personal and self-reflective. We treat it as your private content and only use it to operate the App for you (see Section 3).
2.3 Subscription status
Whether your account holds an active premium ("VIP") subscription. Your payment card and billing details are handled entirely by Apple through the App Store — we never receive or store them.
2.4 Feedback
If you submit feedback through the App, we store the feedback content together with your user ID so we can read, understand, and act on it.
2.5 On-device data
Some data is stored only on your device (using iOS UserDefaults, an App Group shared with the Goalzly widgets and Apple Watch app, and local SwiftData storage). This includes a cached copy of your goals/tasks for the widgets and Watch app, your Focus Timer session history, and your Day Balance items. On-device data does not leave your device except where it is also synced to your account as described above.
2.6 Data we do NOT collect
We do not collect health or fitness data (no HealthKit), location, contacts, calendar, photos, camera, microphone, biometric data, advertising identifiers (IDFA), or web-browsing history.
3. How we use your information and our legal bases
| Purpose | Data used | Legal basis (GDPR Art. 6) |
|---|---|---|
| Create and secure your account; authenticate you | Account/identity data | Performance of a contract |
| Provide the core App features (store and sync your goals, tasks, notes, reviews, streaks) | Content you create | Performance of a contract |
| Generate your progress views and review insights | Content you create | Performance of a contract |
| Manage subscriptions and unlock premium features | Subscription status | Performance of a contract |
| Send local reminders and check-ins based on your Daily Pace and streaks | Profile settings; on-device scheduling | Consent (you grant notification permission and can revoke it any time) |
| Respond to and improve the App from feedback you submit | Feedback | Legitimate interests (improving the App) |
| Keep the App secure and prevent abuse | Account/identity, technical data | Legitimate interests |
| Comply with legal obligations | As required | Legal obligation |
We do not use your information for advertising, profiling for marketing, or automated decision-making that produces legal effects.
4. Notifications
Goalzly sends local notifications (reminders, streak milestones, and review prompts) scheduled on your device based on your chosen Daily Pace. These are generated on your device; we do not operate a remote push-notification server for these reminders. You can turn notifications off at any time in iOS Settings → Goalzly → Notifications.
5. How your data is stored and who processes it
Your account and content are stored in a Supabase PostgreSQL database hosted in the European Union. Access is protected by row-level security so that each account can only read or modify its own data.
We rely on the following third-party service providers ("sub-processors"), each acting under its own privacy policy:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Cloud database and authentication hosting | Your account data and all content you create |
| Apple | Sign in with Apple, App Store, in-app purchases | Sign-in identifiers; subscription/payment (payment handled solely by Apple) |
| Sign in with Google (where you choose it) | Email and basic profile from your Google account | |
| Superwall | Displaying and managing the subscription paywall | Your user ID and the name of the feature that triggered a paywall |
We do not sell your personal data and we do not share it with advertisers or data brokers.
6. International transfers
Your primary data store is located in the EU. Some sub-processors (for example Apple and Superwall) may process limited data outside the European Economic Area. Where that happens, such transfers are covered by appropriate safeguards, such as the European Commission's Standard Contractual Clauses or an adequacy decision.
7. Data retention
- We keep your account data and content for as long as your account exists.
- When you delete your account, your cloud data is deleted as described in Section 9.
- Feedback you submit may be retained after account deletion where necessary to maintain a record of issues and improvements, in aggregated or de-identified form where practical.
- On-device data is retained on your device until you delete it or remove the App.
8. Your rights
If you are in the EU/UK, you have the right to: access your data; correct inaccurate data; erase your data; restrict or object to certain processing; data portability; and to withdraw consent (for example, notifications) at any time. You also have the right to lodge a complaint with your local data protection authority.
You can exercise most of these rights directly in the App (editing or deleting your content, or deleting your account). For any other request, contact us at as.datadin@gmail.com and we will respond within the time required by applicable law.
9. Deleting your account and data
You can delete your account at any time from within the App (Settings → Account → Delete Account). When you do this:
- All of your rows across our database tables (profile, tasks, targets, notes, Day Balance items, Challenge status, streaks, weekly/monthly/quarterly reviews, progress cache, and feedback) are deleted;
- Your authentication record is removed, so you can no longer sign in; and
- Data shared with the Goalzly widgets and Apple Watch app is cleared from your device.
Some data stored only on your device (such as Focus Timer session history) is removed when you delete the App from your device.
10. Security
We protect your data using: encrypted connections (HTTPS/TLS) for all communication with our servers; per-user row-level security in the database; and secure on-device storage of your session credentials in the iOS keychain. No method of transmission or storage is completely secure, but we take reasonable steps to protect your information.
11. Children
Goalzly is not intended for children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us personal data, contact us at as.datadin@gmail.com and we will delete it.
12. Changes to this Policy
We may update this Policy from time to time. We will update the "Effective date" above and, where changes are material, provide a more prominent notice. Continued use of the App after an update means you accept the revised Policy.
13. Contact
Questions or requests about this Policy or your data:
Email:as.datadin@gmail.com