Last updated: February 21, 2026

Greatr ("we," "us," or "our") operates the GREATR mobile application (the "App"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our App.

By using GREATR, you agree to the collection and use of information as described in this policy.

1. INFORMATION WE COLLECT

1.1 Account Information
When you create an account, we collect:

• Email address

• Name (provided directly or via Apple/Google sign-in)

• Profile picture (optional, via Apple/Google sign-in or uploaded by you from your photo library)

• Display name (optional, set by you)

• Bio (optional, set by you)

  
  

1.2 Authentication Data
We support sign-in via email/password, Apple Sign-In, and Google Sign-In. When using third-party sign-in, we receive your name and email address from the provider. We do not receive or store your Apple or Google account passwords.

1.3 Onboarding & Personalization Data
During onboarding, we may collect:

• Age group

• Gender

• Personal goals and preferences

• Personality archetype (based on your answers)

This data is used to personalize your experience within the App.

1.4 Habit & Activity Data
The core functionality of the App involves tracking your personal development habits. We collect:

• Habit types and configurations (reading, meditation, writing, custom)

• Session durations and completion timestamps

• Daily streaks and completion history

• Ritual schedules and completions (morning/evening routines)

  
  

1.5 Reading Data

• Book titles, authors, and page counts (sourced from Google Books API)

• Pages read per session

• Reading progress and books completed

  
  

1.6 Meditation Data

• Session durations

• Meditation type (guided or silent)

• Lesson progress

  
  

1.7 Writing & Journal Entries

• Full text of journal entries you write in the App

• Writing prompts used

• Writing method (in-app or handwriting)

  
  

Your journal entries are private and only accessible to you. They are stored securely on our servers and are not shared with any third party.

1.8 Device Information

• Device model (e.g., "iPhone 15 Pro")

• Device name (e.g., "John's iPhone")

• Operating system and version

• Platform (iOS or Android)

  
  

1.9 Push Notification Data

• Push notification token (for delivering notifications)

• Device name and platform (to manage your registered devices)

• Notification preference settings

  
  

1.10 Usage & Analytics Data
We collect usage data to improve the App, including:

• App launches, installs, updates, and session activity

• Feature usage and navigation patterns

• Habit session starts, completions, and abandonments

• Onboarding progress and step completion

• Feature flag evaluations

  
  

This data is linked to your user account (user ID, email, display name, and authentication provider) for analysis purposes. See Section 9 for more details.

1.11 IP Address
Our analytics provider (PostHog) collects your IP address by default for approximate geolocation purposes. We do not use your IP address for tracking or advertising.

1.12 Device Permissions
The App may request the following device permissions:

• Push notifications: To send ritual reminders

• Photo library: To select a profile picture from your device

• Background audio: To continue playing guided meditation audio when the App is in the background

  
  

2. HOW WE USE YOUR INFORMATION

We use the information we collect to:

• Provide and maintain the App's core functionality (habit tracking, reading, meditation, writing, rituals)

• Authenticate your identity and secure your account

• Personalize your experience based on your preferences and goals

• Display your progress, streaks, and statistics

• Calculate leaderboard rankings (display name, avatar, streak data, and total minutes are visible to other users)

• Send push notifications for ritual reminders

• Analyze usage patterns to improve the App's performance and features

• Provide customer support

  
  

3. THIRD-PARTY SERVICES

We use the following third-party services to operate the App. Each service may process your data according to their own privacy policies.

3.1 Supabase

• Purpose: Database hosting, user authentication, real-time data synchronization, and file storage (profile pictures)

• Data processed: All user account data, habit data, activity records, writing entries, and uploaded images

• Data location: Primary database in the United States (Ohio); read replica in the European Union (Paris)

• Privacy policy: https://supabase.com/privacy

  
  

3.2 PostHog

• Purpose: Product analytics and feature flags

• Data processed: Usage events, user ID, email address, display name, authentication provider, IP address, and device information

• Data location: European Union (eu.i.posthog.com)

• Privacy policy: https://posthog.com/privacy

  
  

3.3 Expo Push Notification Service

• Purpose: Delivering push notifications to your device

• Data processed: Push notification token, device platform, and notification content (ritual reminders)

• Note: Notification content does not contain personal data

• Privacy policy: https://expo.dev/privacy

  
  

3.4 Google Books API

• Purpose: Searching for book metadata (titles, authors, cover images)

• Data processed: Search queries only; no personal data is sent

• Privacy policy: https://policies.google.com/privacy

  
  

3.5 Apple Sign-In / Google Sign-In

• Purpose: Authentication only

• Data received: Name and email address

• We do not share your App data back with Apple or Google

  
  

We do not sell your personal data to any third party. We do not use your data for third-party advertising. We do not share data with data brokers.

4. DATA STORAGE AND SECURITY

4.1 Server Storage
Your data is stored on servers provided by Supabase, with the primary database located in the United States (Ohio) and a read replica in the European Union (Paris). All data transmission between the App and our servers uses HTTPS/TLS encryption. Database access is protected by Row Level Security (RLS) policies, ensuring users can only access their own data.

4.2 Local Storage
The App stores limited data on your device for performance and session recovery:

• Authentication session tokens

• Active session state (for recovering interrupted habit sessions)

• Notification preferences and permission flags

Local data is cleared when you sign out. Local device storage is not encrypted by the App; it relies on the operating system's built-in device security (device passcode, biometrics).

4.3 Security Measures

• All data transmitted between the App and our servers is encrypted via TLS/HTTPS

• Database access is restricted by Row Level Security policies

• Passwords are hashed and never stored in plain text

• Profile pictures are stored in isolated per-user directories

  
  

5. DATA RETENTION

• Account and habit data is retained for as long as your account is active

• Analytics data (PostHog) is retained for up to one year

• Session recovery data is temporary and cleared after use or on sign-out

• Push notification tokens are deactivated when you sign out

When you delete your account, all associated data is permanently removed from our servers (see Section 6).

6. ACCOUNT DELETION

You can delete your account at any time from within the App (Profile > Delete Account). Account deletion permanently removes:

• Your user profile and authentication data

• All habit data, logs, and statistics

• All writing and journal entries

• Push notification tokens and preferences

• Onboarding responses and personalization data

• All other data associated with your account

Deletion requires confirmation by typing "DELETE" and is irreversible. Analytics data previously collected by PostHog is subject to PostHog's own data retention policies.

7. CHILDREN'S PRIVACY

GREATR is designed for adults and is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a person under 16 has provided us with personal information, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us at privacy@greatrapp.com.

8. PUSH NOTIFICATIONS

We may send push notifications for:

• Morning and evening ritual reminders (scheduled locally on your device)

Ritual reminders are scheduled locally on your device and do not require server communication.

You can manage notification preferences within the App's settings or disable notifications entirely through your device settings at any time.

9. ANALYTICS AND TRACKING

We use PostHog for product analytics to understand how the App is used and to improve the user experience. Analytics data is processed on servers located in the European Union.

We collect usage events such as:

• Habit session starts, completions, and duration

• Feature navigation and engagement

• Onboarding progress and selections

• App lifecycle events (install, update, open, background)

We link analytics data to your account using your user ID, email address, display name, and authentication provider. This data is used solely for product improvement.

PostHog collects your IP address by default for approximate geolocation. We do not use IP data for advertising or tracking purposes.

We do not engage in cross-app tracking. We do not use advertising identifiers (IDFA/GAID). We do not share analytics data with advertisers or data brokers.

10. YOUR RIGHTS

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you

• Correction: Request correction of inaccurate personal data

• Deletion: Request deletion of your account and all associated data (available directly in the App)

• Data Portability: Request your data in a portable format

• Restriction: Request restriction of processing of your personal data

• Withdraw Consent: Withdraw consent for data processing at any time

• Object: Object to certain types of data processing

• Complaint: Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at privacy@greatrapp.com. We will respond to your request within 30 days.

11. . LEADERBOARD AND PUBLIC DATA

The following data may be visible to other authenticated users through leaderboards:

• Display name

• Profile picture

• Current and longest streaks

• Total minutes completed

You can control your display name and profile picture in your profile settings.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the updated policy within the App or by other appropriate means. The "Last updated" date at the top of this policy indicates when it was last revised.

Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

13. CONTACT US

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Greatr
Iceland
Email: privacy@greatrapp.com

14. INTERNATIONAL DATA TRANSFERS

Greatr is based in Iceland, which is part of the European Economic Area (EEA). Some of your data is processed outside the EEA:

• Supabase: Primary database hosted in the United States (Ohio), with a read replica in the European Union (Paris). Data transfers to the US are governed by Supabase's Data Processing Agreement and Standard Contractual Clauses (SCCs).

• Expo Push Notification Service: Operates in the United States. Push notification tokens and notification content are processed in the US.

  
  

All other services (PostHog analytics) process data within the European Union.

15. APPLICABLE LAW

This Privacy Policy is governed by and construed in accordance with the laws of Iceland and applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area and the California Consumer Privacy Act (CCPA) for users in California, United States.

The supervisory authority for data protection in Iceland is the Icelandic Data Protection Authority (Persónuvernd).

For users in the European Economic Area, the legal basis for processing your personal data is:

• Contract performance: Processing necessary to provide the App's services (habit tracking, reading, meditation, writing, rituals)

• Legitimate interest: Analytics and product improvement

• Consent: Push notifications and optional profile information