PRIVACY POLICY FOR INTENTION
Last Updated: September 13, 2025
This privacy policy explains how the Intention app ("we," "our," or "us") collects, uses, and protects your personal information. By using our app, you agree to the practices described in this policy.
==========================================
1. INTRODUCTION
==========================================
We built Intention as a privacy-focused habit tracking app with secure cloud backup. Your habits and progress are automatically backed up to the cloud to prevent data loss and enable multi-device sync, while maintaining strong privacy protections.
Key Points:
• Your habits are stored locally and backed up to the cloud for sync
• Alarm settings remain only on your device for privacy
• We don't track, analyze, or sell your personal data
• You have full control over your information
• We use encryption to protect your data both locally and in the cloud
==========================================
2. INFORMATION WE COLLECT
==========================================
2.1 Information You Provide
---------------------------
• Account Information: Email address and name (when you create an account)
• Google Sign-In: If you use Google Sign-In, we receive your Google ID, email, and display name
• Habit Data: Names, descriptions, frequency settings, and start/end dates for habits you create (backed up to the cloud)
• Habit Completions: Your progress tracking data including completion dates and counts (backed up to the cloud)
• Alarm Settings: Times, names, and preferences for your alarms (stored only on your device)
• Daily Intentions: Your selections of habits to complete each day (backed up to the cloud)
2.2 Information Collected Automatically
--------------------------------------
• Session Data: Encrypted authentication tokens stored on your device
• AI-Generated Audio: Motivational messages created from your habits (stored on your device)
• Sync Metadata: Device ID, last sync timestamp, and sync version for data synchronization
2.3 Calendar Information (Optional)
----------------------------------
If you grant permission, we temporarily access your device's calendar to show events alongside habits:
• This data is only accessed when you're setting intentions
• It's cached for up to 5 minutes in memory
• It's never permanently stored or sent to any server
==========================================
3. HOW WE USE YOUR INFORMATION
==========================================
We use your information to:
• Authenticate your account and keep you signed in
• Provide core app features (habits, alarms, reminders)
• Sync your habits and progress across your devices
• Backup your data to prevent loss
• Generate AI motivational messages based on your habits
• Display your calendar events (if you grant permission)
We DO NOT:
• Sell, rent, or share your data with third parties for marketing
• Use your data for advertising
• Track your app usage or collect analytics
• Access your data without your explicit action
==========================================
4. DATA STORAGE AND SECURITY
==========================================
4.1 Local Storage
-----------------
Your data is stored on your device using Android's secure storage:
• Alarm settings and audio files remain only on your device
• Habits and completions are stored locally and synced to cloud
• Data on device is removed when you uninstall the app
4.2 Cloud Storage & Sync
------------------------
We store the following data in our secure cloud infrastructure (Supabase):
• Habit data: Names, descriptions, frequency settings, and dates
• Completion tracking: Your progress and completion history
• Daily intentions: Your selected habits for each day
• Sync metadata: Device identifiers and sync timestamps
• Authentication data: Email, account ID, and encrypted tokens
Cloud storage benefits:
• Automatic backup prevents data loss
• Sync across multiple devices
• Data recovery if you switch phones
• Access your habits from any device you sign into
4.3 Security Measures
--------------------
• All passwords are encrypted before storage
• Session tokens use Android's encrypted storage
• All internet connections use HTTPS encryption
• Cloud data is encrypted in transit and at rest
• We validate all inputs to prevent security attacks
• Automatic conflict resolution for sync issues
• Device-specific identifiers for secure multi-device sync
==========================================
5. THIRD-PARTY SERVICES
==========================================
We use these services to provide app features:
5.1 Supabase (Authentication & Data Storage)
---------------------------------------------
• Purpose: User sign-in, account management, and cloud data storage
• Data shared: Email, authentication tokens, habits, completions, and sync metadata
• Privacy policy: https://supabase.com/privacy
5.2 OpenAI (AI Features)
-----------------------
• Purpose: Generate motivational messages and text-to-speech
• Data shared: Habit names, descriptions, and completion rates (no personal identifiers)
• Access: Through our secure servers, not directly from your device
• Privacy policy: https://openai.com/privacy
5.3 Google Sign-In (Optional)
-----------------------------
• Purpose: Quick and secure sign-in option
• Data received: Google ID, email, and display name
• Privacy policy: https://policies.google.com/privacy
==========================================
6. YOUR RIGHTS AND CHOICES
==========================================
You have complete control over your data:
6.1 Access and Control
---------------------
• View all your data within the app
• Edit or delete any habit, alarm, or setting
• Clear all app data from your device settings
• Delete your account by contacting us
6.2 Permission Controls
----------------------
You can control these permissions in your device settings:
• Calendar access (optional - for viewing events)
• Notifications (required for alarms to work)
• Internet access (required for sign-in and AI features)
6.3 Data Export and Portability
-------------------------------
• Export your habits and completions at any time
• Data is yours - take it with you if you leave
• Standard formats for easy migration
6.4 Your Privacy Rights by Region
---------------------------------
European Union (GDPR):
• Right to access your data
• Right to correct inaccurate data
• Right to delete your data
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to file complaints with authorities
California (CCPA/CPRA):
• Right to know what data we collect
• Right to delete your data
• Right to opt-out of data sales (we don't sell data)
• Right to non-discrimination
• Right to correct inaccurate data
Canada (PIPEDA):
• Right to access your data
• Right to challenge accuracy
• Right to withdraw consent
Australia (Privacy Act):
• Right to access your data
• Right to correct inaccurate data
• Right to make complaints
Brazil (LGPD):
• Right to confirmation of processing
• Right to access data
• Right to correct data
• Right to delete data
• Right to data portability
==========================================
7. DATA RETENTION
==========================================
• Local Data: Kept until you delete it or uninstall the app
• AI Audio Files: Kept until you delete the associated alarm
• Calendar Data: Temporary (5-minute cache, never saved)
• Account Data: Kept until you delete your account
• Session Tokens: Automatically expire and refresh as needed
==========================================
8. CHILDREN'S PRIVACY
==========================================
Our app is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal information, please contact us immediately.
==========================================
9. AI AND AUTOMATED PROCESSING
==========================================
Our AI features work as follows:
• AI only processes data when you save an alarm with habits selected
• Habit names, descriptions, and completion rates are sent for processing (no personal identifiers)
• AI doesn't make decisions that legally affect you
• Generated content is purely for motivation
• You can use the app without AI by not selecting habits for alarms
==========================================
10. INTERNATIONAL DATA TRANSFERS
==========================================
Your data may be processed in other countries when using third-party services:
• Supabase stores and processes data in their data centers (see their privacy policy for specific locations)
• OpenAI processes habit information in their servers (primarily US-based) when generating motivational messages
• Both services use encryption for data in transit and at rest
• We rely on these services' compliance with data protection laws and their privacy safeguards
• We do not directly control where these services process your data
==========================================
11. CHANGES TO THIS POLICY
==========================================
We may update this policy occasionally. When we do:
• We'll update the "Last Updated" date
• For significant changes, we'll notify you in the app
• We'll get your consent where legally required
==========================================
12. CONTACT US
==========================================
For privacy questions or concerns:
Email: intention.alarm@gmail.com
For data protection inquiries:
• EU residents: Contact your local data protection authority
• UK residents: Contact the Information Commissioner's Office (ICO)
• California residents: Contact the California Attorney General
We aim to respond to all privacy inquiries within 30 days.
==========================================
13. COMPLIANCE
==========================================
This policy complies with:
• General Data Protection Regulation (GDPR) - EU/EEA
• UK General Data Protection Regulation (UK GDPR)
• California Consumer Privacy Act (CCPA/CPRA)
• Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
• Privacy Act 1988 - Australia
• Lei Geral de Proteção de Dados (LGPD) - Brazil
• Act on the Protection of Personal Information (APPI) - Japan
==========================================
14. COUNTRIES WHERE APP IS NOT AVAILABLE
==========================================
Due to data localization requirements or the need for local representatives, our app is not available in:
• Russia (data localization required)
• China (complex requirements and local representative needed)
• Turkey (data localization for payment data)
• Vietnam (data localization requirements)
• Indonesia (data localization for certain sectors)
==========================================
Thank you for trusting Intention with your personal information. We're committed to protecting your privacy and giving you control over your data.