Skip to main content

Privacy Policy

Last updated: March 24, 2026

1. Introduction

Welcome to loggd.life ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our personal growth platform at loggd.life and the Loggd mobile application (together, the "Service").

loggd.life is a personal growth platform that helps you track habits, set goals, complete daily check-ins, and plan your life vision. We use gamification (points, levels, badges, leaderboards) to motivate consistent engagement. The Service is available via our website at loggd.life and our mobile app for iOS and Android.

2. Data Controller

loggd.life is operated by BALAN EUSEBIU-MARIAN PFA, based in Iasi, Romania (CUI: 42534241). For questions about this policy or your data, contact us at eusebiu@loggd.life.

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Username (publicly visible)
  • Password (stored securely hashed, never in plain text)
  • Timezone (auto-detected for scheduling features)

3.2 Profile Information

Optional information you may choose to add:

  • Bio/description
  • Profile visibility preferences (public or private)

3.3 Content You Create

The core of our service involves storing content you create:

  • Habits: Names, descriptions, frequencies, check-ins, notes, streaks, and skip reasons
  • Goals: Titles, descriptions, milestones, tasks, progress updates, and completion status
  • Daily Check-ins: Morning priorities, evening reflections, mood ratings (1-10), and tasks
  • Vision Board: Eulogy method entries, bucket list items, mission statement, definition of success, odyssey plans, and future calendar

3.4 Gamification Data

We automatically calculate and store:

  • Points earned from activities
  • Current level and tier
  • Current and longest streaks
  • Badges earned
  • Leaderboard rankings (monthly and all-time)
  • Activity history and timestamps

3.5 Survey Responses

When you complete our onboarding survey, we collect your responses about how you found us, what challenges you face, your experience with similar apps, and any feedback you provide. This helps us improve the service.

3.6 Payment Information

If you subscribe to Pro, payments are processed securely by the following providers depending on your platform:

  • Website: Lemon Squeezy processes payments. We store your Lemon Squeezy customer ID and subscription ID.
  • iOS App: Apple processes payments through the App Store. We receive subscription status and transaction identifiers via RevenueCat (our subscription management service), but we never receive your Apple ID password or payment card details.
  • Android App: Google processes payments through Google Play. We receive subscription status and transaction identifiers via RevenueCat.

We never store your full credit card number, CVV, or other sensitive payment details. All payment security is handled by the respective payment processors.

3.7 Automatically Collected Data

  • Usage Data: Activity timestamps, features used, pages visited
  • Device Information: Browser type, operating system, screen size, app version (mobile), platform (iOS/Android)
  • Log Data: IP address, access times, referring URLs
  • Approximate Location: We derive your approximate location (country, region, city) from your IP address at login using ip-api.com. This is used solely for login session security (detecting unusual access). We do not collect precise GPS location.
  • Cookies (web): Essential session cookies for authentication (see Section 8)
  • Local Storage (mobile): The mobile app stores encrypted data on your device (authentication tokens, cached content, user preferences) using secure storage. This data never leaves your device except as described in this policy.

3.8 Login Session Data (Registered Users Only)

When you log in to your account, we record session information for security and fraud prevention:

  • Device & Browser: Device type (mobile/desktop), browser name, operating system
  • Network: IP address and approximate location (country, city) derived from IP
  • Session timing: Login time, last activity, session duration

Purpose: This data helps us detect unauthorized access to your account and is processed under our legitimate interest in security. This data is deleted when you delete your account.

3.9 Third-Party Integrations (Threads by Meta)

You may optionally connect your Threads account to automatically track your posting activity as a habit. When you connect, we access and store:

  • Your Threads username, display name, and profile picture URL
  • The dates and number of posts you published (we do not store post content or media)
  • An OAuth access token to communicate with the Threads API (encrypted at rest)

Purpose: This data is used solely to create automatic habit check-ins based on your posting activity and to display your posting streak and consistency stats.

Disconnecting: You can disconnect your Threads account at any time from the Habits page. When you disconnect, or when you remove our app from your Threads settings, all Threads-related data (tokens, username, synced check-ins, and sync logs) is immediately and permanently deleted from our systems.

3.10 Social Login (Mobile App)

When you sign in using Apple or Google, we receive:

  • Sign in with Apple: Your name (if shared), email address (which may be a private relay address), and a unique Apple subscriber ID. We verify your identity token directly with Apple.
  • Sign in with Google: Your name, email address, and a unique Google subscriber ID. We verify your identity token with Google's servers.

We do not receive or store your Apple ID password or Google password. You can disconnect a social login provider from your account settings at any time.

3.11 Push Notifications (Mobile App)

If you enable push notifications, we collect:

  • A device push token (a unique identifier for delivering notifications to your device)
  • Your device platform (iOS or Android) and device name

Push notifications are delivered via the Expo Push Service, which acts as an intermediary to Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM). You can disable push notifications at any time from your device settings. Your push token is deleted from our servers when you log out.

3.12 Biometric Authentication (Mobile App)

You may optionally enable Face ID or fingerprint authentication for faster login. Your biometric data (face geometry, fingerprints) is never accessed, collected, or transmitted by Loggd. Biometric verification is handled entirely by your device's operating system. We only store an encrypted authentication token on your device, protected by the OS biometric check.

3.13 Crash Reports and Diagnostics (Mobile App)

We use Sentry to collect crash reports and performance data to improve app stability. When an error occurs, we may collect:

  • Error details and stack traces
  • Device type, operating system version, and app version
  • Your user ID and email (to help us identify and resolve issues affecting your account)

Crash data is processed by Sentry (sentry.io) under their Privacy Policy. We do not use crash data for advertising or tracking purposes.

4. How We Use Your Data

We use your data for the following purposes:

4.1 Providing the Service

  • Store and display your habits, goals, check-ins, reviews, and vision entries
  • Calculate points, levels, streaks, and badges
  • Generate your activity graph and progress visualizations
  • Power the leaderboard rankings
  • Unlock features as you progress through levels

4.2 Communications

  • In-app notifications (level ups, badge unlocks, streak milestones, goal progress)
  • Email notifications you've opted into (streak protection, weekly summaries, activation reminders, comeback messages)
  • Important service announcements and security alerts

4.3 Service Improvement

  • Analyze usage patterns to improve features
  • Debug issues and fix bugs
  • Develop new features based on user behavior
  • Use survey feedback to prioritize improvements

4.4 Safety and Security

  • Prevent fraud, abuse, and gaming of the points system
  • Enforce our Terms of Service
  • Protect other users and maintain platform integrity

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

  • Contract Performance: Processing necessary to provide the service you signed up for (account data, content, gamification)
  • Legitimate Interests: Service improvement, fraud prevention, and analytics that don't override your rights
  • Consent: Optional email notifications (you can opt out anytime)
  • Legal Obligation: Compliance with applicable laws

6. Data Sharing

We do not sell your personal data. We share data only in these limited circumstances:

6.1 Service Providers

  • Lemon Squeezy: Payment processing for Pro subscriptions (website)
  • Apple / Google: Payment processing for in-app purchases (mobile app)
  • RevenueCat: Subscription management and receipt validation for mobile app purchases
  • Email Service (Resend): Delivery of transactional and notification emails
  • Hosting Provider (Laravel Cloud): Server infrastructure to run the service
  • Sentry: Crash reporting and error tracking (mobile app)
  • Expo Push Service: Push notification delivery to mobile devices
  • ip-api.com: IP-based approximate geolocation for login session security
  • Meta Platforms (Threads API): Only when you connect your Threads account — we exchange data with Meta's API to sync your posting activity (see Section 3.9)

These providers only access data necessary to perform their functions and are bound by confidentiality obligations.

6.2 Public Features

Profiles are public by default. The following is visible to other users:

  • Username and bio
  • Activity graph (showing consistency, not specific content)
  • Badges earned
  • Level, points, and streak information
  • Habits and goals you choose to feature publicly

You control what habits and goals to share. Pro users can make their entire profile private in Settings.

6.3 Legal Requirements

We may disclose data if required by law, court order, or government request, or to protect our rights, safety, or property.

7. Data Retention

  • Active Accounts: We retain your data for as long as your account is active
  • Account Deletion: When you delete your account, your personal data is deleted within 30 days
  • Backups: Encrypted backups may retain data for up to 90 days before being overwritten
  • Anonymized Data: We may retain anonymized, aggregated statistics that cannot identify you
  • Legal Holds: We may retain data longer if required for legal proceedings or disputes

8. Cookies & Analytics

We use the following cookies:

  • Session Cookie: Keeps you logged in during your visit
  • CSRF Token: Protects against cross-site request forgery attacks
  • Dark Mode Preference: Remembers your display preference (stored in localStorage)
  • Google Analytics: We use Google Analytics to understand how visitors use our site (pages visited, time on site, general location). This helps us improve the service. Google may set cookies to collect this data. You can opt out using Google's opt-out browser add-on.

We do not use: Advertising cookies or cookies that track you across other websites for ad targeting.

9. Your Rights

Under GDPR and similar privacy laws, you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data (most editable directly in the app)
  • Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Data Portability: Export your data in a machine-readable format (Pro feature: CSV/JSON export)
  • Restriction: Request we limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Opt out of email notifications anytime in Settings
  • Lodge a Complaint: File a complaint with your local data protection authority, or with Romania's ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) at www.dataprotection.ro

To exercise these rights, contact us using the details in Section 14. We will respond within 30 days.

10. Security

We implement appropriate security measures to protect your data:

  • HTTPS encryption for all data in transit
  • Passwords stored using secure one-way hashing (bcrypt)
  • Database encryption at rest
  • Regular security updates and patches
  • Access controls and authentication
  • Rate limiting to prevent abuse

No system is 100% secure. If you discover a security vulnerability, please report it using the contact details below.

11. Children's Privacy

loggd.life is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us immediately and we will delete it.

12. International Data Transfers

Our servers are hosted in the United States (US East - Virginia). Your data is transferred to and processed in the US.

When we transfer data from the EU to the US, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission. Our payment processor (Lemon Squeezy) complies with EU data protection requirements.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For significant changes, we will notify you by email and/or display a prominent notice in the app. The "Last updated" date at the top will always reflect the most recent version. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: eusebiu@loggd.life