Privacy Policy

Last updated: April 14, 2026

1. Introduction

GoalFrame ("we," "our," or "us") respects your privacy and is committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you visit the website GoalFrame.app (our "Website") or use our mobile application (the "App") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This privacy policy explains in detail what data we collect, how we use it, where it's stored, how long we keep it, and how you can delete it.

2. Local-First Architecture

GoalFrame is designed with a "Local-First" architecture. This means that, by default, all your data is stored locally on your device. We do not operate backend servers to store your personal information. Your habit tracking data, goals, notes, and other personal entries remain on your device unless you explicitly choose to enable optional cloud backup features (which require a Premium subscription and use your own cloud storage).

3. Information We Collect

We collect several types of information to provide and improve our App:

3.1 Habit and Goal Tracking Data

This is the core data you create while using GoalFrame to track your habits and goals:

  • Tracker Information: Habit names, descriptions, icons, colors, tracker types (habit, target, average, milestone), frequency settings (daily, weekly, monthly), start and end dates, target values, units of measurement
  • Daily Entries: Completion records, quantitative values you log, dates of entries, personal notes and reflections
  • Projects: Project names, descriptions, priority levels, deadlines, and completion status
  • Reminders: Reminder times and notification preferences
  • Milestones: Achievement records and milestone completion data

All of this data is stored locally on your device and is never sent to GoalFrame servers (we don't have servers for user data). This data may be synced to your personal cloud storage (Google Drive or iCloud) if you enable the optional cloud backup feature with a Premium subscription.

3.2 Account Information

  • Email Address: Collected when you create an account via email/password authentication
  • Authentication Tokens: Securely stored tokens from Firebase Authentication for account access
  • Authentication Provider Info: If you sign in with Google or Apple, we receive your email address and basic profile information from those providers

3.3 Device Information

  • Device Identifiers: Unique device IDs used to coordinate cloud sync across multiple devices
  • Operating System: OS type and version for compatibility purposes
  • App Version: To ensure proper data sync between different app versions

3.4 Usage Analytics

  • Firebase Analytics: We collect anonymized usage data about app features used, screens viewed, and general usage patterns to improve the app experience. This data is aggregated and cannot be used to identify you personally.

3.5 Subscription Information

  • Subscription Status: Managed through RevenueCat to determine your access to Premium features
  • Purchase Records: Handled by Apple App Store or Google Play Store (we do not store payment information)

4. How We Use Your Data

We use the information we collect for the following purposes:

  • Habit & Goal Tracking: To provide the core functionality of the app—tracking your habits, goals, and progress over time
  • Account Management: To authenticate your account, manage your login sessions, and secure your account
  • Cloud Sync (Optional Premium Feature): To sync your data across multiple devices using your own cloud storage (Google Drive or iCloud)
  • App Improvement: To analyze anonymized usage patterns and improve features, user experience, and performance
  • Subscription Management: To manage your Premium subscription and provide access to premium features
  • AI Insights: To provide on-device AI coaching and insights (all processing happens locally on your device)
  • Notifications: To send you reminders and notifications based on your preferences

5. Data Storage and Retention

5.1 Local Storage

All your data is stored locally on your device using the Hive database system. This includes all your trackers, daily entries, projects, notes, and settings. Data remains on your device indefinitely until you choose to delete it.

5.2 Cloud Backup (Optional Premium Feature)

If you enable cloud backup (requires Premium subscription), your data is synced to your personal cloud storage:

  • Google Drive: Data is stored in the appDataFolder, a hidden, app-specific folder in your Google Drive that is not visible in your regular Drive interface
  • iCloud: Data is stored in an app-specific iCloud container (iOS and macOS only)

Important notes about cloud backup:

  • Cloud sync requires an active Premium subscription
  • If your subscription lapses, cloud sync is automatically disabled
  • Your data remains in your cloud storage until you manually disconnect or delete your account
  • We do not have access to your cloud-stored data—it's stored in your personal Google Drive or iCloud account

5.3 Data Retention Periods

  • Active Data: Retained indefinitely while you actively use the app
  • Deleted Items (Soft Delete): When you delete a tracker, entry, or project, it's marked for deletion with a 7-day grace period to allow the deletion to sync across all your devices. After 7 days, the item is permanently purged.
  • Account Deletion: When you delete your account:
    • Your account is immediately removed from Firebase Authentication
    • All local data is immediately deleted from your device
    • Cloud backups are removed from Google Drive or iCloud within 30 days
  • Firebase Analytics: Anonymous analytics data is retained according to Firebase's data retention policies (typically 14 months)

5.4 No GoalFrame Servers

We do not operate backend servers to store your personal habit tracking data. All data is either stored locally on your device or in your own cloud storage (Google Drive or iCloud) that you control.

6. How to Delete Your Data

You have full control over your data and can delete it at any time:

6.1 Delete Individual Items

You can delete individual trackers, entries, and projects directly within the app. Deleted items enter a 7-day grace period to allow deletion to sync across your devices (if cloud backup is enabled), after which they are permanently purged.

6.2 Delete Your Account and All Data

To permanently delete your account and all associated data:

  1. Open the GoalFrame app
  2. Go to SettingsAccountDelete Account
  3. Read the warning about permanent data deletion
  4. Type "Delete account" to confirm
  5. Tap the confirmation button

What gets deleted:

  • Your account is immediately removed from Firebase Authentication
  • All local data is immediately deleted from your device (all trackers, entries, projects, notes, settings)
  • Cloud backups are removed from your Google Drive or iCloud within 30 days

Important: Account deletion is permanent and cannot be undone. Active subscriptions are not automatically refunded—please cancel your subscription separately through the App Store or Google Play Store if desired.

6.3 Logout and Clear Local Data

When logging out, you have the option to keep or delete your local data. If you choose to delete data on logout, all locally stored information will be removed from your device (but cloud backups will remain if enabled).

6.4 Export Your Data Before Deletion

Before deleting your account, you can export all your data in JSON format for your records. This feature is available in SettingsData Export.

6.5 Request Data Deletion via Email

If you're unable to delete your account through the app, you can contact us at privacy_goalframe@guediasoft.org to request account and data deletion.

7. On-Device AI

GoalFrame uses AI to provide personalized coaching and insights. All AI processing happens entirely on your device:

  • Local AI Models: We use Flutter Gemma, an on-device AI model that runs locally on your phone
  • No Cloud AI: Your personal entries, habit data, and notes are never sent to cloud-based AI services for processing
  • Privacy First: All AI insights are generated locally, ensuring your private data stays private
  • Model Downloads: AI models are downloaded once from Firebase Storage and then stored locally on your device for offline use

8. Third-Party Services

GoalFrame integrates with the following third-party services. Each has its own privacy policy governing how they handle data:

8.1 Firebase (Google)

  • Firebase Authentication: Manages user accounts and login sessions
  • Firebase Analytics: Collects anonymized app usage data
  • Firebase Storage: Hosts AI model downloads (does not store your personal data)
  • Firebase Privacy Policy

8.2 Google Sign-In

  • Optional authentication method
  • We receive your email address and basic profile information
  • Google Privacy Policy

8.3 Apple Sign-In

  • Optional authentication method (iOS/macOS)
  • We receive your email address (or Apple's private relay email)
  • Apple Privacy Policy

8.4 Google Drive API

  • Optional cloud backup service (Premium feature)
  • Your data is stored in your personal Google Drive appDataFolder
  • We only access the appDataFolder, not your other Drive files
  • Google Privacy Policy

8.5 iCloud

  • Optional cloud backup service (Premium feature, iOS/macOS only)
  • Your data is stored in an app-specific iCloud container
  • Apple Privacy Policy

8.6 RevenueCat

  • Subscription and payment management platform
  • Processes subscription status and purchase validation
  • Does not store payment information (handled by App Store/Play Store)
  • RevenueCat Privacy Policy

9. Data Security

We implement industry-standard security measures to protect your data:

  • Secure Storage: OAuth tokens and authentication credentials are stored using Flutter Secure Storage (encrypted storage on device)
  • Local Encryption: On iOS, the local Hive database benefits from iOS keychain encryption
  • HTTPS Encryption: All network communications use HTTPS encryption
  • No Central Database: We do not maintain a central database of user habit tracking data, reducing the risk of large-scale data breaches
  • Cloud Security: When using cloud backup, your data is stored in your personal Google Drive or iCloud, which have their own security measures
  • Authentication Security: Account authentication is handled by Firebase Authentication with industry-standard security practices

However, please note that no method of electronic storage or transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

10. Your Privacy Rights

You have the following rights regarding your personal data:

  • Right to Access: You can view and export all your data at any time through the app's data export feature
  • Right to Deletion: You can delete individual items or your entire account and all associated data
  • Right to Data Portability: You can export your data in JSON format for use with other services
  • Right to Opt-Out of Analytics: You can disable analytics tracking in the app settings (if applicable)
  • Right to Rectification: You can edit or update any of your data directly within the app

To exercise any of these rights, you can use the in-app features or contact us at privacy_goalframe@guediasoft.org.

11. Children's Privacy

GoalFrame is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy_goalframe@guediasoft.org, and we will delete such information from our systems.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will update the "Last updated" date at the top of this policy. We encourage you to review this policy periodically. Significant changes will be communicated through the app or via email.

Your continued use of the app after any changes to this privacy policy constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Email: privacy_goalframe@guediasoft.org

We will respond to your inquiries within a reasonable timeframe.