Privacy Policy

This Privacy Policy explains how LevelLife ("we", "us", or "our") collects, uses, and shares information when you use our application, website, and related services (the "Service"). For the purposes of the EU/EEA General Data Protection Regulation ("GDPR"), we act as a data controller for personal data we process about you in connection with the Service.

1. Information We Collect

• Account Information: Email, name or alias, and settings you provide.
• Usage Data: App interactions, feature usage, device type, and diagnostics.
• Content: Tasks, habits, notes, and other content you add.
• Cookies & Similar: We may use cookies or local storage for preferences and analytics.
• Authentication Data (Firebase Authentication): Email, display name, profile image (if provided), authentication provider, Firebase UID, and sign-in metadata. If you use a third-party identity provider via Firebase (e.g., Google, Apple), we may receive information that provider shares with us according to their terms and your settings.
• Purchase & Subscription Data (App Store/Google Play): Country, currency, purchase/order identifiers, product SKU, subscription status, renewal/cancellation information, and related transaction metadata that Apple or Google share with us for purchase verification and entitlement management. We do not collect or store payment card details; Apple and Google handle payment processing.

2. How We Use Information (Legal Bases)

• Provide, maintain, and improve the Service (performance of a contract; legitimate interests).
• Personalize features and content.
• Communicate with you about updates and offers (with your consent where required; legitimate interests).
• Ensure security and prevent abuse (legitimate interests).
• Comply with legal obligations (legal obligation).
• Authenticate you and secure your account via Firebase Authentication.
• Verify purchases, manage subscriptions, renewals, refunds, and applicable taxes via Apple App Store and Google Play billing.
• Enforce access limits and entitlements (e.g., free usage up to level 5) (performance of a contract; legitimate interests).
• Prevent fraud and enforce our terms, including monitoring for abusive or anomalous activity.

Where we rely on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

3. Sharing of Information

• With service providers who help us operate the Service (e.g., hosting, analytics) under confidentiality obligations.
• With our authentication provider (Firebase Authentication) to create and manage your account and provide secure sign-in. Firebase acts as our processor for authentication data.
• With Apple App Store and/or Google Play for purchase verification, subscription management, fraud prevention, invoicing, and tax compliance. Apple and Google generally act as independent controllers of purchase data; please review their privacy notices for details.
• For legal reasons or to protect rights, property, or safety.
• With your consent or at your direction.

4. Data Retention

We retain information as long as your account is active or as needed to provide the Service and comply with legal obligations. Authentication data is retained while your account remains active and for a reasonable period thereafter to secure the Service and comply with law. App Store/Google Play purchase and invoicing records may be retained for the period required by tax, accounting, or other applicable laws.

5. Your Rights (GDPR)

If you are in the EU/EEA or UK, you have the right to request access to your personal data, rectification, erasure, and restriction of processing; the right to data portability; and the right to object to processing based on legitimate interests and to direct marketing. Where processing is based on your consent, you have the right to withdraw consent at any time. To exercise these rights, contact us at krispers.studios@gmail.com. You also have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO): https://uodo.gov.pl/.

6. International Transfers

Your information may be transferred to and processed in countries other than your own, including where our service providers (such as Firebase Authentication and app stores) operate facilities. When we transfer personal data outside the EU/EEA/UK, we rely on appropriate safeguards, such as European Commission Standard Contractual Clauses or UK-approved mechanisms, and implement additional measures where necessary.

7. Security

We use administrative, technical, and physical safeguards designed to protect your information. We do not collect or store payment card details; Apple and Google handle payment information using industry-standard security. However, no system is 100% secure.

8. Children's Privacy

The Service is not directed to children under 16 in the EU/EEA/UK, and we do not knowingly collect personal information from children under that age. If you are a parent or guardian and believe your child has provided personal data, please contact us to request deletion.

9. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the date above and may provide additional notice as required.

10. Contact Us

For questions or concerns about this Policy, contact us at krispers.studios@gmail.com.