← Back to Pillaflow
Pillaflow Legal

Privacy Policy

<<<<<<< HEAD

This Privacy Policy explains how we collect, use, share, and protect information when you use the Pillaflow mobile app and related services.

Effective date: 20 December 2025 · App: Pillaflow · Data Controller: Lucas Rusu ("Pillaflow", "we", "us") · Contact: contact@pillaflow.com

=======

This Privacy Policy explains how Pillaflow collects, uses, stores, shares, and protects information when you use the Pillaflow mobile app and related services.

Effective date: 14 March 2026 · App: Pillaflow · Data Controller: Lucas Rusu ("Pillaflow", "we", "us") · Contact: contact@pillaflow.com

>>>>>>> 793de85c3e28d6d69d4dad7ae07032a5fda79c6a

1. What we collect

A. Account and profile information

When you create or use a Pillaflow account, we may collect information such as:

  • email address;
  • password credentials handled securely by our authentication provider;
  • username;
  • display name or name, if provided;
  • profile photo, if you choose to upload one;
  • account settings and preferences; and
  • security-related account settings, including two-factor authentication status where enabled.

We may also store profile and app preferences you choose, such as theme, appearance, reminders, notification settings, language, currency, goals, and similar account-level preferences.

B. Information you create in the app

We collect and store the content you create, upload, or record in Pillaflow so the Service can function and sync across devices. Depending on the features you use, this may include:

  • habits, habit completions, streaks, and habit settings;
  • tasks, subtasks, schedules, reminders, archived tasks, and task-related planning;
  • routines, routine items, recurring schedules, and completions;
  • notes and written entries;
  • focus mode, timers, countdowns, and productivity session data;
  • calendar-related entries created in Pillaflow;
  • invitations, shared items, and other planning-related records;
  • achievements, badges, milestones, insights, and progress summaries;
  • support-related messages or requests you send to us through the app or by email.

C. Health, wellness, and nutrition information

If you use Pillaflow's health and wellness features, we may collect and store information such as:

  • sleep logs;
  • water intake;
  • mood entries;
  • food logs, barcode-based food entries, calorie tracking, and nutrition data;
  • step counts and activity-related metrics;
  • weight logs, weight goals, weight progress, and weight-planning data;
  • other health and wellness metrics you choose to enter or sync.

Some health-related information may be considered special category or sensitive personal data under applicable UK or EU data protection law, depending on what you record and where you live. You control what health-related information you choose to enter, connect, or sync.

D. Device integrations and imported data

If you enable device or third-party integrations, Pillaflow may access and process information from those sources to provide app features.

Depending on your permissions and device, this may include:

  • health data from Apple Health or Health Connect, such as steps, active calories, or nutrition totals;
  • calendar data when you import events into Pillaflow or export Pillaflow items to your device calendar;
  • camera access if you scan barcodes or use camera-enabled features;
  • photo library access when you upload a profile image or other permitted content; and
  • notification permissions so reminders and alerts can be delivered.

We only access this information where you grant the relevant permission.

E. Social features, profiles, and groups

If you use Pillaflow's social features, we may collect and store:

  • friend requests, friendships, and social connections;
  • group creation details, memberships, invites, and related activity;
  • searchable profile information such as username, display name, and profile image;
  • interaction records needed to support invites, group participation, and profile features; and
  • user status information, such as recent activity indicators, where those features are available.

F. AI features

If you use Pillaflow's AI features, including AI chat, AI suggestions, summaries, planning assistance, or action proposals:

  • the text you submit may be sent to our backend systems to process your request;
  • relevant content may then be sent to third-party AI providers to generate a response;
  • AI-generated suggestions, action proposals, or related app actions may be stored so you can review, approve, reject, or use them in the app; and
  • usage metadata may be processed to improve reliability, safety, and feature performance.

You should not include highly sensitive information in AI messages unless you are comfortable with that information being processed for the purpose of generating a response.

G. Subscription and purchase information

If you purchase Premium, we may receive subscription status and entitlement information from services that help manage access to paid features, such as RevenueCat, and from app-store platforms such as Apple and Google.

We do not receive or store your full payment card details. Billing is handled by Apple App Store and/or Google Play.

H. Device, diagnostics, and usage information

We may collect limited technical and usage-related information needed to operate and improve the Service, such as:

  • app version;
  • device type;
  • operating system version;
  • crash or diagnostics information;
  • feature usage signals;
  • notification token or delivery-related technical identifiers; and
  • logs relating to security, abuse prevention, and service reliability.

I. Local device storage

Pillaflow may also store some information locally on your device, including through local storage technologies, in order to improve performance and app functionality. This may include:

  • session caching;
  • onboarding completion flags;
  • app preferences;
  • focus or timer session data;
  • temporary settings;
  • cached health or usage data; and
  • other app state information needed for smoother operation.

2. How we use your information

We use your information to:

  • create and manage your account;
  • authenticate you and maintain account security;
  • provide Pillaflow features and sync your data across devices;
  • support habits, tasks, routines, notes, health, finance, calendar, weight, social, and productivity features you choose to use;
  • show insights, achievements, trends, summaries, and progress views;
  • provide AI-generated responses, suggestions, and action proposals where enabled;
  • enable social features such as searchable profiles, friends, groups, and invitations;
  • deliver reminders, notifications, and in-app messages;
  • manage Premium access and subscription entitlements;
  • improve app performance, reliability, safety, and feature quality;
  • monitor for fraud, abuse, misuse, or security risks; and
  • comply with legal obligations and enforce our Terms and policies.

3. Legal bases for processing

Where UK GDPR, EU GDPR, or similar laws apply, we rely on one or more of the following legal bases:

  • Contract: to provide the Service you request and operate your account;
  • Legitimate interests: to maintain security, improve the Service, prevent abuse, troubleshoot issues, and support normal business operations;
  • Consent: where required, including for certain optional permissions, certain health-data processing, or specific device integrations;
  • Legal obligation: where we must process information to comply with applicable law; and
  • Vital interests or other lawful grounds: where recognised by applicable law in limited circumstances.

4. How we share information

We do not sell your personal information.

We may share information only as necessary with service providers and partners that help us operate the Service, such as:

  • Supabase for authentication, database storage, and backend functions;
  • RevenueCat for subscription entitlement management;
  • Apple App Store and Google Play for billing, subscription management, and related platform operations;
  • AI service providers used to generate AI responses or related features when you choose to use AI functionality;
  • notification, infrastructure, analytics, monitoring, or technical service providers where needed to operate, secure, or improve the Service; and
  • legal or regulatory authorities where required by law or where necessary to protect rights, safety, or the integrity of the Service.

We may also share information in connection with a business transfer, restructuring, merger, acquisition, or sale, subject to applicable law.

5. International data transfers

Some of our service providers may process data outside your country of residence. Where required by law, we take steps intended to ensure that appropriate safeguards are used for international data transfers, such as contractual protections or reliance on recognised adequacy mechanisms.

6. Data retention

We retain personal data for as long as reasonably necessary to provide the Service, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, and protect the Service.

In general:

  • account and app data may be retained while your account remains active;
  • data may be deleted or de-identified when you delete content or your account, subject to limited retention needs;
  • backups may persist for a limited period for disaster recovery and security purposes; and
  • certain logs, safety records, or transaction-related records may be retained for a limited period where needed for legal, fraud prevention, or operational reasons.

7. Security

We use reasonable administrative, technical, and organisational measures intended to protect personal information, including access controls, secure authentication practices, and encryption in transit where appropriate.

However, no system is completely secure, and we cannot guarantee absolute security.

8. Your rights

Depending on where you live, you may have rights regarding your personal data, including the right to:

  • access your data;
  • correct inaccurate data;
  • delete data;
  • restrict or object to certain processing;
  • request data portability;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with a relevant supervisory authority.
<<<<<<< HEAD

You can request rights by emailing contact@pillaflow.com.

=======

To exercise privacy rights, contact us at contact@pillaflow.com.

>>>>>>> 793de85c3e28d6d69d4dad7ae07032a5fda79c6a

9. Account deletion

You may be able to delete your account from within the app. When you request account deletion, we will delete or de-identify relevant personal data where reasonably feasible, subject to lawful retention needs, technical limitations, security needs, and backup retention cycles.

Deleting the app alone does not delete your account or your stored data.

10. Children

Pillaflow is not intended for children under 13, or under any higher minimum age required by local law. We do not knowingly collect personal data from children who are not permitted to use the Service.

If you believe a child has provided personal data in violation of this policy, please contact us.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify you through the app, by email, or by other appropriate means. The updated version will become effective on the date shown at the top of the policy.

<<<<<<< HEAD

12) Contact

Privacy: contact@pillaflow.com
Support: support@pillaflow.com

=======

12. Contact

For privacy, support, or data-related questions, contact:

>>>>>>> 793de85c3e28d6d69d4dad7ae07032a5fda79c6a