Back to Home

Privacy Policy

Effective Date: March 12, 2026
Last Updated: March 12, 2026

At Jarify, we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our website (jarify.app) and our mobile application (Jarify for iOS and Android), collectively referred to as "the Service".

1. Information We Collect

1.1 Account Information

When you create a Jarify account, we collect:

  • Email address — used for authentication, account recovery, and important account notifications
  • Password — stored securely using industry-standard hashing (never stored in plain text)
  • Display name (optional) — a name you choose to identify yourself within the app

1.2 User-Generated Content

When you use Jarify, you create content that we store to provide the Service:

  • Tasks — task titles, completion status, and timestamps
  • Categories — custom category names and associated colors
  • Jars — jar size preferences, labels, and completion history
  • Archived data — historical records of completed jars and their tasks

1.3 Social Features

If you use Jarify's friend features, we collect:

  • Friend code — an auto-generated code (e.g., "valid-horse-4932") used to connect with other users
  • Friend connections — records of accepted friendships and privacy level preferences you set for each friend
  • Friend requests — sent and received requests with timestamps

1.4 Device and Technical Information

  • Push notification token — a device identifier used by Firebase Cloud Messaging (FCM) to deliver push notifications, stored only if you enable notifications
  • Device platform — whether you use iOS or Android (stored alongside your notification token)

1.5 Local Device Storage

The app stores data locally on your device for offline functionality:

  • App preferences — sound, haptics, jar size, and display settings
  • Offline database — a local copy of your tasks, categories, and friend data for offline access
  • Sync metadata — timestamps to keep your local and cloud data in sync

This data stays on your device and is not transmitted to our servers unless syncing is required.

1.6 Website Analytics

On our website (jarify.app), with your consent, we collect:

  • PostHog Analytics — anonymous usage data including page views, interactions, and session recordings (only with your consent)
  • Vercel Analytics — aggregated performance and traffic metrics (non-personal)
  • Device information — browser type, operating system, screen resolution

The mobile app does not contain any analytics or tracking software. We do not track your in-app behavior, screen views, or usage patterns within the mobile application.

1.7 Cookies (Website Only)

  • Essential cookies — remember your cookie consent preferences (always active)
  • Analytics cookies — track website usage patterns via PostHog (only with your consent)

You can manage your cookie preferences at any time using the cookie settings banner on our website.

2. How We Use Your Information

We use your personal data for the following purposes:

  • Providing the Service — storing your tasks, categories, and jars so you can access them across devices
  • Authentication — verifying your identity when you log in, change your password, or update your email
  • Cloud sync — keeping your data synchronized between your device and our servers
  • Social features — enabling friend connections and sharing progress based on your privacy preferences
  • Push notifications — sending friend request notifications and task-related alerts (only if you opt in)
  • Account management — processing display name changes, email changes, and account deletion requests
  • Website analytics — understanding how visitors interact with our website to improve it (with consent)
  • Legal compliance — complying with legal obligations and protecting our rights

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on:

  • Contract performance — processing necessary to provide you with the Jarify Service (account management, data storage, cloud sync)
  • Consent — analytics tracking on our website (you can withdraw this at any time via cookie settings)
  • Legitimate interests — improving our Service, preventing fraud, and ensuring security
  • Legal obligations — complying with applicable laws and regulations

4. Data Sharing and Third-Party Processors

We share your data with the following trusted third-party service providers who process data on our behalf:

Supabase (Backend & Authentication)

Purpose: User authentication, database storage, and cloud sync for all app data
Data processed: Account information, tasks, categories, jars, friend connections
Location: United States
Privacy Policy: supabase.com/privacy

Firebase Cloud Messaging (Push Notifications)

Purpose: Delivering push notifications to your device
Data processed: Device token, platform type
Location: United States
Privacy Policy: firebase.google.com/support/privacy

PostHog (Website Analytics)

Purpose: Website analytics and user behavior tracking (with consent, website only)
Data processed: Anonymous website usage data
Location: European Union (EU cloud)
Privacy Policy: posthog.com/privacy

Vercel (Website Hosting)

Purpose: Website hosting and performance analytics
Data processed: Aggregated traffic metrics (non-personal)
Location: United States
Privacy Policy: vercel.com/legal/privacy-policy

We will never sell your personal data to third parties.

5. Data Retention

  • Account data — retained for as long as your account is active. When you delete your account, all associated data is permanently deleted within 30 days.
  • Tasks and jars — retained for as long as your account is active, or until you manually delete them
  • Archived jars — retained indefinitely as historical records until you delete your account
  • Push notification tokens — retained while notifications are enabled; removed when you disable notifications or delete your account
  • Website analytics data — retained for up to 12 months, then automatically deleted
  • Cookie consent records — stored locally in your browser until you clear your data or change preferences

6. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

  • Right to access — request a copy of your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data (you can also delete your account directly from the app's Settings screen)
  • Right to restrict processing — request limitation of how we use your data
  • Right to data portability — receive your data in a structured, commonly used format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — withdraw consent for website analytics at any time via cookie settings

To exercise any of these rights, contact us at support@jarify.app. We will respond within 30 days.

7. Account Deletion

You can delete your Jarify account at any time from the Settings screen within the app. When you delete your account:

  • All your tasks, categories, and jars are permanently deleted
  • All archived jar data is permanently deleted
  • All friend connections and friend requests are removed
  • Your profile information is permanently deleted
  • Your authentication credentials are removed
  • Push notification tokens are deleted

This action is irreversible. You can also request account deletion by emailing support@jarify.app.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • Industry-standard encryption (HTTPS/TLS) for all data transmission between the app and our servers
  • Passwords are hashed using bcrypt — we never store or have access to your plain text password
  • Row Level Security (RLS) on our database ensures users can only access their own data
  • All sensitive write operations are processed through authenticated server-side functions, not directly from the app
  • Local data on your device is stored in an encrypted SQLite database
  • Regular security audits and updates

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA), including the United States. We ensure that such transfers comply with GDPR requirements through:

  • Standard contractual clauses (SCCs) approved by the European Commission
  • Use of EU-based data centers where possible (e.g., PostHog EU cloud)
  • Ensuring third-party processors have adequate data protection measures

10. Children's Privacy

Jarify is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page. For significant changes, we will notify you via email or through a notice in the app. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:

Email: support@jarify.app

Data Protection Officer: Available upon request

This privacy policy is governed by the laws of the European Union and complies with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).