PactPalGet the app

Privacy Policy

Last Updated: January 4, 2026

Effective Date: January 4, 2026

1. SCOPE AND CONSENT

This Privacy Policy governs the collection, processing, and disclosure of data by PactPal (“Company,” “we,” “us,” or “our”) via our mobile application and website (the “Service”). By creating an account or interacting with the Service, you consent to the data practices described herein. This policy is incorporated into and subject to our Terms of Service.

2. TAXONOMY OF DATA COLLECTION

We categorize the information we collect into three distinct streams:

2.1 Information Disclosed Voluntarily

  • Account Credentials: Primary identifiers including email address, encrypted passwords, and profile metadata (username, display name).
  • User-Generated Content (UGC): All check-ins, habit logs, "pod" communications, comments, and reactions.
  • Communications: Any data transmitted during support requests, including diagnostic screenshots or contact details.

2.2 Automatically Collected Technical Data

  • Persistent Identifiers: IP addresses, Device ID (IDFA/AAID), and browser fingerprints.
  • Telemetry and Logs: Granular engagement data, including feature latency, session duration, and clickstream paths.
  • Diagnostic Data: Stack traces and crash reports managed through third-party processors (e.g., Sentry, Firebase).

2.3 Integration Data (Health & Fitness)

If explicitly authorized via system-level permissions, we may ingest data from Apple HealthKit or Google Fit. This data is processed locally or on our secure servers solely for "habit verification" and is strictly excluded from any third-party marketing or advertising ecosystems.

3. DATA ARCHITECTURE AND VISIBILITY

PactPal is a social accountability engine. You acknowledge that:

  • Public Pods: Information shared in Public Pods is accessible to all users of the Service and is not considered "private."
  • Private Pods: Access is restricted to invited members; however, PactPal administrators may access this data for safety and moderation purposes.
  • Anonymization: Upon account deletion, certain UGC (like comments) may be retained in an anonymized format to preserve the integrity of the "pod" experience for remaining users.

4. LEGAL BASIS FOR PROCESSING (EEA/UK)

For users in the European Economic Area or UK, our processing is justified under:

  • Contractual Necessity: To provide the Service as defined in our Terms.
  • Legitimate Interests: For fraud prevention, network security, and product optimization.
  • Consent: Where you have provided opt-in authorization (e.g., marketing or health data).

5. DATA DISCLOSURE AND THIRD-PARTY TRANSFERS

We do not sell personal information. Disclosure is limited to:

  • Sub-Processors: Infrastructure providers (AWS/Google Cloud), analytics engines, and communication APIs.
  • Regulatory Compliance: Disclosure required by law, valid court order, or to protect the vital interests of any individual.
  • Corporate Restructuring: Data may be transferred as an asset during mergers, acquisitions, or due diligence phases.

6. GLOBAL PRIVACY RIGHTS

Regardless of your geography, PactPal provides the following controls:

  • The Right to Erasure: You may request the permanent deletion of your personal data.
  • The Right to Portability: You may request an export of your data in a machine-readable format.
  • California-Specific (CPRA): We do not "Share" or "Sell" data for cross-contextual behavioral advertising. You have the right to limit the use of "Sensitive Personal Information."

7. INTERNATIONAL DATA TRANSFERS

PactPal is operated in the United States. If you access the Service from abroad, your data will be transferred to U.S. servers. We utilize Standard Contractual Clauses (SCCs) to ensure that your data receives a level of protection equivalent to that of your home jurisdiction.

8. SECURITY POSTURE

We implement an enterprise-grade security framework, including:

  • Encryption: Data is encrypted at rest using AES-256 and in transit via TLS 1.3.
  • Access Control: Least-privilege access protocols for all internal employees.
  • Vulnerability Management: Periodic security audits and dependency monitoring.

9. RETENTION POLICY

We retain Personal Data only as long as necessary to fulfill the purposes for which it was collected. Typical retention for active accounts is the duration of the account's life plus a 30-day "grace period" following a deletion request to allow for database propagation.

10. CONTACT AND DPO

To exercise your rights or contact our Data Protection Officer:
PactPal Legal Dept. Email: support@pactpal.app