TrioGoals Privacy Policy

Cross-Platform Goal Tracking & Accountability Application

Last updated: September 19, 2025 | Version 3.0

Your privacy is our priority. We never collect your data for Advertising purposes whatsoever, Nor do we sell to Third-party Advertisers/Trackers

Your privacy is our priority. This policy explains how TrioGoals collects, uses, stores, and shares your information across iOS, Android, macOS, Windows, and Web platforms. We comply with GDPR, CCPA/CPRA, COPPA, and global privacy standards.

Quick Navigation

1. Information We Collect

Personal Information You Provide

  • Account Data: Name, email address, password, optional profile picture
  • Goal Data: Titles, descriptions, due dates, priorities, tags, checklist items, completion status, progress tracking
  • Accountability Partners: Names, email addresses, and verification status of invited partners
  • User Preferences: Notification settings, theme selection (light/dark), reminder times, motivational quote delivery preferences
  • Communications: Support requests, feedback, app ratings, surveys, and correspondence
  • Quote Interactions: Favorited quotes from our 300+ quote library, viewing history, smart rotation preferences

Information Collected Automatically

  • Device & Technical Data: Device type, OS version, app version, device identifiers, platform type (mobile/tablet/desktop/web)
  • Performance Data: Crash logs, error reports, performance metrics, app initialization times, debug information (via Firebase Crashlytics)
  • Usage Analytics: Screen navigation patterns, feature usage frequency, goal completion statistics, session duration, app launch count
  • Local Storage: Cached goals, user preferences, quote favorites, tag data, scheduled goal templates for offline functionality
  • Technical Data: IP address (for security and timezone detection only), browser type (web version), user agent

App-Specific Data

  • Quote System: Smart rotation tracking to prevent repetition, quote round management, personalized delivery timing
  • Recurring Goals: Automated daily/weekly goal creation templates and scheduling data
  • Tag Management: Automatically extracted tags from goals, tag usage patterns, manual tag associations
  • Location & Time: Approximate location for timezone detection (no GPS tracking), goal timestamps

Privacy First: We never collect your data for advertising purposes. We don't sell to third-party advertisers or trackers.

2. How We Use Your Information

Core Service Features:

  • Goal management: Create, track, edit, archive, and manage personal goals
  • Accountability system: Connect with partners and send completion notifications (with consent)
  • Motivational content: Deliver personalized quotes with smart rotation
  • Recurring goals: Automatically create scheduled daily and weekly goals
  • Data synchronization: Sync across all your devices and platforms
  • Offline functionality: Core features available without internet

Service Improvement & Analytics:

  • Performance monitoring and crash reporting (Firebase Crashlytics)
  • Usage analysis to improve features and user experience
  • Security monitoring and fraud prevention
  • Rate limiting: Monitor email frequency to prevent spam (max 10 emails/hour per user)

Communication & Engagement:

  • Goal reminders and motivational quotes (opt-in)
  • Partner notifications (with unsubscribe options)
  • Service updates and security alerts
  • App rating feedback collection

4. Information Sharing & Disclosure

We don't sell your personal data. We only share information in these limited circumstances:

With Accountability Partners:

  • Your name and goal completion notifications (only with invited partners)
  • Email verification for security purposes
  • Partners can unsubscribe from notifications anytime

With Service Providers:

  • Firebase (Google): Authentication, Firestore database, Crashlytics crash reporting, Cloud Functions
  • SendGrid (Twilio): Transactional email delivery, bounce handling, unsubscribe management
  • Qonversion: Mobile in-app purchase processing and subscription management
  • Stripe: Secure web/desktop subscription payments (PCI DSS compliant)
  • App Store Platforms: Apple, Google, Microsoft for app distribution and billing

Legal & Safety Requirements:

  • Legal compliance: Court orders, subpoenas, regulatory requests
  • Safety protection: Prevent fraud, address security incidents
  • Terms enforcement: Address violations or investigate abuse

Business Transfers: If acquired or merged, with advance notice and privacy protection

5. Data Security & Protection

Technical Safeguards:

  • Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access with comprehensive audit logging
  • Rate Limiting: Protection against email spam and brute-force attacks
  • Input Validation: Comprehensive XSS protection and malicious input sanitization
  • Secure Development: No hardcoded API keys, environment-based configuration

Security Monitoring:

  • Regular penetration testing and vulnerability scans
  • 24-hour breach investigation protocols
  • Secure error reporting without exposing sensitive data

Important: No method of transmission or storage is 100% secure. We implement industry-standard protections but cannot guarantee absolute security.

6. Data Retention & Deletion

Account and User Data:

  • Active accounts: Data retained while account is active
  • Deleted accounts: Permanently erased within 30 days
  • Backup systems: Purged within 90 days of account deletion

Specific Data Types:

  • Goal data: Until you delete goals or close account
  • Partner relationships: Until you remove partners or close account
  • Local device storage: Until app uninstallation or data clearing
  • Quote favorites: Until you unfavorite items or delete account

Analytics and System Data:

  • Usage analytics: Aggregated data up to 2 years
  • Crash reports: Individual reports up to 90 days (Firebase Crashlytics)
  • Performance metrics: Up to 1 year
  • Email verification tokens: 48 hours or upon use
  • Rate limiting logs: Up to 6 months

7. Your Privacy Rights & Choices

Universal Rights (All Users):

  • Access & Export: Download complete data in JSON format
  • Update: Modify profile, goals, and preferences in-app
  • Delete: Permanently remove account and all data
  • Control: Manage notifications, reminders, and quote delivery

California Residents (CCPA/CPRA):

  • Right to know, delete, correct personal information
  • Right to opt-out (we don't sell personal data)
  • Equal service regardless of privacy choices

EU/EEA Residents (GDPR):

  • Access, rectification, erasure, restriction, portability
  • Object to processing, lodge complaints with supervisory authority
  • Data transfers safeguarded by Standard Contractual Clauses

Children's Privacy (COPPA Compliance):

  • Minimum age: 13 (16 in EU/EEA)
  • Parental consent required for users under 18
  • Immediate deletion of underage user data upon discovery

8. Premium Features & Payment Data

Subscription Information:

  • Premium tiers: Monthly and annual options
  • Feature access: Unlimited goals for premium (free users: 4 goals maximum)
  • Cross-platform benefits across all supported platforms

Payment Processing:

  • Mobile: Qonversion through App Store/Google Play
  • Web/Desktop: Stripe with PCI DSS compliance
  • No card storage: We never store payment information directly
  • Secure validation through platform APIs

9. Cross-Platform Data Handling

Platform-Specific Features:

  • iOS/macOS: Sign in with Apple, App Store purchases
  • Android: Google Sign-In, Google Play purchases
  • Windows: Microsoft Store integration
  • Web: Browser-based storage, Stripe payments

Data Synchronization:

  • Goals and preferences sync across all devices
  • Platform-independent core functionality
  • Offline support with local data caching
  • Intelligent conflict resolution between devices

10. International Data Transfers

Data may be processed in the United States and Google Cloud regions. EU user data transfers rely on:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Comprehensive Data Processing Agreements with all vendors
  • Regular compliance reviews of transfer mechanisms

11. Policy Updates

We may update this privacy policy for new features, security improvements, or legal compliance. Changes are communicated via:

  • Email notification to registered address
  • In-app banner notification
  • Website posting with version history
  • 30-day review period before changes take effect

Continued use after changes indicates acceptance. You may delete your account before changes take effect if you disagree.

Questions About Privacy?


support1@triogoals.com