Privacy Policy

• Account: your email address, an optional display name, and, if you sign in with Google, your Google profile picture.
• Authentication: a securely hashed password (for email sign-up), and short-lived email codes if you enable two-factor authentication.
• Your content: the habits, goals, categories, check-ins, streaks and notes you create.
• Preferences: your language and plan/subscription status.
• Notifications: if you enable reminders, a push subscription token for your device/browser so we can deliver them.
• Billing: if you upgrade to Pro or buy Diamond, a Stripe customer/subscription identifier. We never see or store your full card number.

• To provide the core service: storing and showing your habits, streaks, levels and stats.
• To send essential account email (verification, password reset, sign-in codes, billing and account notices).
• To send optional product updates: only if you explicitly opt in. You can unsubscribe at any time.
• To deliver reminder push notifications you've set up.
• To keep the service secure and prevent abuse.

We use a small number of trusted processors, only as needed to run the service:

• Stripe: payment processing for Pro subscriptions.
• Google: optional “Sign in with Google” authentication.
• Supabase: secure database hosting for your account and content.
• Hostinger: application hosting and outgoing email delivery.
• Web Push services (your browser/OS vendor, e.g. Apple, Google, Mozilla): to deliver reminder notifications.

We do not share your data with advertisers and we do not sell it.

We use a strictly necessary session cookie to keep you signed in and to remember your language. We do not use third-party advertising or cross-site tracking cookies.

We keep your data for as long as your account exists. You can delete your account at any time from Settings. When you request deletion, your account is scheduled for removal and kept for a 30-day grace period (so you can change your mind by signing back in). After 30 days, your account and all related data are permanently erased.

Depending on your location (including under the EU/UK GDPR), you have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can export your data and delete your account directly in Settings, or contact us for any other request.

Phantom Tracker is not directed at children under 16, and we do not knowingly collect their data.

We may update this policy as the product evolves. We'll update the “Last updated” date above, and for material changes we'll notify you in-app or by email.

Questions about your privacy? Email us at support@phantomtracker.io.