Privacy Policy
Effective date: 20 June 2025
Last updated: 13 June 2025
1. Who we are
Laazim LLC ("Laazim", "we", "our" or "us") runs the Laazim mobile application and the website laazim.app (together, the "Services"). We help people build consistency through daily challenges and reflection tools.
2. Data we collect
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, e‑mail, profile photo (optional), social‑login ID (Apple/Google) | Create & secure your account; sync across devices |
| Challenge Data | Challenges created/joined, check‑in timestamps, notes, photos, emoji reactions | Display progress, feed & statistics |
| Usage Data | Device type, OS version, in‑app actions, crash logs, coarse region (country) | Diagnostics, analytics, product improvement |
| Notification Tokens | Expo/APNs/Firebase token | Deliver reminders you opt into |
We do not collect precise GPS, health data, contact lists, or payment card numbers in version 1.0.
3. How we use data
- Provide, operate and improve the Services
- Sync your data securely via our encrypted cloud database
- Send opt‑in push reminders and essential service e‑mails
- Diagnose crashes and prevent abuse
- Develop new features and analytics insights
4. Legal bases (GDPR)
| Basis | When it applies |
|---|---|
| Contract | Operating the app you requested |
| Legitimate Interest | Analytics, fraud prevention, product improvement |
| Consent | Marketing e‑mails, push notifications, external beta testing |
You may withdraw consent at any time in Settings ▸ Notifications or via e‑mail.
5. Sharing & transfers
We never sell your personal data. We share it only with:
| Recipient | Role | Location | Safeguard |
|---|---|---|---|
| Supabase Inc. | Managed Postgres DB & object storage | USA | SCCs + encryption at rest |
| Expo Push Service | Push notifications | USA | TLS |
| PostHog Cloud EU | Privacy‑friendly analytics | EU | Hosted in Frankfurt |
| Apple / Google | Authentication, crash logs | Worldwide | Platform terms |
All vendors sign Data Processing Agreements meeting GDPR/CCPA.
6. Cookies & tracking
The web marketing site sets a first‑party language cookie and a single PostHog analytics cookie. The mobile app does not use cookies.
7. Data retention
| Data | Retention |
|---|---|
| Account & challenge data | Until you delete your account or after 24 months of inactivity |
| Analytics events | 14 months, then aggregated |
| Crash logs | 90 days |
You can delete your account (and all data) instantly via Settings ▸ Delete Account.
8. Security measures
- All traffic over TLS 1.3 with HSTS
- Passwords (if used) hashed with argon2id
- Images served via signed URLs
- Staff access protected by SSO + MFA
9. Your rights
Depending on your region you may:
- Access, correct or delete personal data
- Object to processing or request portability
- Lodge a complaint with a supervisory authority
Contact us at privacy@laazim.app to exercise any right.
10. Children
Laazim is not directed to children under 13 and does not knowingly collect data from them. If we learn we have, we will delete it promptly.
11. Changes
We will post any updates here and notify you in‑app or by e‑mail at least 7 days before changes take effect.