Privacy Policy (Mobile App)

Last Updated: November 21, 2025

Note: This privacy policy covers only the EvolveDaily mobile app. If you're looking for information about how we handle data on our website, please see our Website Privacy Policy.

Who We Are

EvolveDaily

Email: evolvedailyapp@gmail.com

Website: https://www.evolvedailyapp.com

We are the controller of the personal information collected through the website. If you are located in the EU, UK, or Canada, you may contact us at the above email address for any privacy-related matters.

EvolveDaily ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application. Please read this policy carefully.

OAuth Provider Compliance

Google API Services: EvolveDaily's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We access Google user data (Google Sign-In profile information and Google Calendar data) solely to provide user-facing features prominently displayed in the App. We do not use Google user data for advertising, sell it to third parties, or use it for purposes unrelated to the App's core functionality.

Apple Sign In: When you sign in with Apple, we comply with Apple's guidelines and Sign in with Apple requirements. Apple may provide limited profile information based on your privacy settings. We use this information solely for authentication and account management.

1. Information We Collect

1.1 Authentication Information

When you sign in with Google, we collect:

  • Name
  • Email address
  • Profile picture URL
  • Google User ID

When you sign in with Apple, we may collect (depending on your Apple privacy settings):

  • Name (if you choose to share it)
  • Email address (real or Apple's private relay email)
  • Apple User ID (sub)

Apple Sign In respects your privacy choices. You can choose to hide your email and use Apple's private relay service, and you can choose whether to share your name with us.

1.2 Activity Data

We collect data about your use of the App:

  • Workout logs, durations, and completion times
  • Journal entries, mood ratings, and mental wellness data
  • Devotional reading progress (if spiritual wellness is enabled)
  • Academic assignments, study sessions, and task completion
  • Job applications, interview preparation, and professional development activity
  • Focus session timers and durations
  • Gamification data (XP, streaks, achievements)
  • Challenges Completed

1.3 Calendar Data

With your permission:

  • Google Calendar access for workout event scheduling and tracking
  • iCal feed URLs for academic calendar integration
  • Calendar event details (titles, dates, descriptions)

1.4 User-Generated Content

Content you create in the App:

  • Journal entries and reflections
  • Application notes and interview answers
  • Custom assignment tasks
  • Profile bio
  • Feedback submissions
  • Job Applications (for the User's tracking purposes)
  • Interview practice questions
  • Networking Tasks

1.5 Technical Data

  • Device type and operating system
  • App version and usage patterns
  • Authentication tokens
  • Error logs and crash reports

2. How We Use Your Information & Legal Basis

We use collected information to:

  • Provide and maintain App functionality
  • Synchronize your data across devices via our backend servers
  • Track your progress and calculate XP rewards
  • Integrate with Google Calendar
  • Send notifications (with your permission)
  • Improve App features and user experience
  • Respond to feedback and support requests
  • Ensure security and prevent fraud
  • Analyze usage patterns to improve services (anonymized data)

Legal Basis for Processing (GDPR)

For EU/UK residents, we process your data based on:

  • Consent: You provide consent when signing in and using features
  • Contract: Processing necessary to provide the App services you requested
  • Legitimate Interests: Improving the App, security, and fraud prevention

You may withdraw consent at any time by deleting your account.

3. Information Sharing and Disclosure

3.1 Third-Party Services

We share data with the following third-party service providers solely to provide and improve the App's functionality:

  • Firebase (authentication and analytics) - processes Google Sign-In and Apple Sign In credentials and basic usage analytics. Manages authentication state for both OAuth providers.
  • Google Calendar API (event management) - receives calendar event data for workout scheduling features.
  • MongoDB Atlas (database hosting for data synchronization) - stores your app data such as workouts, journals, and profile information.
  • Resend (email service for notifications and updates) - processes email addresses for account-related communications.
  • Vercel (web hosting provider) - hosts our website infrastructure.
  • Vercel Analytics - collects only aggregated, anonymized technical data (performance metrics, page load times) without using cookies or personal identifiers.

These service providers are contractually obligated to use your data only for the purposes of providing their services to us and to maintain appropriate security measures.

3.2 No Selling of Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. This includes:

  • We do NOT sell data to advertising platforms, data brokers, or information resellers
  • We do NOT use your data (including Google user data) for serving advertisements or targeted advertising
  • We do NOT use your data for creditworthiness determinations or lending purposes
  • We do NOT transfer your Google user data to third parties except as disclosed in this policy

3.3 Legal Requirements

We may disclose information if required by law, court order, or to protect our rights and safety. We may also share aggregated, anonymized data that cannot identify you for research or analytics purposes.

4. Data Storage and Security

4.1 Storage Locations

  • Encrypted storage on your device
  • MongoDB Atlas cloud database (may be stored in data centers outside your country)
  • Google Calendar (for certain events)
  • Firebase servers (authentication data)

4.2 Security Measures

We implement security measures including:

  • Encrypted token storage with hashing
  • HTTPS encryption for all data transmission
  • Secure authentication via Firebase and JWT tokens
  • Access tokens expire after 15 minutes
  • Refresh tokens expire after 7 days
  • Automatic token refresh and validation
  • Input validation and sanitization
  • Regular security updates

4.3 Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • All user data is permanently removed from our MongoDB database
  • Associated data (workouts, journals, applications, etc.) is deleted via cascading deletion
  • Local device data is cleared
  • Data cannot be recovered after deletion

For legal, tax, or regulatory purposes, we may retain certain information as required by law.

5. Your Privacy Rights

You have the right to:

  • Access your personal data
  • Update your profile information
  • Delete your account and all associated data
  • Disable spiritual wellness features
  • Revoke Google Calendar access
  • Disconnect iCal calendar integration
  • Request correction of inaccurate data
  • Request data portability (receive a copy of your data)
  • Object to or restrict processing
  • Withdraw consent at any time

For EU/UK Residents (GDPR)

You may also contact your local data protection authority if you have concerns about how we process your data.

For Canadian Residents

You may contact the Office of the Privacy Commissioner of Canada regarding privacy concerns.

To exercise any of these rights, contact us at evolvedailyapp@gmail.com. We may ask you to verify your identity before fulfilling requests.

6. Account Deletion

You can delete your account at any time through the Settings menu. Account deletion is:

  • Permanent and irreversible
  • Requires email and typing 'delete my account' verification
  • Removes all data associated with your account from our servers immediately
  • Clears all local data from your device

7. OAuth Authentication Services

Google API Services User Data Policy Compliance: EvolveDaily's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

7.1 Google Sign-In

We use Google OAuth 2.0 for authentication. By signing in, you agree to Google's Privacy Policy and Terms of Service. We collect only your basic profile information (name, email, profile picture, user ID) to create and maintain your account.

7.1a Apple Sign In

We support Sign in with Apple as an authentication method. When you sign in with Apple:

  • You can choose to share your real email address or use Apple's private relay email address
  • You can choose whether to share your name with us
  • Apple provides us with a unique user identifier (sub) to maintain your account
  • We comply with Apple's requirements for account deletion and data handling
  • You agree to Apple's Privacy Policy and Terms of Service when using Apple Sign In

We use this information solely to create and maintain your account, authenticate you when you sign in, and provide App functionality. We respect your privacy choices made through Apple's interface.

7.2 Google Calendar API - Limited Use Disclosure

When you connect your Google Calendar, we access your calendar data solely to provide workout scheduling and tracking features that are prominently displayed in the App's user interface in the "Personal" > "Physical" page. Specifically, we:

  • Create workout events in your calendar based on how you set up a workout routine.
  • Read event details to track workout completion and update your progress.
  • Update and delete workout-related events when you modify or cancel workouts.
  • Store event IDs in our database to maintain synchronization between the App and your calendar.

Important Restrictions on Google Calendar Data:

  • We use your Google Calendar data ONLY to provide the workout tracking and scheduling features visible in the App.
  • We do NOT use your calendar data for advertising, marketing, or any purposes beyond the workout features.
  • We do NOT sell, rent, or share your Google Calendar data with third parties for their marketing purposes.
  • We do NOT transfer your Google Calendar data to others except as necessary to provide the App features you've requested.
  • Calendar data access by our staff is strictly limited to security investigations, legal compliance, or with your explicit consent.

7.3 Revoking Access

You can revoke calendar access at any time through your Google Account settings or by going to "Settings" > "Google Calendar" in the App and disconnecting. When you revoke access, we will no longer be able to create, read, or modify events in your Google Calendar.

For Apple Sign In: You can revoke Apple's authorization to the App through your Apple ID settings at Settings > Apple ID > Sign In & Security > Apps Using Your Apple ID on your device. However, this only stops Apple from sharing your information with us and prevents you from signing in - it does not delete your account data from our servers.

To fully delete your account and all associated data, you must use the in-app account deletion feature in Settings, or use our web-based account deletion at https://www.evolvedailyapp.com/account-deletion. This is required by Apple's App Store guidelines and ensures your data is completely removed from both our database and Firebase.

8. Firebase Services

We use Firebase for:

  • User authentication (Google Sign-In and Apple Sign In via Firebase Auth)
  • Basic usage analytics
  • Crash reporting

Firebase handles authentication for both Google and Apple OAuth providers. Firebase may collect additional data as described in Google's Privacy Policy.

9. Cookies and Tracking

The App does not use cookies or third-party tracking for advertising. We use locally encrypted storage and authentication tokens for functionality purposes only.

10. Children's Privacy

EvolveDaily is currently designed for students aged 18 and older. There is no explicit content of any kind. We do not knowingly collect information from children 14 and under. If we discover such data, we will delete it immediately.

11. International Data Transfers

Your data may be transferred to and stored on servers located outside your country, including in the United States. By using the App, you consent to such transfers.

For EU/UK residents: Where legally required, we rely on safeguards such as Standard Contractual Clauses (SCCs) implemented by our service providers (MongoDB, Google, Firebase) to protect your data during international transfers.

Our third-party service providers maintain appropriate security measures and comply with applicable data protection laws in their respective jurisdictions.

12. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under CCPA/CPRA:

  • Right to know what personal data is collected and how it's used
  • Right to delete personal data
  • Right to correct inaccuracies in personal data
  • Right to opt-out of the sale or sharing of personal information (we do not sell personal data)
  • Right to non-discrimination for exercising privacy rights

To make a request, contact evolvedailyapp@gmail.com. Residents of other U.S. states with privacy laws may have similar rights.

13. Changes to Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted in the App with an updated "Last Updated" date. Continued use after changes constitutes acceptance.

14. Beta Version Disclaimer

EvolveDaily is currently in Beta. Features and data practices may change as we develop the App. We will notify users of significant changes.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your data:

Email: evolvedailyapp@gmail.com

Or

Use the in-app Feedback feature under Settings.

By using EvolveDaily, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.