Privacy Policy

Last updated: June 10, 2026

1. Who we are (Controller)

This service is operated by Perez Media Agency, Zentnerstraße 6, 80798 Munich, Germany ("we", "us"). We act as the data controller. Contact: info@perez-media.agency. See our Legal Notice for company details.

2. Personal data we collect

• Account data — email address, display name, avatar (if provided). Used to create and manage your account.
• Habit & progress data — habits you create, daily check-ins, streaks, XP, win-journal entries, focus pet, dopamine wheel rolls. Used to provide the core service.
• Parent/child links — if you invite a child or parent account, we store the email and the relationship.
• Quiz responses — your ADHD profile answers to generate a personalized result.
• Technical data — IP address, browser type, device, and basic page-view analytics for security and product improvement.

3. Purposes and legal basis

• Providing the service (Art. 6(1)(b) GDPR — contract performance): account creation, habit tracking, sync, parent dashboard, AI-powered features.
• Payments & subscriptions (Art. 6(1)(b)): processed by Paddle (see below).
• Security & fraud prevention (Art. 6(1)(f) — legitimate interest).
• Product analytics (Art. 6(1)(f)): aggregated, privacy-friendly usage metrics.
• Marketing emails (Art. 6(1)(a) — consent): weekly win recaps and product updates, opt-out anytime.

4. Data sharing (recipients)

• Lovable Cloud / Supabase — hosting and database (EU/US region). Subprocessor for storing your account and habit data.
• Paddle.com Market Limited — Merchant of Record for all paid subscriptions. Paddle handles checkout, payment processing, tax calculation, invoicing, refunds, and billing support. See Paddle's Privacy Policy.
• Google (OAuth) — if you sign in with Google, your email and profile data are received from Google.
• Email provider — used to deliver transactional and weekly recap emails.
• Authorities — only where required by law.

5. International transfers

Some of our subprocessors process data outside the EU/EEA. Where this happens we rely on Standard Contractual Clauses (SCCs) or adequacy decisions to ensure your data is protected.

6. Data retention

Account data is retained while your account is active and for up to 90 days after deletion (for backups). Payment records are kept for 10 years to meet German tax law (§ 147 AO). You can request deletion at any time.

7. Your rights (GDPR)

You have the right to access, rectify, delete, restrict, port your data, object to processing, and withdraw consent. You can also lodge a complaint with a supervisory authority. To exercise these rights, email info@perez-media.agency. We respond within 30 days.

8. Security

We use encryption in transit (TLS), encrypted databases, row-level security, and access controls to protect your data.

9. Cookies

We use only essential cookies and local storage required to keep you signed in and provide the service. No advertising or tracking cookies.

10. Children

Children under 13 may only use the service via a linked parent account. Parents are responsible for supervising their child's use.

11. Contact

Perez Media Agency · Zentnerstraße 6 · 80798 Munich · Germany · info@perez-media.agency