Privacy Policy
Growth Radar (“we,” “us,” or “our”) operates the Growth Radar mobile application (the “App”). This Privacy Policy explains what information we collect, how we use it, and the choices you have.
By using the App you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the App.
1. Information We Collect
1.1 Account Information (via Clerk)
We use Clerk as our authentication provider. When you sign up or sign in, Clerk collects and processes your name and email addresson our behalf. Clerk issues a JSON Web Token (JWT) that the App uses to authenticate API requests. Clerk’s own handling of your data is governed by the Clerk Privacy Policy.
1.2 User-Created Content
When you use the App you create and store the following data on our servers:
- Skills & skill families— names, definitions, and organisational hierarchy.
- Quarterly goals— title, motivation (“why”), status, outcome, and lessons learned.
- Entries— short text entries (up to 240 characters) with optional skill tags and star flags.
- Pulse ratings— weekly red / amber / green ratings for each goal.
- Skill ratings— quarterly skill-level ratings (0–5).
- Family summaries— quarterly numeric summaries per skill family.
- Reflections— quarterly written reflections (up to 2,000 characters).
- Onboarding profile— your chosen name, initial goals, and selected skills.
All content is associated with your unique, opaque user ID (a UUID). We do not mine, sell, or share your content with third parties.
1.3 Data Stored on Your Device
The App stores a small amount of data locally on your device:
| Storage mechanism | What is stored | Purpose |
|---|---|---|
| Expo SecureStore (iOS Keychain / Android Keystore) | Clerk JWT authentication token | Keeps you signed in between sessions. Encrypted at the OS level. |
| AsyncStorage | Migration flag, notification-permission flag, cached settings | Lightweight app-state flags. Not encrypted beyond device-level protections. |
No user-created content (entries, goals, reflections, etc.) is stored on-device; it resides only on our servers.
1.4 Crash Reports (Sentry — Opt-In Only)
If you enable the “Crash Reporting” toggle in Settings, the App sends crash and error data to Sentry, a third-party error-monitoring service. This data includes:
- Device model, OS version, and app version.
- Stack traces and error messages.
- Your opaque internal user ID (UUID) for de-duplication purposes.
What we do NOT send: your name, email address, entries, goals, reflections, or any other personal content. The Sentry SDK is initialised with sendDefaultPii: false and tracesSampleRate: 0 (no performance tracing). Crash reporting is disabled by default; it activates only when you opt in. You can turn it off at any time in Settings.
Sentry’s handling of data is governed by the Sentry Privacy Policy.
1.5 Server-Side Error Logging
Our API server uses Sentry for unhandled-error capture with the same privacy settings (sendDefaultPii: false, no performance tracing). Server logs may contain HTTP metadata (IP address, request path, timestamp) but never user-generated content.
1.6 Information We Do NOT Collect
- We do not use any third-party analytics SDKs (no Google Analytics, Mixpanel, Amplitude, etc.).
- We do not perform session recording or behavioural tracking.
- We do not serve ads or share data with advertisers.
- We do not track notification open/tap events.
2. How We Use Your Information
We use the information described above solely to:
- Provide and operate the App— authenticate you, store your growth data, and deliver features such as radar snapshots, streak tracking, and data export.
- Send local notifications— a weekly “Friday Pulse” reminder (scheduled locally on your device at 09:00 every Friday). This notification is entirely local; no data is sent to our servers. You can enable or disable it in Settings or via your device’s notification settings.
- Diagnose and fix bugs— if you opt into crash reporting.
- Enforce rate limits— we apply per-IP rate limiting to protect the service from abuse.
3. Data Storage and Security
- Server infrastructure: User data is stored in a PostgreSQL database.
- Row-Level Security (RLS):Every database table enforces row-level security policies so that authenticated queries can only access the requesting user’s own data.
- Encryption in transit: All API communication uses HTTPS/TLS.
- Authentication tokens: JWTs are stored in Expo SecureStore, backed by iOS Keychain or Android Keystore (hardware-backed encryption where available).
- Opaque identifiers: All primary keys are server-generated UUIDs with no embedded personal information.
4. Data Retention and Deletion
- Active accounts: Your data is retained for as long as your account exists.
- Account deletion:You can request account deletion at any time from within the App (Settings → Delete Account). Upon request:
- Your account is immediately soft-deleted (marked with a deletion timestamp). You will be signed out and can no longer access the App.
- Within 24 hours, a scheduled process permanently hard-deletesall of your data — including your user record, entries, goals, reflections, ratings, pulses, skills, and families.
- Clerk webhook: When your account is deleted, a signed webhook from Clerk ensures the deletion is also reflected in our authentication records.
5. Data Export
You can export a complete copy of all your data at any time using the Export feature within the App. The export is delivered as a JSON file containing all of your entries, goals, skills, ratings, reflections, and radar snapshots.
6. Third-Party Services
The App relies on the following third-party services, each with their own privacy policies:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Clerk | Authentication & identity | clerk.com/legal/privacy |
| Sentry | Crash reporting (opt-in) | sentry.io/privacy |
| Expo | App framework & push-notification scheduling | expo.dev/privacy |
We do not sell, rent, or share your personal data with any other third parties.
7. Children’s Privacy
The App is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
8. Your Rights
Depending on your jurisdiction you may have the right to:
- Access a copy of your personal data (use the in-app Export feature).
- Delete your account and all associated data (use the in-app Delete Account feature).
- Withdraw consent for crash reporting at any time (toggle off in Settings).
- Lodge a complaint with your local data-protection authority.
If you need assistance exercising any of these rights, please contact us at the address below.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Continued use of the App after changes constitutes acceptance of the revised policy.
10. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us at:
Email: meetslimshady07@gmail.com