< Back to Pillr
Pillr Legal

Privacy Policy

This Privacy Policy explains how we collect, use, share, and protect information when you use the Pillr mobile app and related services.

Effective date: 20 December 2025 · App: Pillr · Data Controller: Lucas Rusu ("Pillr", "we", "us") · Contact: ruzotechdev@gmail.com

1) What we collect

A) Account & profile information (Supabase Auth + Profiles)

When you create an account, we collect:

  • Email address
  • Password (stored securely by our authentication provider; we do not store passwords in plain text)
  • Username (used for searchable profiles)
  • Name (if provided)

We also store profile preferences and goals you set, such as:

  • Daily health goals (e.g., sleep/water/calorie goals)
  • App preferences (e.g., theme, language, currency)

If you choose a profile picture, we collect: profile image you select from your photo library (stored as part of your profile data).

B) Your in-app content (Supabase Database)

Pillr stores the content you create so it can sync across devices. This may include:

  • Habits and habit completions
  • Tasks, task participants, and task invites (where applicable)
  • Routines and related routine items
  • Reminders
  • Notes
  • Chores and groceries lists
  • Calendar-related entries (where you create or store them inside Pillr)
  • Finance entries, including transactions and budget groups (if you use the finance module)
  • Groups, group members, and group invites (if you use group features)

C) Health information (Supabase Database)

If you use the health features, you may store:

  • Daily health tracking (for example sleep/water and similar metrics you enter)
  • Food entries and nutrition-related notes you enter

Important: Health-related information can be treated as special category data under UK/EU data protection law depending on what you enter. You control what you choose to record.

D) Friends, searchable profiles & online status (Supabase Database)

If you use social features:

  • We store friend requests and friendships
  • We allow users to search profiles by username
  • We store online/last active signals in a user status record (e.g., last_seen) to show online indicators in the app

E) AI Chat Agent (Supabase Edge Function ? OpenAI)

If you use the AI chat feature:

  • We send the text you type to our backend (a Supabase Edge Function named agent) to generate AI responses.
  • That backend forwards relevant text to OpenAI to generate the response.
  • The agent may create action proposals (suggested actions such as creating a habit/task/reminder). These proposals are stored so you can review/approve/cancel them.
  • Do not include sensitive personal data (medical diagnoses, financial account numbers, passwords, etc.) in AI messages.

F) Device data, diagnostics & local storage

We collect and/or store:

  • Basic device/app info (app version, OS version) for reliability
  • Local device storage (AsyncStorage) for: authentication session caching (including auth token storage), onboarding flags, focus session data and app usage metrics stored on-device, user preferences that help the app load faster.

G) Notifications (Expo Notifications)

Pillr can schedule local notifications on your device for reminders and prompts. Local notifications are scheduled and displayed by your device’s operating system.

2) How we use your information

  • Create and manage your account and authenticate you
  • Store and sync your Pillr content across devices
  • Provide health, habit, task, routine, finance and home features you use
  • Enable friends, profile search, groups and invites (where you choose to use them)
  • Show online/last active indicators based on recent activity
  • Schedule reminders and notifications (if enabled)
  • Provide AI agent assistance (if enabled)
  • Maintain security, prevent abuse, and fix bugs

3) Legal bases (UK GDPR / EU GDPR)

Where applicable, we process personal data under:

  • Contract (to provide the Service you request)
  • Legitimate interests (to keep the Service secure, reliable, and improve it)
  • Consent (for optional features where required; and for certain categories of health data depending on what you enter)
  • Legal obligation (where we must comply with law)

4) How we share information

We do not sell your personal information. We share information only as needed with:

  • Supabase (authentication, database, server functions) to run the Service.
  • RevenueCat to manage subscription entitlements (Premium access). Purchases themselves are processed by Apple/Google.
  • Apple App Store / Google Play for billing and subscription management.
  • OpenAI (via our backend) to generate AI chat responses when you use the AI feature.
  • Service providers for infrastructure and operations if we add them (e.g., error monitoring). If added, we will update this policy.

5) International data transfers

Our providers may process data outside your country. Where required, we rely on appropriate safeguards for international transfers (such as contractual protections or adequacy mechanisms).

6) Data retention

  • We keep your account and Service data until you delete it or delete your account, unless we must retain some information for legal/security reasons.
  • Backups may persist for a limited time after deletion for disaster recovery.
  • AI-related action proposals may be retained until deleted or until account deletion, depending on how they are stored.

7) Security

We use reasonable administrative, technical, and organizational measures designed to protect information (such as access controls and encryption in transit). No system is perfectly secure.

8) Your rights

Depending on where you live (including the UK/EU), you may have rights to:

  • Access, correct, or delete your data
  • Object to or restrict processing
  • Data portability
  • Withdraw consent (where consent is used)

You can request rights by emailing ruzotechdev@gmail.com.

9) Account deletion

You can delete your account from within the app (e.g., Profile / Settings ? Delete Account). When you delete your account, we delete or de-identify your data where feasible, subject to limited retention for security/legal reasons and backup retention windows.

10) Children

Pillr is not intended for children under 13. We do not knowingly collect data from children.

11) Changes to this policy

We may update this policy. If changes are material, we will notify you in-app or by other appropriate means.

12) Contact

Privacy: ruzotechdev@gmail.com
Support: ruzotechdev@gmail.com