arrow_back Back to Home

Privacy Policy

Effective Date: January 2, 2026

Squirrel Goals ("Squirrel", "we", "our", or "us") is committed to protecting your personal data and complying fully with the General Data Protection Regulation (GDPR).

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Squirrel Goals mobile application and website (collectively, the "Service").

1. Data Controller

Squirrel Goals is the Data Controller for personal data processed under this Policy.

Contact Email: [email protected]

Website: https://squirrel-goals.app

2. Personal Data We Collect

2.1 Data You Provide

  • Name or display name
  • Email address
  • Goals, tasks, notes, and progress data
  • Support communications

2.2 Data Collected Automatically

  • Device and OS information
  • App usage events and interaction data
  • Crash reports and performance metrics
  • IP address (processed transiently for security and analytics)

2.3 Authentication Data

Authentication is handled via Auth0. We do not store passwords. Auth0 processes authentication data as a Data Processor under GDPR-compliant agreements.

3. Legal Basis for Processing (GDPR Article 6)

Purpose Legal Basis
Account creation & login Contractual necessity (Art. 6(1)(b))
Saving goals and tasks Contractual necessity
Analytics & performance Legitimate interest (Art. 6(1)(f))
Error monitoring Legitimate interest
Ads (where applicable) Legitimate interest / Consent
Legal compliance Legal obligation (Art. 6(1)(c))

Where consent is required, you may withdraw it at any time.

4. How We Use Your Data

We use your personal data to:

  • Provide and operate the Service
  • Sync and persist your goals and tasks
  • Improve usability and performance
  • Monitor reliability and prevent abuse
  • Communicate service-related updates

We do not sell personal data.

5. Advertising

Squirrel may display in-app advertisements. Ads:

  • Are not shown on sensitive pages (e.g. profile, settings, insights)
  • Are not used to build cross-app user profiles
  • May rely on contextual or limited usage data

Where legally required, consent will be requested before personalized ads are shown.

6. Data Processors & Subprocessors

We use GDPR-compliant processors, including but not limited to:

  • Auth0 – authentication
  • Cloud infrastructure providers – data storage and hosting
  • Analytics & monitoring tools – product improvement and reliability

All processors operate under Data Processing Agreements (DPAs).

7. International Data Transfers

Where data is transferred outside the EEA, we rely on:

  • Adequacy decisions, or
  • Standard Contractual Clauses (SCCs)

8. Data Retention

  • Account data is retained while your account is active
  • Deleted accounts are permanently erased within a reasonable timeframe
  • Backups are purged on routine cycles

9. Your GDPR Rights

You have the right to:

  • Access your data (Art. 15)
  • Rectify incorrect data (Art. 16)
  • Erase your data (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Lodge a complaint with a supervisory authority

Requests can be made via the App or by emailing [email protected].

10. Security Measures

We apply appropriate technical and organizational measures including encrypted data transmission, access controls, and secure infrastructure.

11. Children's Data

Squirrel is not intended for users under 13 years of age. We do not knowingly process children's data.

12. Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated via the Service.