Privacy Policy

PRIVACY POLICY Last Updated: November 22, 2025 This Privacy Policy explains how GoalAura (goalaura.com) collects, uses, and protects your personal information. 1. INFORMATION WE COLLECT Personal Information: - Email address (required for account creation and communication) - First and last name (optional) - Profile image URL (for OAuth users) - Password (securely hashed, never stored in plain text) Usage Information: - Goals, conditions, items, and assessments you create - Subscription tier and payment information - Theme preferences - Login and activity timestamps 2. HOW WE USE YOUR INFORMATION We use your information to: - Provide and maintain the GoalAura service - Authenticate your account and secure access - Process subscription payments through PayPal - Send important service notifications (verification emails, password resets) - Improve and optimize the application - Comply with legal obligations 3. DATA STORAGE AND SECURITY - Your data is stored in a secure PostgreSQL database - Passwords are hashed using industry-standard security practices - We use HTTPS encryption for all data transmission - Access to your data is restricted to necessary systems only - We perform regular security audits and updates 4. EMAIL VERIFICATION - We require email verification to activate your account - Verification emails are sent through Resend email service - Email verification must be renewed annually - Unverified users have restricted access to features 5. THIRD-PARTY SERVICES We use the following third-party services: - PayPal (payment processing for subscriptions) - Resend (transactional email delivery) - OAuth providers (Google, GitHub, X, Apple) for authentication Each service has its own privacy policy governing their use of your data. 6. DATA SHARING We do NOT sell or share your personal information with third parties for marketing purposes. We may share information only when: - Required by law or legal process - Necessary to protect our rights or safety - With service providers who assist in operations (under strict confidentiality) 7. YOUR RIGHTS You have the right to: - Access your personal information - Update or correct your information - Delete your account and associated data - Export your data - Opt out of non-essential communications 8. DATA RETENTION - Active account data is retained as long as your account exists - Deleted accounts and data are permanently removed within 30 days - Payment records may be retained longer for legal compliance 9. COOKIES AND TRACKING We use session cookies to: - Maintain your logged-in state - Remember your theme preference - Ensure security through CSRF protection We do NOT use third-party tracking or advertising cookies. 10. CHILDREN'S PRIVACY GoalAura is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. 11. INTERNATIONAL USERS Your data may be processed in different countries where our hosting services operate. We ensure appropriate protections are in place. 12. CHANGES TO PRIVACY POLICY We may update this Privacy Policy from time to time. We will notify users of significant changes via email. 13. CONTACT US For privacy-related questions or to exercise your rights, please contact us through the Help & Support section or visit our website at goalaura.com. By using GoalAura, you acknowledge that you have read and understood this Privacy Policy.