Privacy Policy
Effective: 6 May 2026 · Last updated: 6 May 2026
This Privacy Policy explains how Gratitude ("Gratitude", "we", "us") collects, uses, and protects your personal information when you use the Gratitude mobile and web applications and the website at gratitude.you (together, the "Service").
Gratitude is operated by Nic Gibbens, publishing as MakeYourOwnSpace, based in Wellington, New Zealand. You can contact us at support@gratitude.you.
1. What we collect
We collect only what we need to run the Service. Everything below is collected directly from you when you use the app.
| Category | What it is | Why we collect it |
|---|---|---|
| Account information | Email address, display name, and a Firebase user ID. If you sign in with Google or Apple, we receive the basic profile information they share with us (email and name). | To create and authenticate your account. |
| Your gratitude entries | The text you write, the date and time you wrote it, and any photos you attach. | To store your journal and show it back to you across your devices. |
| Location (optional) | If you grant the app location permission, we record the coordinates and a human-readable place name for entries you choose to tag. | To let you remember where you were when an entry was written. You can refuse permission and the rest of the app still works. |
| Memories and chat history | Milestones you save and questions you ask the AI assistant, along with the assistant's replies. | To power the Memories and AI Chat features. |
| Technical data | Standard server logs (IP address, browser, device type, time of request) generated when your device contacts our servers. | Security, abuse prevention, and basic operational reliability. |
We do not use any third-party advertising, analytics, or tracking SDKs. We do not build advertising profiles. We do not sell your personal information.
2. How we use your information
- To provide the core Service: storing your entries, syncing them between devices, and showing them back to you.
- To power AI features: when you ask the in-app assistant a question, your question and a relevant subset of your entries are sent to Google's Gemini API to generate a response.
- To authenticate you and keep your account secure.
- To respond to support requests you send us.
- To meet legal obligations and enforce our Terms of Service.
We do not use your gratitude entries, photos, or chat history to train any AI model.
3. Where your data is stored
Your account data, gratitude entries, photos, and chat history are stored in Google's Firebase platform (Firestore, Cloud Storage, and Cloud Functions), running on Google Cloud infrastructure in the United States. Data is encrypted in transit (TLS) and at rest (AES-256) using keys managed by Google.
If you are based in the European Economic Area, the United Kingdom, or another region with data-export rules, this transfer relies on Google's Standard Contractual Clauses and equivalent transfer mechanisms.
4. Who we share data with
We share your information only with the service providers we rely on to operate Gratitude, and only to the extent each provider needs to deliver its service:
- Google / Firebase — authentication, database, file storage, and serverless functions.
- Google Gemini API — generating AI assistant responses to your questions. Per Google's API terms, prompts and responses sent through the paid Gemini API are not used to train Google's models.
- Apple and Google — when you sign in with Apple or Google, those providers handle authentication and share basic profile information with us.
- App Store and Google Play — for app distribution and subscription billing on iOS and Android.
We will only share your information beyond these providers if we are legally required to (for example, to comply with a valid court order) or if it is strictly necessary to investigate fraud or protect the safety of our users.
5. How long we keep your data
We keep your data for as long as your account is open. When you delete your account from inside the app (Settings → Delete Account & All Data), we permanently delete your gratitude entries, photos, memories, chat history, and authentication record from our systems. Deletion is normally complete within minutes; backup snapshots may persist for up to 30 days before being overwritten.
If you stop using the app without deleting your account, your data stays in your account so you can come back to it. If you would like us to delete an inactive account on your behalf, email support@gratitude.you from the address you used to sign up.
6. Your rights
Depending on where you live, you have rights over your personal information. Wherever you are, you have the following rights through Gratitude:
- Access — every gratitude you've written, every photo you've uploaded, and every chat session you've had is visible to you inside the app at all times.
- Correction — you can edit any entry directly in the app.
- Deletion — you can delete individual entries, or delete your entire account and all data through Settings → Delete Account & All Data.
- Export — email support@gratitude.you and we will send you a copy of your data within 30 days.
- Withdraw consent — you can revoke location permission at any time in your device settings without losing other functionality.
Users in the European Economic Area, the United Kingdom, and California also have additional rights under the GDPR, UK GDPR, and CCPA respectively, including the right to lodge a complaint with a supervisory authority. The legal basis for our processing is the contract you enter into with us when you create an account, and your consent for optional features like location.
7. Security
We rely on Firebase's security model: per-user access rules enforced server-side, TLS in transit, AES-256 at rest, and short-lived authentication tokens. You can also enable biometric (Face ID / Touch ID) lock on the mobile apps for an additional layer.
No system is perfectly secure. If we ever discover a security incident that affects your data, we will notify you and any required regulators in line with applicable law.
8. Children
Gratitude is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please email support@gratitude.you and we will delete it.
9. Changes to this policy
We will update this policy from time to time as the Service evolves. The "Last updated" date at the top reflects the most recent change. If the change materially affects your rights, we will notify you in the app or by email before it takes effect.
10. Contact
Questions, requests, or complaints about this policy: support@gratitude.you.
Nic Gibbens
publishing as MakeYourOwnSpace
Wellington, New Zealand