Privacy Policy

1. Introduction

Welcome to Contrl ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using Contrl, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when using our Service:

• Account Information: Email address, username, and password when you create an account
• Profile Information: Optional profile details you choose to provide
• Streak Data: Your daily streak information, pledge status, and streak history
• Savings Goals: Financial goals you create, including goal names, target amounts, and deadlines
• Chat Messages: Conversations with Cowl, our AI assistant
• Impulse Shield Data: Information about your use of intervention features
• Support Communications: Messages you send to our support team

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information:

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: Features used, time spent in app, interaction patterns
• Log Data: IP address, access times, app crashes, and performance data
• Analytics Data: Aggregated usage statistics and app performance metrics

2.3 Information We Do NOT Collect

We want to be clear about what we don't collect:

• ❌ Bank account information or credentials
• ❌ Credit or debit card numbers
• ❌ Actual transaction data or purchase history
• ❌ Access to your financial accounts
• ❌ Specific purchase details or merchant information
• ❌ Real dollar amounts of your spending

3. How We Use Your Information

We use your information for the following purposes:

• Provide the Service: To operate and maintain Contrl, including streak tracking, goal management, and AI chat functionality
• Personalization: To provide personalized guidance through Cowl and customize your experience
• Communication: To send you important updates, notifications, and respond to your inquiries
• Improvement: To analyze usage patterns and improve our features and user experience
• Security: To detect, prevent, and address technical issues, fraud, and security concerns
• Legal Compliance: To comply with applicable laws and regulations

4. AI-Powered Features

4.1 Cowl AI Assistant

Contrl uses OpenAI's GPT-4o to power Cowl, our AI assistant. When you chat with Cowl:

• Your messages are sent to OpenAI's servers for processing
• Conversation history (last 20 messages) is included for context
• OpenAI processes your messages according to their privacy policy
• We store chat history locally on your device and on our secure servers
• Chat data is used solely to provide personalized financial guidance

4.2 Data Retention for AI Features

Chat messages are retained to provide continuity in conversations. You can delete your chat history at any time through the app settings.

5. How We Share Your Information

5.1 Service Providers

We share information with third-party service providers who assist us in operating the Service:

• OpenAI: Processes chat messages to provide AI-powered responses through Cowl
• Cloud Hosting: Stores app data securely (e.g., Vercel, cloud database providers)
• Analytics Services: Helps us understand app usage and improve performance

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Your data is yours.

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal processes (court orders, subpoenas)
• Government or law enforcement requests
• Protection of our rights, property, or safety
• Prevention of fraud or security threats

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict access controls limit who can view your data
• Secure Infrastructure: We use reputable cloud providers with robust security
• Regular Updates: We regularly update our security practices and software
• Monitoring: We monitor for unauthorized access and security breaches

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Privacy Rights

7.1 Access and Correction

You have the right to access and update your personal information through the app settings.

7.2 Data Deletion

You can request deletion of your account and all associated data at any time. To delete your account:

• Go to Settings → Account → Delete Account in the app, OR
• Email us at support@nospend.app with your deletion request

We will delete your data within 30 days of your request, except where retention is required by law.

7.3 Data Portability

You can request a copy of your data in a machine-readable format by emailing support@nospend.app.

7.4 Opt-Out Rights

• Marketing Communications: Unsubscribe from emails using the link in each email
• Push Notifications: Disable in your device settings or app settings
• Analytics: Opt out through app settings (may limit functionality)

7.5 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect and how it's used
• Right to delete your personal information
• Right to opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

7.6 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time

8. Children's Privacy

Contrl is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at support@contrl.app, and we will delete it promptly.

9. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active
• Streak and Goal Data: Retained while your account is active
• Chat History: Retained for 90 days or until manually deleted
• Log Data: Retained for up to 12 months for security and troubleshooting

After account deletion, we may retain certain information as required by law or for legitimate business purposes (e.g., dispute resolution, fraud prevention).

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those in your country. By using Contrl, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy, regardless of where it is processed.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you through the app or via email for material changes
• Continued use of the Service after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Third-Party Links and Services

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

14. Your Consent

By using Contrl, you consent to this Privacy Policy and agree to its terms. If you do not agree, please do not use our Service.