Arethio

Privacy Policy for Arethio

Last updated: July 29, 2025

Introduction

This privacy policy describes how Arethio ("we", "our", or "us") collects, uses, and protects your information when you use our mobile application and website (the "Service")

Information We Collect

Authentication Data

We use Clerk as our authentication provider, which may integrate with third-party services like Google Sign-In. When you authenticate with Arethio:

  • Email address (required for account creation and communication)
  • Basic profile information (name and profile picture from your chosen authentication method)
  • Authentication tokens (managed securely by Clerk, not stored by us)
  • Account verification status

User-Provided Data

You have full control over the personal information you choose to provide through the app interface. This may include:

  • Profile information (username, bio, avatar - all optional)
  • Habit tracking data you create
  • Task and project information you enter
  • Notes and personal content you write
  • Progress metrics generated from your activities
  • Achievement data earned through app usage
  • User preferences and settings you configure
  • Timezone and layout preferences

Technical and Usage Data

We automatically collect limited technical data to provide and improve our service:

  • App usage statistics (anonymized where possible)
  • Performance and error data for service improvement
  • Basic device information (browser type, operating system)
  • Session data for security and functionality
  • API usage patterns for service optimization

How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Improve and personalize your experience
  • Track your progress and achievements
  • Enable sync across devices
  • Communicate important updates
  • Analyze app performance and usage patterns

Data Storage and Security

Security Measures

We implement comprehensive security measures to protect your data:

  • Industry-standard encryption for data in transit and at rest
  • Secure authentication through Clerk with multi-factor authentication support
  • Regular security audits and vulnerability assessments
  • Access controls and monitoring for our systems
  • Secure API endpoints with rate limiting and authentication requirements

Infrastructure Security

Our technical infrastructure includes:

  • Supabase for secure database services with row-level security
  • Vercel for secure hosting with HTTPS enforcement
  • Content Security Policy (CSP) headers to prevent XSS attacks
  • Regular automated backups for operational continuity
  • Monitoring and alerting systems for security incidents

Data Protection Limitations

While we implement strong security measures, users should understand:

  • No system is 100% secure against all possible threats
  • Users are responsible for maintaining secure passwords and account access
  • We cannot protect against user-initiated data sharing or account compromise
  • Internet transmission inherently carries some security risks

Third-Party Services and Integrations

Authentication Services (Clerk)

We use Clerk as our authentication provider, which handles secure user authentication and may integrate with:

  • Google Sign-In (when you choose this option)
  • Email/password authentication
  • Account verification services

Infrastructure Services

Our app relies on the following infrastructure services:

  • Supabase (database and backend services)
  • Vercel (hosting and deployment)
  • Google Cloud Services (AI features, when used)

Google Services Compliance

When you use Google Sign-In, we comply with Google's requirements:

  • We only use Google Sign-In for authentication purposes
  • We do not request or store additional Google user data beyond email and basic profile information
  • We do not access your Google account data, files, or other services
  • Your Google account data remains under Google's privacy policy and your control

Data Sharing

We do not sell your personal information. We only share your data:

  • When required by law
  • To protect our rights
  • With your explicit consent

Data Responsibility and User Obligations

User Data Responsibility

As a user of Arethio, you acknowledge and agree that:

  • You are responsible for maintaining your own data backups
  • You should regularly export your data if you wish to keep personal copies
  • You are responsible for the accuracy and appropriateness of data you input
  • You should not rely solely on our service for critical data storage

Data Export and Portability

We provide tools and functionality to help you manage your data:

  • Data export functionality is available through the app interface
  • You can download your personal data in standard formats
  • Export includes all user-generated content (habits, tasks, notes, progress)
  • Authentication data managed by Clerk can be accessed through your Clerk account

Service Limitations and Disclaimers

While we implement industry-standard security and backup procedures, you understand that:

  • Our backup systems are designed for operational continuity, not as user data guarantees
  • We cannot guarantee against all forms of data loss or corruption
  • Service interruptions, technical failures, or other issues may affect data availability
  • We are not liable for data loss resulting from user actions, technical failures, or force majeure events

Recommended Data Practices

We recommend that users:

  • Regularly export important data using our provided tools
  • Maintain personal backups of critical information
  • Review and update their data regularly for accuracy
  • Understand the inherent risks of cloud-based data storage

Your Privacy Rights

Under applicable privacy laws, you have the right to:

  • Access your personal data and understand how it's processed
  • Correct inaccurate or incomplete data
  • Delete your data (subject to legal retention requirements)
  • Export your data in a portable format
  • Restrict or object to certain data processing activities
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with relevant data protection authorities

To exercise these rights, please contact us using the information provided in the Contact section. We will respond to your request within the timeframes required by applicable law.

Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect information from children under 13

Data Retention and Deletion

We retain your data according to the following principles:

  • Account data: Retained while your account is active and for a reasonable period after deletion
  • User-generated content: Retained according to your preferences and legal requirements
  • Technical logs: Typically retained for 90 days for security and operational purposes
  • Analytics data: Anonymized and aggregated data may be retained longer for service improvement

When you delete your account, we will delete or anonymize your personal data within a reasonable timeframe, subject to legal retention requirements and technical limitations.

International Data Transfers

Your data may be processed and stored in countries other than your own, including the United States and European Union. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard contractual clauses with service providers
  • Adequacy decisions where applicable
  • Other legally recognized transfer mechanisms

Changes to This Policy

We may update this privacy policy as our app develops. We will notify users of any material changes through:

  • In-app notifications for significant changes
  • Email notifications to registered users
  • Updated 'Last Updated' date at the top of this policy
  • Prominent notices on our website or app interface

Continued use of our service after changes constitutes acceptance of the updated policy. If you disagree with changes, you may delete your account.

Contact Us

If you have questions about this privacy policy, wish to exercise your privacy rights, or need to report a privacy concern, please contact us at:

  • Email: tony@tonyalfredsson.se
  • Subject line: 'Privacy Policy Inquiry' for faster processing

We will respond to privacy-related inquiries within 30 days, or as required by applicable law.

Development Status Notice

Arethio is currently in active development. As we add new features and improve our service:

  • This privacy policy may be updated to reflect new data practices
  • We will notify users of material changes through the app or email
  • New features may involve additional data processing, which will be clearly disclosed
  • Users will have the opportunity to review and consent to significant changes

We are committed to maintaining transparency about our data practices throughout our development process and will always prioritize user privacy and data protection.