← Back to home

Privacy Policy

Wersja polska →

Last updated: April 6, 2026

This Privacy Policy explains how we collect, use, and protect your personal data when you use XP Life (the “Service”).

1. Data Controller

The data controller is:

Deep Green Design Sebastian Karasiewicz

Jasienica 829, 43-385 Jasienica, Poland

Email: sebastian@karasiewicz.dev

2. What Data We Collect

2.1 Account Data

  • email address
  • name or username
  • authentication identifiers (via Better Auth)

2.2 User Content

  • habits, tasks, goals
  • rewards and progress tracking
  • notes and custom inputs
  • activity history (e.g. streaks, XP, completions)

2.3 Technical Data

  • IP address
  • browser and device info
  • timestamps and logs
  • interaction events

2.4 Payment Data

Payments are handled by Stripe.

We do not store full card numbers or CVV codes.

We may store subscription status and billing identifiers.

3. How We Use Your Data

We use your data to:

  • provide core functionality (habit tracking, XP system)
  • generate AI insights and coaching
  • personalize user experience
  • manage subscriptions and billing
  • improve product performance
  • detect abuse and ensure security
  • comply with legal obligations

4. Legal Basis (GDPR)

We process data based on:

  • Contract performance — to run the Service
  • Legitimate interest — product improvement, security
  • Consent— optional analytics, push notifications
  • Legal obligations — accounting, compliance

5. AI Processing (Google Gemini)

We use AI features powered by Google Gemini (Google AI).

What data is processed:

  • habits and tasks
  • goals and behavioral patterns
  • user inputs (e.g. prompts, notes)

How it works:

  • selected data is sent to Google AI services
  • responses are generated and returned to the app

Important:

  • AI outputs may be inaccurate or incomplete
  • AI is not professional advice
  • you remain responsible for decisions based on AI output

We do not use your data to train our own models. Google may process data according to their policies.

6. Data Sharing

We share data only with necessary service providers:

  • Better Auth— authentication
  • Stripe— payments
  • Google (Gemini) — AI processing
  • Vercel— hosting
  • Neon— PostgreSQL database
  • Google Analytics — usage analytics

All providers operate under data processing agreements where required. We do not sell your data.

7. Data Retention

We retain data:

  • while your account is active
  • as needed to provide the Service
  • as required by law (e.g. tax records)

After account deletion, data is deleted or anonymized. Backups may persist temporarily.

8. Your Rights (GDPR)

You have the right to:

  • access your data
  • correct inaccurate data
  • delete your data
  • restrict processing
  • data portability
  • object to processing
  • withdraw consent at any time

Contact: sebastian@karasiewicz.dev

You also have the right to lodge a complaint with the Polish Data Protection Authority (UODO).

9. Cookies

We use:

  • essential cookies (login/session via Better Auth)
  • analytics cookies (Google Analytics)

You can manage cookies in your browser settings.

10. Security

We use:

  • HTTPS encryption
  • access controls
  • secure infrastructure
  • hashed passwords (never stored in plain text)

However, no system is fully secure.

11. Children

The Service is not intended for users under 18.

12. International Transfers

Your data may be processed outside the EU (e.g. USA).

We use safeguards such as Standard Contractual Clauses (SCCs) where applicable.

13. Changes

We may update this policy. We will notify users of significant changes via email or in-app notification.

14. Contact

Email: sebastian@karasiewicz.dev

Address: Jasienica 829, 43-385 Jasienica, Poland

← Terms of ServiceHome