Privacy Policy
Last updated: March 31, 2026
1. Data Controller
The controller of your personal data is Piotr Łukasik, operating the LifeTap service at lifetap.app.
Correspondence address: Pruszcz Gdański, 83-000, Poland.
Contact for data protection matters: privacy@lifetap.app
The controller information will be updated upon business registration.
2. What Data We Collect
Data you provide:
- Email address — when creating an Account or signing up for the waitlist
- Password — stored in encrypted form (hash)
- Name — optional, provided when creating a profile
- Habit preferences — categories of habits selected by you (e.g., "health & fitness", "productivity")
- Language preference — detected automatically or selected by you (pl/en)
Data generated through your use of the Service:
- Tool results — calculator and tool results linked to your Account
- Streak data — date, day count, streak history
- Badges and achievements — badges earned in the Service
- Reading tracker — article identifier (article_slug) and date marked as read
Data collected automatically:
- Analytics data — via Google Analytics 4 (only after your consent): cookie identifier (_ga), approximate location, device type, browser, pages visited, visit duration
- Technical data — stored in server logs: IP address, HTTP request headers (including user agent), timestamps. Logs are stored by the hosting provider (Vercel)
- Tool data (without Account) — e.g., data entered in the Savings Calculator is stored only in your browser's memory (localStorage) and is not sent to our server
3. Purposes and Legal Basis
| Purpose | Legal basis | Data |
|---|---|---|
| User Account management | Performance of contract — Terms of Service (Art. 6(1)(b) GDPR) | Email, password, name, habit preferences |
| Providing Service features (habit tracking, tools, badges) | Performance of contract — Terms of Service (Art. 6(1)(b) GDPR) | Tool results, streak data, badges, reading tracker |
| Waitlist management | Consent (Art. 6(1)(a) GDPR) | Email, language, signup source |
| Traffic analytics (GA4) | Consent (Art. 6(1)(a) GDPR) | Analytics cookies |
| Service operation and security | Legitimate interest (Art. 6(1)(f) GDPR) | Server logs (IP, user agent) |
| Remembering cookie preferences | Legitimate interest (Art. 6(1)(f) GDPR) | Consent value in localStorage |
Note: Habit preferences (e.g., "health & fitness", "productivity") constitute ordinary data under the GDPR. The Service does not collect health data within the meaning of Article 9 of the GDPR (special category data). Users define their own goals — the Service does not classify or diagnose the user's health status.
4. Data Recipients
- Google LLC (Google Analytics 4) — website traffic analytics. Data processed in accordance with Google's privacy policy. Transfer to the US is covered by Standard Contractual Clauses (SCC) and the EU-US Data Privacy Framework.
- Vercel Inc. (hosting) — technical service operation, server logs. Based in the US. Data transfer covered by Standard Contractual Clauses (SCC).
- Supabase Inc. (database and authentication) — storage of waitlist data, Account data (email, password, profile), and Service usage data (tool results, streaks, badges). The authentication service (Auth) handles the registration and login process. Data stored on EU servers (Frankfurt, Germany).
We do not sell your personal data to third parties.
Data processing by the above entities is governed by Data Processing Agreements (DPAs), in accordance with Article 28 of the GDPR.
5. Data Transfers Outside the EEA
Some of our processors (Google, Vercel) process data on servers in the United States. Transfers are based on:
- Standard Contractual Clauses (SCC) approved by the European Commission
- EU-US Data Privacy Framework (for Google)
6. Data Retention
- Account data — until Account deletion by the user. After Account deletion, personal data is permanently removed within 30 days. Anonymized statistical data may be retained indefinitely.
- Service usage data (tool results, streaks, badges, reading tracker) — deleted upon Account deletion
- Waitlist — until service launch or consent withdrawal (whichever comes first)
- GA4 cookies — up to 14 months (per Google Analytics settings)
- Server logs — per Vercel's retention policy (up to 30 days)
- localStorage (cookie preferences, calculator data) — until manually cleared by the user
- Backups — an additional 30 days after deletion from the main database
7. Your Rights
Under the GDPR, you have the following rights:
- Access — you can ask what data we process
- Rectification — you can request correction of inaccurate data
- Erasure — you can request deletion of your data ("right to be forgotten")
- Restriction — you can request temporary suspension of processing
- Data portability — you can receive your data in a machine-readable format (e.g., JSON) or request its transfer to another controller, where technically feasible
- Objection — you can object to processing based on legitimate interest
- Withdrawal of consent — you can withdraw consent at any time (e.g., for cookies or the waitlist). Withdrawal does not affect the lawfulness of processing before withdrawal
To exercise your rights, contact: privacy@lifetap.app
You also have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland, www.uodo.gov.pl.
8. Account Deletion
You can delete your Account by contacting us at privacy@lifetap.app. In the future, we will provide the option to delete your Account directly from your profile settings.
After Account deletion:
- Personal data (email, name, password) will be permanently deleted within 30 days
- Service usage data (tool results, streaks, badges, reading tracker) will be deleted
- Anonymized statistical data (e.g., aggregated usage statistics) may be retained
- Backups may contain data for an additional 30 days after deletion from the main database
9. Cookies
For detailed information about cookies used by the service, please see our Cookie Policy.
10. Automated Decision-Making
We do not use automated decision-making or profiling within the meaning of Article 22 of the GDPR.
11. Changes to This Policy
We will notify you of significant changes to this Privacy Policy through a visible notice on the website. Account holders will additionally be notified via email. Minor editorial changes do not require notification.
12. Additional Information
LifeTap is currently in development. In the future, we may expand the scope of processed data (e.g., upon introducing user accounts). Any such expansion will be reflected in an update to this Privacy Policy and — where required by law — preceded by obtaining additional consent.