MAO

Privacy Policy

Grinde · Last updated June 24, 2026

This Privacy Policy describes how Grinde ("we," "our," or "us") collects, uses, and shares information when you use the Grinde mobile application ("App"). Grinde is operated by Julia Still Schweder, an individual sole proprietor based in Einhausen, Germany. By using Grinde, you agree to the practices described in this policy.

If you do not agree with this policy, do not use the App.

1. Age Requirement — Strictly 13+

Grinde is not available to anyone under the age of 13. This is a strict, non-negotiable requirement.

  • During the first launch of the App, every user is required to enter their date of birth through a neutral date-of-birth picker.
  • The date of birth is evaluated on your device only to determine whether you are 13 or older. The raw date of birth is never stored, never transmitted, and never written to any server.
  • After the check, only two non-identifying flags ("passed age gate" / "blocked") are saved locally on your device.
  • Users determined to be under 13 are permanently blocked from creating an account on that device.
  • We do not knowingly collect, store, or process personal information from anyone under the age of 13 under any circumstances.
  • If we become aware that a user is under 13, we will immediately terminate the account and permanently delete all associated personal data.
  • If you are a parent or legal guardian and believe your child under 13 has created an account, please contact us immediately at support@joinmao.com and we will delete the account and all related data within 7 days.

This policy is designed to comply with the EU General Data Protection Regulation (GDPR), the US Children's Online Privacy Protection Act (COPPA), and applicable German law including the Bundesdatenschutzgesetz (BDSG).

2. Information We Collect

We collect only the information needed to operate the App.

Account information

  • Your email address and password (if you register with email), OR
  • Your Apple identity token (if you use Sign in with Apple).
  • A display name, only if you sign in with Apple AND Apple provides your name AND your profile is new. You may choose "Hide my name" in Apple's Sign In flow to prevent this.

Note on date of birth: We do NOT collect or store your date of birth. It is checked locally on your device and immediately discarded. Only a pass/blocked flag remains on-device.

Profile data

  • A unique user ID, your personal referral code, your trial start date, and any bonus days associated with your account.

User-generated content (stored in your synced user state)

  • Your selected goals, situation tags, milestone notes, side quests, check-in entries, and daily task completions.

Progress data

  • XP points, level, and streak information.

Referral activity

  • Records of referral codes you redeem or that others redeem using your code.

Session data

  • Session and refresh tokens are stored locally on your device to keep you signed in between launches.

We do not collect: date of birth, precise location, contact lists, photos, microphone or camera input, browsing history, device model, operating system version, advertising identifiers, or any data from outside the App. The App does not send push notifications.

3. How We Use Information

We use the information we collect solely to provide, maintain, and improve the App:

  • To verify you meet the minimum age requirement of 13 (computed locally on your device).
  • To create and authenticate your account and restore your session across launches.
  • To generate, rank, and personalize your daily task plan based on the goals and situation context you provide.
  • To track your progress, XP, streak, and milestone history.
  • To process referral code redemptions and apply trial day bonuses.
  • To sync your goals, progress, and notes securely across your devices.
  • To communicate with you about your account if you contact our support team.

We do not use your information for advertising, profiling for marketing, behavioral analytics, or any purpose unrelated to the operation of the App.

4. Third-Party Service Providers

Grinde relies on the following third-party services to operate. Each is bound by data processing agreements where required:

Supabase — used for account authentication and storage of your account data and synced user state. Supabase enforces row-level security so that only you can access your own data. See Supabase's privacy policy at https://supabase.com/privacy.

OpenAI — Grinde uses OpenAI's API (model: gpt-4o-mini) to generate personalized daily plans. When you generate a plan, the following fields are sent to OpenAI:

  • Your goal information (freedom statement, target monthly income, deadline, and "why it matters" note).
  • Your selected paths (the income vehicles you chose).
  • Your stage assets (whether you've made money before, audience size, available capital in USD, daily hours available, skill/asset tags, and current blockers).
  • Your last 2–3 days of activity (recently completed and swapped task titles).
  • Your weekly events (event type, metric, context, days ago, plus your free-text note).
  • A desired count of tasks.

The following are never sent to OpenAI: your email address, name, Apple ID, user ID, date of birth, referral codes, XP/level/streak data, or any device data.

OpenAI may retain API request data for up to 30 days for abuse monitoring, then deletes it. See OpenAI's privacy policy at https://openai.com/policies/privacy-policy.

Apple — if you use Sign in with Apple, Apple processes your Apple ID and shares an anonymized identity token with us. See Apple's privacy policy at https://www.apple.com/legal/privacy/.

We do not use advertising networks, analytics SDKs, crash reporting tools, marketing pixels, or any third-party tracking technologies in the App.

5. How We Share Information

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

  • Service providers (Supabase, OpenAI, Apple) — solely to operate the App as described above.
  • Legal compliance — we may disclose information if required by applicable law, regulation, or valid legal process from a competent authority.
  • Business transfers — if Grinde is acquired or its assets transferred, your information may be part of that transaction, subject to confidentiality obligations and continued protection under this Policy.

6. Your Rights Under GDPR

If you are a resident of the European Union, United Kingdom, or Switzerland, you have the following rights under the GDPR:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate personal data.
  • Right to erasure ("right to be forgotten") — request deletion of your personal data. You can also delete your account directly in the App at any time (see Section 7).
  • Right to restrict processing — request limitation of how we use your data.
  • Right to data portability — request your data in a machine-readable format.
  • Right to object — object to certain processing of your personal data.
  • Right to withdraw consent — withdraw consent for processing at any time.
  • Right to lodge a complaint — file a complaint with your local data protection authority. In Germany this is the Hessischer Beauftragter für Datenschutz und Informationsfreiheit.

To exercise any of these rights, contact us at support@joinmao.com. We will respond within 30 days.

7. Account Deletion and Data Retention

You can delete your account and all associated data at any time, directly in the App:

Settings → Delete account

Deletion is immediate and permanent. Tapping the button removes your records from our database entirely — including your profile, user state, referral redemptions, and authentication record. There is no grace period and no recovery. Once deleted, your data cannot be restored.

Outside of in-app deletion, we retain your account and user state data only as long as your account is active. If you have any issue with in-app deletion, you may also email us at support@joinmao.com and we will process your request within 30 days.

After deletion, your data is permanently removed from our systems, except where retention is legally required (e.g., for tax records).

8. Your Choices

  • Sign out — you may sign out at any time through the Settings screen. This clears your local session only; your account and synced data remain on the server so you can sign back in on any device.
  • Delete account — permanently removes your account and all data (see Section 7).
  • Apple ID — if you signed in with Apple, you may also revoke access through your Apple ID settings on your device.

9. Data Security

We take reasonable technical and organizational measures to protect your information, including encryption in transit (TLS), row-level security on our database, and authentication via Supabase.

Session data is stored locally on your device. As with any mobile app, the security of your data also depends on the security of your device — we recommend using a device passcode and keeping your operating system up to date.

No system is 100% secure, but we work hard to keep your data safe. If we become aware of a data breach affecting your personal information, we will notify you and the relevant data protection authority within 72 hours, as required by GDPR.

10. International Data Transfers

Some of our service providers (notably OpenAI) are based outside the European Economic Area. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses approved by the European Commission to ensure your data remains protected.

11. Changes to This Policy

We may update this policy as the App evolves. When we make material changes, we will update the "Last updated" date at the top and notify users through the App or by email. Continued use of the App after changes are posted constitutes acceptance of the revised policy.

12. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Julia Still Schweder Buerstadter Str. 23 64683 Einhausen, Germany Email: support@joinmao.com