Privacy Policy

At a Glance

---

1. Introduction

FREN ("we", "our", or "us") is committed to protecting the privacy of our users ("you"). This Privacy Policy describes how we collect, use, store, share, and protect information when you use the FREN mobile application and its associated services (collectively, the "Service").

This policy applies to all users of the FREN app regardless of how they access it — through email/password authentication or Google Sign-In. By using the Service, you consent to the data practices described in this Privacy Policy.

If you do not agree with the practices described in this policy, please do not use the Service. If you have questions at any time, contact us at privacy@frenapp.io.

---

2. Information We Collect

2.1 Account Information

When you create a FREN account, we collect:

• Email address: Used for account identification, authentication, password reset, and service communications.
• Display name: The username you set in Settings, displayed on the public leaderboard. This is optional and user-defined.
• Google profile information (if using Google Sign-In): We receive your Google account email address and a unique Google user identifier. We do not receive your Google profile photo, contacts, Google Drive contents, or any other Google service data.
• Authentication tokens: Secure tokens issued by our authentication service to maintain your login session. These are stored securely on your device using platform-native secure storage.

2.2 Financial Behavior Data

The core functionality of FREN relies on data you manually enter about your spending behavior. We collect:

• Spending impulse items: Names and prices of items you add to the Cooldown Cart, Saved list, Purchased list, or Wishlist. This data is entered entirely by you and is not connected to any bank account or payment system.
• Item categories: Optional category labels you assign to items (e.g., Technology, Clothing, Food).
• Item status and timestamps: The current status of each item (cooling, saved, purchased, wishlist) and the date and time it was created or last modified.
• Financial profile data: Monthly net income, fixed monthly expenses, and weekly work hours — used exclusively to calculate your "hourly life energy" metric within the app. This data is stored on our servers only to sync across your devices.
• Financial goals: Goal name, target amount, target period (monthly/yearly/all-time), and associated emoji.
• Budget limits: Overall monthly spending cap and per-category spending limits you configure in Settings.
• Custom motivation message: An optional personal motivational message you write for yourself, used to trigger personalized push notifications.

2.3 Gamification and Progress Data

To power the XP system, leaderboard, and quests, we store:

• Current level, total XP, and XP history derived from your spending behavior.
• Daily quest completion records, including quest IDs completed and the date of completion.
• Spending streak count and streak shield inventory.
• Friends list: unique user IDs of accounts you have added as friends. No personal contact data (phone numbers, email addresses) of your friends is stored or shared.

2.4 Preferences and Settings

• Dark mode preference (on/off toggle).
• Biometric authentication setting (whether you have enabled Face ID / Touch ID lock for the app). We store only a boolean flag — we never store your biometric data itself. Biometric data is processed entirely on-device by iOS/Android and is never transmitted to our servers.

2.5 Device and Usage Data

We collect limited technical data automatically when you use the Service:

• Push notification tokens: If you grant notification permission, we store a device push token (via Expo Notifications) to deliver scheduled reminders. This token is unique to your device-app combination and does not identify you personally.
• Crash reports and error logs: Anonymous technical error information to help us identify and fix bugs. These logs do not contain your personal or financial data.
• App version and platform: Used to deliver version-appropriate features and support.

We do not collect your device's precise GPS location, contact list, photos, or camera data. We do not use any cross-app or cross-site tracking technologies (e.g., advertising cookies, fingerprinting).

---

3. How We Use Your Information

We use the information we collect for the following purposes only:

• Providing the Service: Storing and retrieving your spending items, goals, budgets, XP data, and settings so the app functions correctly and syncs across your devices.
• Account management: Creating your account, verifying your identity, managing authentication sessions, and enabling password reset.
• Leaderboard and social features: Displaying your display name, XP, and level on the global leaderboard and on your friends' personal leaderboards.
• Push notifications: Sending you scheduled motivation messages (daily), 48-hour cooling period reminders, and weekly spending summaries — all of which you can disable at any time in your device's notification settings.
• Gamification calculations: Computing your XP, level, streak count, and quest completion status based on your activity.
• Hourly wage calculation: Using your income, expenses, and work hours to compute your personal "hourly life energy" metric, displayed only to you within the app.
• Service improvements: Analyzing anonymized, aggregated usage patterns (not linked to individual users) to understand how to improve the app's features and user experience.
• Legal compliance: Complying with applicable laws, regulations, and legal processes, and protecting the rights, property, and safety of FREN, our users, and the public.

We do not use your data for advertising profiling, behavioral advertising, or selling to data brokers.

---

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We share your data only in the following limited circumstances:

4.1 Cloud Infrastructure Provider

FREN relies on a third-party cloud infrastructure provider (Firebase) to power authentication, data storage, and backend operations. All user data is stored on their servers and processed solely on our behalf. This provider does not use your FREN data to serve you ads or share it with other parties for their own purposes.

4.2 Expo (Expo Technology, Inc.)

FREN is built with the Expo framework and uses Expo's push notification infrastructure to deliver scheduled reminders to your device. Expo processes push notification tokens on our behalf. Expo does not receive your personal or financial data.

Expo's privacy policy: expo.dev/privacy

4.3 Google Sign-In

If you choose to sign in with Google, your authentication is handled by Google's OAuth 2.0 service. We receive only your email address and Google user ID. We do not receive access to your Google account beyond what is required for authentication.

4.4 Public Leaderboard

Your display name (set by you in Settings), current XP, and current level are visible to all registered FREN users on the global leaderboard. Your email address, financial data, income, expenses, and spending item details are never shared publicly or with other users.

4.5 Legal Requirements

We may disclose your information if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, or government request.
• Protect and defend the rights or property of FREN.
• Prevent or investigate possible wrongdoing in connection with the Service.
• Protect the personal safety of users or the public.

4.6 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice in the app before your data is transferred and becomes subject to a different privacy policy.

---

5. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption in transit: All data transmitted between the app and our servers is encrypted using TLS (Transport Layer Security).
• Encryption at rest: All data stored on our servers is encrypted at rest using industry-standard server-side encryption.
• Server-side access controls: Strict access rules enforce that users can only read and write their own data. No user can access another user's financial records, settings, or spending history.
• Secure credential storage: Authentication tokens on your device are stored using the platform's secure storage mechanisms (iOS Keychain / Android Keystore) in production builds.
• Biometric data isolation: Biometric authentication (Face ID / Touch ID) is processed entirely on-device using the platform's secure enclave. No biometric template or raw data is transmitted to or stored on our servers.

While we strive to use commercially acceptable means to protect your information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

---

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. Specifically:

• Active accounts: All profile, spending, and gamification data is retained for as long as your account exists.
• Deleted accounts: When you delete your account, we initiate deletion of your personal data from our servers within 30 days. Leaderboard entries are removed within 7 days.
• Inactive accounts: Accounts with no login activity for 24 consecutive months may be automatically deleted after 30 days' advance email notice.
• Backup retention: Anonymized backup copies may be retained for up to an additional 90 days in disaster recovery systems before being permanently overwritten.
• Legal holds: We may retain certain data longer than the periods above if required by law, regulation, or ongoing legal proceedings.

---

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

7.1 Right to Access

You have the right to request a copy of the personal information we hold about you. Most of your data is directly accessible within the app — your spending items, goals, profile, and settings are all visible in the respective screens.

7.2 Right to Rectification

You may correct or update your personal information at any time directly through the Settings screen. Changes are reflected in real time across all your devices.

7.3 Right to Erasure ("Right to be Forgotten")

You may permanently delete your account and all associated personal data through the Settings screen → Account → Delete Account. This action is irreversible. Alternatively, contact us at privacy@frenapp.io to submit a data deletion request.

7.4 Right to Data Portability

You may export your spending data in JSON format using the Export Data feature in the Settings screen. This export includes all your spending items, categories, prices, and statuses. You can use this data to import into other applications or retain it for your personal records.

7.5 Right to Restriction of Processing

You may request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of your data or object to our processing. During the restriction period, we will only store your data and not process it further.

7.6 Right to Object

You have the right to object to processing of your personal data for purposes such as aggregate analytics. You may opt out of anonymized analytics data collection by contacting us at privacy@frenapp.io.

7.7 How to Exercise Your Rights

To exercise any of the above rights, or for privacy-related inquiries, contact us at privacy@frenapp.io. We will respond to your request within 30 days. In some cases, we may ask you to verify your identity before processing your request to protect against unauthorized access.

---

8. International Data Transfers

FREN relies on cloud infrastructure whose servers may be located in the United States or other countries. By using the Service, you acknowledge that your data may be transferred to and processed in countries outside your own.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you acknowledge that your data may be transferred to countries that may not provide the same level of data protection as your home country. Such transfers are made subject to appropriate safeguards, including Standard Contractual Clauses as approved by the European Commission.

---

9. Children's Privacy

FREN is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at privacy@frenapp.io. We will take prompt action to review and remove the relevant information.

Users between the ages of 13 and 18 may use the Service only with verifiable parental or guardian consent. We encourage parents to discuss online privacy with their children.

---

10. Biometric Data

FREN offers an optional biometric lock feature (Face ID on iOS, fingerprint authentication on Android) to protect access to the app. We want to be transparent about how this feature works:

• Biometric authentication is performed entirely on your local device using the platform's native secure biometric framework (iOS LocalAuthentication API / Android BiometricPrompt).
• FREN never has access to, receives, processes, or stores your biometric data (facial geometry, fingerprint templates, etc.).
• We store only a single boolean flag in your profile indicating whether you have enabled biometric lock. This flag has no biometric information embedded in it.
• You can disable biometric lock at any time from Settings. Disabling the feature removes the boolean flag from your profile.

---

11. Push Notifications

With your permission, FREN sends the following types of push notifications:

• Daily motivation: A daily financial mindfulness reminder, sent once per day at a fixed time.
• Cooling period reminders: A reminder when an item in your Cooldown Cart has been waiting for 48 hours, prompting you to make a conscious decision about it.
• Weekly spending summary: A weekly report (sent on Sundays) summarizing your savings and spending activity.
• Custom motivation: If you set a personal motivation message in Settings, it will be included in your daily notification.

You can disable all push notifications at any time through your device's system settings (iOS: Settings → Notifications → FREN; Android: Settings → Apps → FREN → Notifications). Disabling notifications does not affect other features of the app.

We use a third-party push notification delivery service. The push token (a device identifier unique to your app installation) is stored in your account profile and shared with that service solely for the purpose of delivering notifications. It is deleted when you delete your account.

---

12. Cookies and Tracking Technologies

As a native mobile application, FREN does not use browser cookies. We do not use cross-site tracking, advertising identifiers (IDFA/GAID), fingerprinting techniques, or any third-party analytics SDKs that track your behavior across apps.

Any analytics data collected through our infrastructure provider is anonymized and aggregated. It does not include your personal spending data or financial information, and is used solely to improve the reliability and performance of the Service — never to profile individual users.

---

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will:

• Update the "Effective Date" at the top of this policy.
• Send a notification to your registered email address about the updated policy, where technically feasible.
• Display a prominent in-app notice for at least 7 days following a material change.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy. If you disagree with material changes to this policy, you may delete your account.

---

14. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or how FREN handles your personal information, please contact our Privacy team: