1. Information We Collect

1.1 Account Information

When you create an account, we collect the following through Firebase Authentication:

• Name and display name
• Email address
• Profile photo (if provided via Google or Apple Sign-In)
• Authentication provider (Google, Apple, or email/password)

1.2 User-Generated Content

We store the content you create within the app to provide the service:

• Tasks, subtasks, and checklists
• Habits and recurring schedules
• Goals and progress data
• Tracker boards and entries
• Categories, labels, and organizational data
• Notes, reflections, journal entries, and feedback submissions
• Task and habit proof photos you choose to submit for validation (stored as described in Section 1.8)

1.3 Profile and Personalization Data

To personalize your experience, we collect information you provide during onboarding and profile setup:

• Life context (student, professional, parent, entrepreneur, etc.)
• Occupation and hobbies
• Focus areas and primary challenges
• Personal archetype (Warrior, Wizard, Explorer, Scientist, Artist, Builder, or custom)
• Story preferences (genre, conflict style, villain type)
• Badge art style preference (cartoon, realistic, photorealism, 3D animated, minimalist, anime, watercolor, comic book, vintage)

1.4 Gamification and Progress Data

• XP earned, levels, and level history
• Streak data and streak protection usage (Hearts, Shields)
• Coin balance and Shop purchase history
• Badge unlock history and badge images
• Story progress, chapter completions, and Daily Side Quest episode progress
• Power-up usage
• Tutorial and walkthrough completion

1.5 Usage Data

We may collect anonymized usage data to improve app performance:

• Feature interactions and navigation patterns
• Session duration and frequency
• Crash logs and error reports
• Device type and iOS version
• App version

1.6 Third-Party Integration Data

If you choose to connect optional integrations, we access limited data as described below. We never store your third-party credentials.

Integration	Data Accessed	Purpose
Gmail (Pro)	Email subjects, senders, dates, body content (truncated), attachment names	Convert emails into tasks, send replies
Google Calendar (Pro)	Event titles, times, locations	Schedule sync and auto-scheduling
Canvas LMS (Pro)	Assignments, due dates, course names	Import academic tasks
Apple Calendar & Reminders (Pro)	Event and reminder titles, times, notes (on-device via EventKit)	Import as tasks; data stays on device except task summaries synced to your account
Apple Health (Pro)	Daily aggregates for metrics you link to habits (e.g. steps, sleep)	Auto-log habits; read-only HealthKit access
Apple Contacts	Names, phone numbers, emails (on-device)	Import into Social Network tracker boards when you choose (free)

Gmail, Google Calendar, Canvas, Apple Calendar, Reminders, and Apple Health require an active LevelUp Pro subscription.

1.8 Photos, Camera, and Proof Validation

If you enable photo proof for tasks or habits, you may capture or upload images. Processing may include:

• On-device: Apple Vision analysis to pre-filter obviously invalid submissions before upload
• Cloud: Google Gemini vision validation via secure Cloud Functions when required by the feature
• Storage: Proof images may be stored in Firebase Storage, associated with your account, and subject to retention limits described in Section 12

We do not access your photo library except when you explicitly choose an image or use the in-app camera for proof.

1.9 Screen Time & App Blocking (Device-Only)

If you enable App Blocking, LevelUp uses Apple’s Family Controls, Screen Time, and Managed Settings APIs. This feature is optional and works as follows:

• Your choices: You grant Screen Time authorization in the system flow and select apps and/or app categories using Apple’s picker. You can turn blocking off in LevelUp or revoke access in Settings > Screen Time on your device.
• What we store: Your selections are stored as opaque tokens on the device (they do not reveal human-readable app names to our servers). Blocking preferences and configuration are kept in on-device storage (for example, UserDefaults), not in Firestore.
• What we do not collect: We do not upload which apps or categories you block, shield status, or Screen Time authorization details to LevelUp’s cloud services.
• How blocking works: The app reads your local daily XP progress and settings to apply or remove restrictions according to rules you configure (for example, blocking until a daily XP goal is met). Processing needed to enforce shields happens on your device through Apple’s frameworks.
• Shield extension: A Shield Configuration extension (part of the app) may read minimal data from a shared App Group container on your device—for example, a short message shown on the system shield (such as XP remaining)—solely to display Apple’s blocking UI. That shared data stays on the device and is not sent to our servers.

Apple’s handling of Screen Time and device activity is governed by Apple’s Privacy Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Data Used
Provide core app functionality	Account info, tasks, habits, goals
Personalize your experience	Profile data, archetype, preferences
Personalize badges (titles/descriptions via Gemini; artwork from curated library)	Archetype, occupation, hobbies, art style
Create personalized story content	Story preferences, level progress
Enable gamification mechanics	XP, streaks, badges, levels
Sync data across devices	All user data via Firebase/Firestore
Enable social features	Display name, avatar, level, XP (opted-in)
Import tasks from external services	Integration data (Gmail, Google Calendar, Canvas, Apple Calendar/Reminders, Health)
Optional app blocking (Screen Time)	On-device tokens, local XP/gamification state only — not uploaded to our servers
Improve app stability and performance	Anonymized usage data, crash logs
Respond to support inquiries	Email address, feedback content

3. Data Storage and Security

3.1 Infrastructure

Your data is stored securely using Google Firebase and Firestore cloud infrastructure, hosted in the United States. Firebase employs:

• TLS/SSL encryption for all data in transit
• AES-256 encryption for data at rest
• SOC 1, SOC 2, and SOC 3 compliance
• ISO 27001 certification

3.2 Authentication Security

User authentication is handled by Firebase Authentication, which supports secure sign-in via Google, Apple, and email/password. Passwords are never stored in plaintext — Firebase uses industry-standard hashing and salting.

3.3 Access Controls

Access to user data is restricted through Firestore Security Rules, ensuring users can only read and write their own data. Social features expose only the minimum data necessary (display name, avatar, level, XP) and only to users you've explicitly added as friends.

4. Third-Party Services

LevelUp uses the following third-party services. Each has its own privacy policy governing data use:

Service	Provider	Purpose	Privacy Policy
Firebase Authentication	Google	User sign-in and account management	Link
Cloud Firestore	Google	Data storage and sync	Link
Firebase Analytics	Google	Anonymized usage analytics	Link
Google Gemini	Google	Badge titles/descriptions, story generation, email/calendar/Canvas analysis, task creation, goal coaching, photo proof validation	Link
Gemini Image Generation	Google	Level snapshot artwork and other Pro image features (not per-user badge generation)	Link
Apple Vision (on-device)	Apple	Photo proof pre-filtering before cloud validation; processed on device	Link
Firebase Storage	Google	Curated badge library images, profile photos, proof uploads, and asset storage	Link
Firebase Cloud Functions	Google	Auto-scheduling, streak management, backend processing	Link
Gmail API	Google	Email-to-task conversion and email replies	Link
Google Calendar API	Google	Calendar event sync	Link
Google Maps Distance Matrix API	Google	Travel time calculations for auto-scheduling	Link
Screen Time / Family Controls / Managed Settings	Apple	Optional app blocking you configure; authorization and enforcement on device	Link

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

We may share limited information only in the following circumstances:

5.1 Social Features (User-Controlled)

If you opt into social features, the following information may be visible to friends you add and on leaderboards:

• Display name and avatar
• Current level and XP
• Streak count
• Challenge participation and results

You can control your social visibility at any time from the app settings.

5.2 Service Providers

We use third-party services (listed in Section 4) to operate the app. These providers process data on our behalf and are bound by their own privacy policies and data processing agreements.

5.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of LevelUp, our users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you via email or prominent notice in the app before your data is transferred and becomes subject to a different privacy policy.

6. Your Rights and Choices

6.1 Access Your Data

You can request a copy of all personal data we hold about you by contacting us at eric@levelupaiapp.com. We will respond within 30 days.

6.2 Delete Your Account

You can request complete deletion of your account and all associated data by contacting us. Upon deletion, we will remove:

• Your account and authentication data
• All tasks, habits, goals, and tracker data
• Profile and personalization data
• Gamification data (XP, levels, badges, streaks)
• Social connections and leaderboard entries
• Generated badge images and story content

Deletion is permanent and cannot be undone. We will process deletion requests within 30 days.

6.3 Manage Integrations

You can connect or disconnect third-party integrations (Gmail, Google Calendar, Canvas, Apple Calendar, Apple Health, and others) at any time from the app's settings. Disconnecting revokes our access to that service's data (or, for on-device integrations, stops further reads on your device).

App Blocking: You can disable App Blocking inside LevelUp or turn off Screen Time / Family Controls authorization for LevelUp in Settings > Screen Time on your iPhone or iPad. Doing so removes our ability to apply shields through the app (any data used only for blocking remains on the device).

6.4 Control Social Visibility

You can manage your visibility on leaderboards and in social features from the app's settings. You can remove friends, leave challenges, and opt out of accountability partnerships at any time.

6.5 Opt Out of Analytics

You can limit anonymized analytics collection through your device's privacy settings. LevelUp respects the iOS "Ask App Not to Track" (ATT) framework.

7. Integration-Specific Privacy

7.1 Gmail Integration

When you connect Gmail, LevelUp requests gmail.readonly and gmail.send scopes. We access email metadata (subject lines, senders, dates) and a truncated portion of email body content (up to 1,000 characters) to enable AI-powered task extraction. If you enable auto-scan, new emails are processed automatically in the background. The gmail.send scope allows you to send email replies directly from the app. We do not:

• Store your Gmail credentials
• Store the content of your emails after processing
• Share email data with any third party
• Send emails on your behalf without your explicit action

Email body content is sent to Google Gemini solely for task extraction and is not retained after processing. Gmail access uses OAuth 2.0 authorization and can be revoked at any time from app settings or your Google Account permissions.

7.2 Google Calendar Integration (Pro)

Requires LevelUp Pro. We access event titles, times, and locations to sync your schedule and support auto-scheduling. We do not delete your Google calendar events without your action in the app.

7.3 Canvas LMS Integration (Pro)

Requires LevelUp Pro. We import assignment names, due dates, and course names. We do not access grades, submissions, or other academic records beyond assignment metadata.

7.4 Apple Calendar, Reminders & Health (Pro)

Requires LevelUp Pro. Apple Calendar and Reminders are read on-device via EventKit; only task summaries LevelUp creates are synced to your account. Apple Health uses read-only HealthKit access; we store only the daily aggregate each linked habit needs, not your full health history.

7.5 Apple Contacts

Available without Pro. If you import contacts into a Social Network tracker, data is read on-device via Apple’s Contacts framework and stored only in tracker entries you create.

7.6 Google Maps Integration (Pro)

When Pro auto-scheduling is enabled and tasks have locations, we use the Google Maps Distance Matrix API (via Cloud Functions) to estimate travel time. Location data is sent to Google for that calculation and is not stored beyond the scheduling session.

7.7 Screen Time & App Blocking

See Section 1.9. App Blocking uses Apple Screen Time and Family Controls; blocked-app selections stay on your device. Shield UI may read minimal on-device App Group data (for example, XP progress).

8. AI Features and Data

8.1 Badge Personalization

Badge artwork comes from a curated library of images hosted on Firebase Storage (100 badges × 9 art styles). Your chosen style determines which library images are downloaded; switching styles re-downloads the matching artwork. Badge titles and descriptions are generated with Google Gemini. The following data may be sent to Gemini for badge text:

• Your archetype selection
• Occupation and hobbies
• Life context and focus areas
• Preferred art style
• Badge category and rarity

This data is sent solely for personalization. It is not used to train AI models and is subject to Google's privacy policies (linked in Section 4).

8.2 On-Device Processing

Some features process data on your device without sending it to LevelUp servers: Apple EventKit (calendar/reminders), HealthKit (habit metrics), Apple Vision (photo proof pre-filtering), and Screen Time app blocking. Email and cloud AI features use Google Gemini via secure Cloud Functions.

8.3 Story, Side Quests & Image Generation (Pro)

Story worlds, chapters, Daily Side Quest episodes, and level snapshot artwork (LevelUp Pro) use your story preferences, level progress, and profile context. This data is processed through Google Gemini (and Gemini Image Generation for certain artwork) to create narrative content and milestone images.

8.4 Morning Brief, Evening Review & AI Assistant (Pro)

These Pro features send summaries of your tasks, habits, goals, calendar context (when connected), and behavioral patterns to Google Gemini to generate coaching text and suggestions. Agent-proposed tasks remain in a pending state until you approve them.

8.5 Photo Proof Validation

When you submit proof photos, images may be analyzed on-device (Apple Vision) and/or sent to Google Gemini for validation. We retain proof images in Firebase Storage as needed to enforce the feature and allow you to review submissions. Do not submit images you are not comfortable storing on our infrastructure.

8.6 Push Notifications

If you enable notifications, we use Firebase Cloud Messaging (FCM) to deliver alerts (for example, Morning Brief, Evening Review, or streak reminders). We store an FCM device token linked to your account, not the content of other apps on your device.

9. Social Features and Visibility

LevelUp includes optional social features. Here's exactly what's shared and with whom:

Data	Visible To	Can You Control It?
Display name & avatar	Friends, leaderboard participants	Yes — editable in profile
Level & XP	Friends, leaderboard participants	Yes — opt out of leaderboard
Streak count	Friends, accountability partners	Yes — remove friends/partners
Challenge progress	Challenge participants	Yes — leave challenges
Tasks, habits, goals	No one — always private	N/A
Badges earned	No one — always private	N/A
Email address	No one — never shared	N/A

10. Cookies and Tracking

The LevelUp iOS app does not use cookies. We do not use third-party advertising SDKs or cross-app tracking. We respect Apple's App Tracking Transparency (ATT) framework and do not track users across other apps or websites.

This website (levelupaiapp.com) does not use cookies, analytics, or any tracking technologies.

11. Children's Privacy

LevelUp is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at eric@levelupaiapp.com so we can take appropriate action.

Users between 13 and 17 may use LevelUp with parental consent.

12. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. Specifically:

• Account data: Retained until you request deletion
• Tasks and content: Retained until you delete them or request account deletion
• Gamification data: Retained as long as your account exists
• Badge library images: Cached on device; cloud copies governed by library versioning
• Proof photos: Retained while your account exists or until you delete associated tasks/habits, subject to storage cleanup policies
• Level snapshot and story artwork: Retained as long as your account exists
• Anonymized analytics: May be retained indefinitely in aggregate form
• Crash logs: Retained for up to 90 days

Upon account deletion, all personal data is permanently removed within 30 days. Some anonymized, aggregate data may be retained for analytical purposes.

13. International Data Transfers

Your data is stored and processed in the United States through Google Firebase infrastructure. If you are located outside the United States, your data will be transferred to and processed in the United States. By using LevelUp, you consent to this transfer.

Google Firebase complies with applicable data protection frameworks and maintains certifications including SOC 1/2/3 and ISO 27001.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:

• Minor changes: We will update the "Last updated" date at the top of this page
• Significant changes: We will notify you through the app or via email before the changes take effect

Continued use of LevelUp after changes are posted constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you can reach us at:

• Email: eric@levelupaiapp.com

We aim to respond to all inquiries within 30 days. For data access or deletion requests, we may need to verify your identity before processing.

---

This Privacy Policy was last updated on May 27, 2026.