The SafehouseSign in

Privacy Notice

Last updated: June 18, 2026

Who we are

The Safehouse is operated by Nikolas Jaroš, a sole trader (OSVČ) registered under a Czech živnostenské oprávnění, IČO 17225001, Czech Republic. We act as the data controller for personal data processed through the app. Contact: jaros.nikolas.pracovni@gmail.com.

Short version

Your data is yours. We store what you put in, we don't sell it, we don't train AI models on it, and you can export or delete everything at any time from Settings.

What we collect and why

  • Account data (email, name, optional avatar from Google sign-in) — to create and secure your account. Legal basis: contract performance.
  • Content you log (habits, journal, water, food, sleep, weight, workouts, photos, goals) — to provide the service and power the AI Coach and Weekly Review on your own data. Legal basis: contract performance.
  • Support messages — to respond to you. Legal basis: legitimate interests.
  • Server logs (IP address, user agent, timestamps) kept for up to 30 days — for security and abuse prevention. Legal basis: legitimate interests.
  • Billing data is handled by Paddle (see below); we receive only the metadata needed to grant access to your plan.

Who we share data with

We do not sell your data. We share it only with the following categories of recipients:
  • Hosting and backend — Supabase (database, authentication, file storage).
  • AI processing — Lovable AI Gateway, used to generate Coach replies and Weekly Reviews from your own data.
  • Payments and tax — Paddle.com Market Limited acts as our Merchant of Record. Paddle handles checkout, payment processing, invoicing, subscription billing, tax compliance, and refunds, and processes your billing data as an independent controller for those purposes.
  • Professional advisers and authorities — only where required by law.

International transfers

Some processors may store or process data outside the European Economic Area. Where this happens we rely on appropriate safeguards (such as the EU Standard Contractual Clauses or an adequacy decision).

Retention

We keep account and content data for as long as your account is active. When you delete your account, your content is deleted immediately and irreversibly. Server logs are kept for up to 30 days. Billing records retained by Paddle follow Paddle's own retention rules and applicable tax law.

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, or port your data, to object to certain processing, to withdraw consent, and to complain to your local data protection authority (in Czechia, the Úřad pro ochranu osobních údajů). You can exercise the core rights from Settings (export as CSV, delete account) or by emailing us. We respond within one month.

Security

We use appropriate technical and organisational measures, including encryption in transit, access controls, and least-privilege database policies.

Cookies

We use only essential cookies and local storage needed to keep you signed in and remember your preferences. We do not use marketing or third-party analytics cookies.

Contact

Email jaros.nikolas.pracovni@gmail.com.