Privacy Policy

Last updated: 22 April 2026 · Effective: 22 April 2026

1. Who we are

This app and website are operated by A24Z LTD ("Pauza", "we", "us", "our") — a company registered in England and Wales at 128 City Road, London, EC1V 2NX, United Kingdom.

For the purposes of the UK GDPR and the Data Protection Act 2018, A24Z LTD is the data controller for personal data processed through Pauza.

Contact for privacy matters: info@pauza.ai

2. What we collect

2.1 Information you give us

• Account info — email, display name, and (optionally) profile picture when you sign in via Apple ID.
• Payment info — if you subscribe to Pauza PRO or place real-money challenge stakes. Payments are processed by Apple (in-app purchases) and/or Stripe. We never see or store your card details.
• User content — challenge messages, mood-journal entries, profile settings.

2.2 Device & usage data processed on-device

The following is read from Apple frameworks directly on your iPhone. Raw data never leaves your device.

• Screen Time / DeviceActivity — per-app usage duration, app opens, timestamps. Used locally to calculate tokens, streaks, and challenge scores.
• HealthKit — steps, distance, and active energy, only if you grant permission. Used to calculate step-bonus tokens.
• Bluetooth — short-range proximity signals, only when you start a "meetup" session. No continuous scanning.
• Notifications — delivery/open state for challenge reminders.

2.3 Data synced to our servers

To run multiplayer challenges, leaderboards, referrals, and cloud backup, we sync aggregates and identifiers, not raw timelines:

• Daily total scroll time (one number per day) per tracked app category.
• Token balance, streak length, current Aura level.
• Challenge records (participants, stake, start/end time, outcome).
• Referral code, device model, iOS version, app version.
• Crash and diagnostic logs (anonymised).

We do not sync the names of individual apps you use beyond the category level you've selected (e.g. "social"), nor per-minute logs.

3. Why we process it (legal basis)

Under UK GDPR we rely on the following lawful bases:

• Contract (Art. 6(1)(b)) — to provide the app features you signed up for: challenges, tokens, Aura, PRO subscriptions.
• Legitimate interests (Art. 6(1)(f)) — to prevent fraud, secure the service, improve product reliability. Balanced against your rights.
• Consent (Art. 6(1)(a)) — for optional integrations (HealthKit, Bluetooth, notifications, marketing emails). You can withdraw consent any time in settings.
• Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and lawful requests.

4. Who we share it with

We share only the minimum needed, and only with processors that meet UK/EU data-protection standards:

• Google Firebase / Firestore (EU regions) — authentication, database, cloud functions, push notifications.
• Apple — in-app purchase receipts, Sign in with Apple.
• Stripe — real-money challenge stakes and charity payouts.
• Charity partners you select — donation recipient name and amount, no personal data beyond that.
• Analytics providers (e.g. Firebase Analytics) — anonymised event data for product improvement.

We do not sell, rent, or trade your personal data to any third party, ever.

5. International transfers

Our primary infrastructure runs in EU and UK regions. Some processors (Apple, Stripe) may transfer data outside the UK/EEA. In those cases we rely on the UK International Data Transfer Agreement or Standard Contractual Clauses, plus supplementary safeguards.

6. How long we keep it

• Account data — until you delete your account.
• Challenge records — 2 years after challenge end, then anonymised.
• Payment records — 6 years (required for UK tax law).
• Analytics — maximum 26 months, anonymised.
• Device-local data — for as long as the app is installed. Uninstalling the app deletes it.

7. Your rights

Under UK GDPR you have the right to:

• Access — request a copy of your data.
• Rectification — ask us to fix inaccurate data.
• Erasure ("right to be forgotten") — delete your account and all associated data.
• Restriction — limit how we process your data.
• Portability — receive your data in a machine-readable format.
• Object — to processing based on legitimate interests.
• Withdraw consent — for anything we rely on consent for.

Most of these are a single tap in the app: Settings → Account → Export / Delete. Or email info@pauza.ai. We respond within 30 days.

If you're not happy with our response, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Children

Pauza is not directed at children under 13 (under 16 in some EEA countries). We do not knowingly collect data from them. If you're a parent and believe your child gave us data, email us and we'll delete it.

9. Security

All traffic is encrypted in transit (TLS 1.2+). Data at rest is encrypted by our infrastructure providers. Payment data never touches our servers. We do regular security reviews. No system is bulletproof — if a breach affecting your data ever occurs, we will notify you and the ICO within 72 hours, as required by law.

10. Cookies & website analytics

Our website pauza.ai uses minimal first-party analytics to understand which features land with visitors. We do not use advertising cookies. If we add any non-essential cookies in the future, we'll ask for your consent via a banner first.

11. Changes to this policy

We'll update this page when practices change. Material changes will be announced in-app or via email at least 14 days before they take effect. The "Last updated" date at the top always reflects the current version.

12. Contact

A24Z LTD
128 City Road, London, EC1V 2NX, United Kingdom
info@pauza.ai