Privacy Policy

Effective Date: March 5, 2026 · Last Updated: March 6, 2026

1. Who We Are

Polar Balance is developed and operated by Gray Consulting & Management LLC ("we," "us," or "our"). Questions about this policy can be directed to contact@grayconsultingmanagement.com.

2. What Information We Collect

We collect only what is necessary to operate the app:

Account information — depending on how you sign in, this may include your email address, a display name, or a unique identifier provided by Google or Apple. We never receive your Google or Apple account password.
App data you enter — mood logs, habit entries, notes, and any other content you choose to record within the app.
Guest mode — if you use the app without signing in, no account information is collected. Your data remains on your device only and is never transmitted to our servers.

We do not collect payment information, precise location data, contact lists, or health records from third parties. We do not use Firebase Analytics, Firebase Crashlytics, or any third-party advertising SDK.

3. How Your Data Is Stored

Polar Balance uses a local-first storage model. All data you enter is stored on your device by default and remains fully accessible offline. Your data does not leave your device unless you explicitly choose otherwise.

Cloud sync is entirely optional. If you choose to enable it, your data is synced to Firebase (Google's cloud infrastructure) and associated with your account, allowing access across multiple devices. Enabling cloud sync requires signing in.

You may disable cloud sync or delete your account at any time. Upon account deletion, all cloud-stored data is permanently removed from our servers (see §9).

4. How We Use Your Information

Your data is used solely to:

Provide and maintain the core functionality of Polar Balance.
Authenticate your account and, if cloud sync is enabled, keep your data consistent across your devices.
Respond to support requests or account deletion inquiries you initiate.

We do not use your data to build advertising profiles, conduct marketing campaigns, sell or license data to third parties, or perform any form of clinical or medical research.

5. Legal Basis for Processing (GDPR — EU/EEA/UK Users)

If you are located in the European Union, European Economic Area, or United Kingdom, we process your personal data only where we have a valid legal basis under Article 6 of the GDPR (or the UK GDPR). The legal bases we rely on are:

Performance of a contract (Art. 6(1)(b)) — When you create an account and enable cloud sync, processing your account identifier and synced app data is necessary to provide the service you have requested.
Legitimate interests (Art. 6(1)(f)) — We process minimal technical data to maintain the security and integrity of the app where this does not override your fundamental rights and freedoms. We do not rely on legitimate interests for any marketing or profiling purpose.
Legal obligation (Art. 6(1)(c)) — We may process or retain data where required by applicable law, court order, or regulatory obligation.

We do not rely on consent as the legal basis for core app functionality. Optional features such as cloud sync are initiated by you when you sign in; no processing of cloud data occurs unless you take that affirmative step.

6. Third-Party Services

Polar Balance integrates with the following third-party services. Each is governed by its own privacy policy, linked below.

Service	Purpose	Privacy Policy
Firebase (Google)	Authentication; optional cloud storage and sync	firebase.google.com/support/privacy
Google Sign-In	Optional sign-in method via your Google account	policies.google.com/privacy
Sign in with Apple	Optional sign-in method via your Apple ID	apple.com/legal/privacy

When you use Google Sign-In or Sign in with Apple, those services may share a name, email address, or unique identifier with us solely for authentication purposes. Apple's private email relay is supported — you may use a hidden email address if you prefer not to share your real one.

Beyond the services listed above, we do not integrate any third-party analytics, crash reporting, or advertising tools.

7. International Data Transfers

Gray Consulting & Management LLC is based in the United States. If you are located in the European Union, European Economic Area, or United Kingdom, your personal data (when cloud sync is enabled) is transferred to and processed in the United States via Firebase (Google).

For EEA and UK users, Google transfers personal data under the Standard Contractual Clauses (SCCs) approved by the European Commission, which provide appropriate safeguards for cross-border data transfers. You can review Google's data transfer mechanisms at firebase.google.com/support/privacy.

EU/EEA Representative: Pursuant to Article 27 GDPR, Gray Consulting & Management LLC has designated Natali Gray Misak Hall, residing in Lisbon, Portugal, as its EU/EEA representative. Data subject requests and privacy inquiries from EU/EEA residents may be directed to contact@grayconsultingmanagement.com and will be handled within the timeframes prescribed by applicable law.

8. Data Sharing

We do not sell, rent, or share your personal information with third parties, except:

With the service providers listed in §6, strictly to the extent necessary to operate the app.
If required by law, valid legal process, or to protect the rights and safety of users or others.
In connection with a business transfer, merger, or acquisition — in which case you will be notified in advance and your rights under this policy will be preserved.

9. Your Rights and Data Deletion

You have rights over the personal data we hold about you. To exercise any of these rights, contact us at contact@grayconsultingmanagement.com. We will respond within 30 days (or within any shorter period required by applicable law).

Right to access (Art. 15 GDPR) — request a copy of the personal data we hold about you.
Right to rectification (Art. 16 GDPR) — request correction of inaccurate or incomplete data.
Right to erasure / right to be forgotten (Art. 17 GDPR) — request deletion of your personal data where there is no overriding legal reason to retain it.
Right to restriction of processing (Art. 18 GDPR) — request that we limit how we use your data in certain circumstances.
Right to data portability (Art. 20 GDPR) — receive your data in a structured, machine-readable format or have it transferred to another controller where technically feasible.
Right to object (Art. 21 GDPR) — object to processing based on our legitimate interests; we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to withdraw consent — where any processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Rights related to automated decision-making (Art. 22 GDPR) — Polar Balance does not engage in any automated decision-making or profiling that produces legal or similarly significant effects. No action is required on your part.
Right to lodge a complaint — you have the right to lodge a complaint with your national or regional data protection supervisory authority at any time. EU residents can find their authority at edpb.europa.eu. UK residents may contact the ICO. We would, however, appreciate the opportunity to address your concerns before you contact a supervisory authority.

How to delete your data:

Local data — delete all on-device data at any time by uninstalling the app or using the in-app reset option.
Cloud data — if cloud sync is enabled, contact us to request permanent deletion of all associated server-side data.
Account deletion — removes your authentication record and all synced cloud data from our servers.

California residents also have rights under CCPA/CPRA, including the right to know, delete, and opt out of the sale of personal information (we do not sell personal information). Canadian residents have rights under PIPEDA. We will honor all valid requests in accordance with applicable law.

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law.

Account data (cloud sync users) — retained for as long as your account remains active. Permanently deleted within 30 days of an account deletion request.
App data synced to cloud — retained for as long as cloud sync is enabled and your account is active. Permanently deleted within 30 days of an account or data deletion request.
Support correspondence — emails and support-related communications are retained for up to 2 years for follow-up and record-keeping, then deleted.
Local-only data (guest mode) — stored exclusively on your device under your control. We have no visibility into or retention window over local-only data; it is deleted when you uninstall the app or reset app storage.

Where we are required to retain data by law (e.g., for tax or regulatory purposes), we will retain it only for the duration required and will restrict its use to that purpose.

11. Data Security

Local data is stored using your device's native secure storage. Cloud data, when sync is enabled, is protected by Firebase's encryption in transit (TLS) and at rest. You are responsible for maintaining the confidentiality of your account credentials. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

12. Children's Privacy

Polar Balance is intended for users aged 13 and older (under US law / COPPA). In the European Union and EEA, the minimum age for digital services consent is 16 years old (or lower where an EU member state has set a minimum of 13), unless parental consent is obtained. We do not knowingly collect personal data from children below the applicable minimum age in their jurisdiction. If you believe a child has provided us with personal data without appropriate consent, please contact us at contact@grayconsultingmanagement.com and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via an in-app notice or, where we have your email address, by email, at least 30 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.

For EU/EEA/UK users: where a change affects data processed on the basis of consent, we will seek fresh consent rather than relying on continued use of the app as acceptance.

14. Contact

For any questions or concerns about this Privacy Policy, or to exercise your data rights:
Email: contact@grayconsultingmanagement.com
Organization: Gray Consulting & Management LLC, United States

EU/EEA residents may also lodge a complaint with their national data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.