Grownal Grownal
|

Privacy Policy

Effective Date: February 9, 2026
Controller: Grownal s.r.o.

This document contains detailed information on personal data processing principles within the operation of the Grownal application – a digital platform for journaling, personal development, and reflection. All personal data handling is conducted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), the Personal Data Processing Act No. 110/2019 Coll., and standards required by Apple App Store and Google Play platforms.

1. Data Controller

The controller of your personal data is:
Grownal s.r.o.
ID No. (IČO): 23512059
Registered Office: Zbraslavská 12/11, Malá Chuchle, 159 00 Praha, Czech Republic
E-mail: support@grownal.com

The Controller places maximum emphasis on the security, transparency, and legality of data processing.

2. Data We Collect (Data Categories)

To ensure the Application functions correctly, we process the following categories of data:

  • Identifiers: Email address, User ID (randomly generated), Device ID.
  • User Content: Text of daily journal entries, dream records, notes, set goals, values, and visions in your Inner Map.
  • Usage Data: Information about your interaction with the application (e.g., time spent, completed habits), crash logs, and performance data.
  • Purchases: Purchase history and subscription status (Note: We do not store or process credit card numbers; these are handled exclusively by Apple/Google).

Special Notice Regarding Sensitive Data: Within the "Dream Diary" feature or free-text entries, you may enter information into the application that reveals your health status, political opinions, religious beliefs, or sexual orientation (so-called special categories of personal data under Art. 9 GDPR). By entering this data, you grant us explicit consent to process (store and encrypt) it for the purpose of providing the Service.

3. Purpose of Processing

We process your data for the following purposes:

  1. Service Provision: Enabling journaling, cloud data storage (synchronization), and subscription management.
  2. AI Analysis & Coaching: Providing feedback, finding patterns, and interpreting dreams using AI models.
  3. Application Improvement: Analyzing bugs and aggregated (anonymized) usage data to improve user experience.

Grownal is not a tool for the treatment or diagnosis of mental or physical health issues, and its use does not replace professional medical care.

4. Legal Basis for Processing

We process data based on the following legal grounds:

  • Performance of Contract (Art. 6(1)(b) GDPR): Necessary for the functioning of the application, account management, and data synchronization.
  • User Consent (Art. 6(1)(a) GDPR): For processing sensitive data in journals/dreams and for using AI features. Consent can be withdrawn at any time (e.g., by deleting data or the account).
  • Legitimate Interest (Art. 6(1)(f) GDPR): For ensuring network security, fraud prevention, and basic analytics.

5. Data Processing and Artificial Intelligence (AI)

The application uses third-party technologies for the AI Coach Lumo function and dream analysis.

  • AI Providers: OpenAI (GPT models) and Google (Gemini models).
  • How it works: The text of your entry is sent via a secure interface (API) to the AI provider solely for the purpose of generating a response.
  • Privacy Protection: We have configured the terms so that your data is NOT used to train the public AI models of these providers (Zero Data Retention policy for API). Data is not permanently stored by the AI provider.

6. Recipients and Sub-processors

We do not sell your data to anyone. However, to operate the application, we use verified partners (processors):

  • Google Cloud / Firebase (EU/USA): Database hosting and backend. Data is encrypted.
  • OpenAI (USA): Text processing for AI features.
  • RevenueCat (USA): Subscription management and purchase validation from the App Store.
  • Apple Inc.: Payment processing.

We have Data Processing Agreements (DPA) in place with all partners to ensure GDPR compliance.

7. Security

  • Encryption: Data is encrypted during transmission (SSL/TLS) and at rest in the database (Encryption-at-rest).
  • Access: Employees of Grownal s.r.o. do not have access to the content of your private journals unless you grant us explicit consent (e.g., when resolving a technical support issue).

8. Data Retention and Deletion

  • User Content: Retained for the duration of your account's existence.
  • Account Deletion: If you select the "Delete Account" option in the application, your data will be removed from our live database immediately and from backups within 30 days. This action is irreversible.
  • Inactive Accounts: Accounts with no activity for more than 24 months may be deleted.

9. Your Rights

Under the GDPR and other regulations (including CCPA for California users), you have the right to:

  • Request access to your data and receive a copy (Data Export).
  • Request correction or deletion of data (Right to be Forgotten).
  • Withdraw consent for processing.
  • Lodge a complaint with a supervisory authority (Office for Personal Data Protection, www.uoou.cz).

To exercise your rights, please contact us at: support@grownal.com.