Privacy Policy — Growbit

        The short version: Growbit collects only what's needed to run the service. We don't sell your data, share it with advertisers, or use it for anything other than making the app work for you.
      

1. Who We Are

Growbit is a habit-tracking web application operated by Ofer.L Tech Solutions. When this policy says "Growbit," "we," "us," or "our," it refers to Ofer.L Tech Solutions and the Growbit service available at growbit.oferltechsolutions.com.

If you have any questions about this policy, you can contact us at contact@oferltechsolutions.com.

2. What Information We Collect

We collect only the information necessary to provide and improve the Growbit service:

Account information: Your email address, used to create and manage your account.
Habit data: The habits you create, your daily check-ins, streaks, and any notes you add. This is the core content of your account.
Push notification tokens: If you enable push notifications, we store a device token (provided by your browser) to send you reminders. This token is specific to your browser/device and does not on its own identify you personally.
Technical & device data: When you use Growbit, our servers and Supabase's infrastructure automatically record your IP address, browser type, and device type as part of normal web operation. Under Israel's Protection of Privacy Law (Amendment 13, 2025), IP addresses are considered personal data and are treated as such. This data is used solely for security, abuse prevention, and service reliability.
Usage data: Basic, anonymized information about how you interact with app features (e.g., which sections you visit) to help us improve the service. This does not include the content of your habits or personal identifiers beyond what is noted above.

We do not collect payment information, precise physical location, biometric data, or health data.

3. Legal Basis for Processing

We process your personal data under the following legal bases, as required by Israel's Protection of Privacy Law (Amendment 13) and, where applicable, the EU General Data Protection Regulation (GDPR):

Contract performance: Processing your email address, habit data, and technical data is necessary to provide the Growbit service you signed up for.
Consent: Push notification tokens and weekly summary emails are processed only when you explicitly opt in via your account settings. You may withdraw this consent at any time.
Legitimate interest: We process technical/device data (including IP addresses) to maintain security, prevent abuse, and ensure service reliability. This processing is necessary and proportionate to those interests.

4. How We Use Your Information

We use the information we collect solely to:

Operate and maintain your Growbit account (contract performance)
Display your habits and progress to you (contract performance)
Send push notification reminders you have explicitly opted into (consent)
Send weekly summary emails if you have enabled them (consent)
Respond to your support requests (legitimate interest)
Detect and prevent abuse or unauthorized access (legitimate interest)
Improve the app based on aggregate, anonymized usage patterns (legitimate interest)

We will never use your data for advertising or profiling, and we will never sell it to any third party.

5. Third-Party Processors

To operate Growbit, we engage the following sub-processors. Each acts under a data processing agreement and handles your data solely on our behalf:

Supabase, Inc. (United States) — Database and authentication provider. Your account data and habit records are stored on Supabase's infrastructure, which runs on Amazon Web Services (AWS). Supabase acts as a data processor. Supabase Privacy Policy · Supabase DPA
Resend, Inc. (United States) — Transactional email delivery (weekly summaries). Resend processes your email address solely to send emails on our behalf. Resend Privacy Policy

We do not use Google Analytics, Facebook Pixel, or any advertising-related tracking services.

6. International Data Transfers

Both Supabase and Resend are headquartered in the United States, which means your personal data is transferred to and processed in the United States when you use Growbit.

To ensure your data remains protected during these transfers, we rely on the following safeguards:

Supabase: Supabase provides a Data Processing Addendum (DPA) incorporating Standard Contractual Clauses (SCCs) approved under applicable data protection law, which legally obligates Supabase to protect your data to a standard equivalent to Israeli and EU law.
Resend: Resend processes data under contractual data protection obligations and applicable US privacy law.

If you are an EU or EEA resident, these Standard Contractual Clauses constitute an appropriate safeguard for the transfer of your personal data under GDPR Article 46.

7. Data Storage and Security

Your data is stored on Supabase's cloud infrastructure (AWS). We implement the following specific security measures:

Encryption in transit: All data transmitted between your browser and our service is encrypted using TLS (HTTPS).
Encryption at rest: Data stored on Supabase's infrastructure is encrypted at rest by default.
Access controls: We apply Row Level Security (RLS) policies at the database level, ensuring each user can only access their own data. No other Growbit user can view your habits or account information.
Minimal access: Only the operator of Ofer.L Tech Solutions has administrative access to the database, and this access is protected by strong authentication.

While we take these steps to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and encourage you to use a strong, unique password for your account.

8. Data Retention

We retain your personal data for as long as your account is active. Specifically:

Account and habit data: Retained while your account is active, and deleted within 30 days of an account deletion request.
Technical/server logs (IP address, device type): Retained for up to 90 days for security and troubleshooting purposes, then deleted or anonymized.
Push notification tokens: Retained until you disable push notifications or delete your account.

We do not retain personal data longer than necessary for the purpose for which it was collected. If you request deletion of your account, we will delete your personal information and habit data within 30 days, except where we are required by law to retain it.

9. Your Rights

Under Israel's Protection of Privacy Law (Amendment 13) and, where applicable, the GDPR, you have the following rights:

Access: Request a copy of all personal data we hold about you.
Correction: Ask us to correct inaccurate or incomplete data.
Deletion ("right to be forgotten"): Request that we delete your account and all associated personal data.
Portability: Request your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interest, including any direct communications.
Withdraw consent: Disable push notifications or weekly emails at any time from your account settings, without affecting your ability to use the core service.
Lodge a complaint: If you are an Israeli resident, you may file a complaint with the Israeli Privacy Protection Authority (PPA) at gov.il/ppa. If you are an EU/EEA resident, you may complain to your local data protection authority.

To exercise any of these rights, email us at contact@oferltechsolutions.com. We will respond within 30 days of receiving your request.

10. Cookies and Local Storage

Growbit uses a minimal set of cookies and browser storage technologies:

Authentication cookie (session): Set by Supabase to keep you securely logged in. This cookie is strictly necessary for the service to function and is deleted when you sign out or when the session expires.
localStorage — user preferences: We store your UI preferences (e.g., dark/light mode) in your browser's localStorage. This data never leaves your device and is not transmitted to our servers.

We do not use advertising cookies, cross-site tracking cookies, or any third-party analytics cookies. Because we use only strictly necessary cookies, we do not display a cookie consent banner — however, you can clear all cookies and localStorage data at any time through your browser settings.

11. Children's Privacy

Growbit is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or applicable law. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes that affect how we process your data, we will provide at least 14 days' notice by email before the changes take effect. Changes that require fresh consent (e.g., new purposes for processing) will be presented to you with an explicit opt-in — we will not rely on implied consent from continued use for such changes.

For minor changes (such as clarifications or corrections that do not affect your rights), the updated policy becomes effective upon publication.

13. Contact Us

If you have questions or concerns about this Privacy Policy, your personal data, or your rights, please contact us:

Email: contact@oferltechsolutions.com
Website: oferltechsolutions.com