Privacy Policy
Last updated: 2025-02-14
Your privacy is important to us. This Privacy Policy explains how Flo collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR).
Table of Contents
1. Data Controller
The data controller for your personal data is:
- Raphaël
- Flo - Student Project
- Contact: raphael@flo.app
2. Data We Collect
We collect the following categories of personal data:
Account Information
- Email address
- Username
- Password (hashed with Argon2)
- Profile picture (optional)
- Account creation date
Wellness Data
- Meditation sessions (duration, type, completion)
- Mood entries (rating, notes, time of day)
- Gratitude journal entries
- Goals and progress
- Breathing exercise sessions
Gamification Data
- Points and XP earned
- Achievements and badges
- Streak information
- Challenge participation
- Leaderboard rankings
Social Data
- Friend connections
- Shared posts and reactions
- Messages between users
Technical Data
- Browser type and version
- Device type
- Language preferences
- Theme preferences
3. How We Use Your Data
We use your personal data for the following purposes:
- To provide and maintain the Flo service
- To personalize your wellness experience
- To track your progress and provide insights
- To enable social features and connections
- To send important service notifications
- To improve our application and user experience
- To ensure the security of your account
4. Legal Basis for Processing
We process your personal data based on:
- Consent: When you create an account and agree to these terms
- Contract performance: To provide you with the services you requested
- Legitimate interest: To improve our services and ensure security
5. Data Retention
We retain your personal data for as long as your account is active. You can configure your data retention preferences in your profile settings.
- Customizable retention period for wellness data
- Automatic cleanup of old data based on your preferences
- Immediate deletion upon account removal
6. Your Rights
Under GDPR, you have the following rights:
- Right to access: Request a copy of your personal data
- Right to rectification: Correct inaccurate or incomplete data
- Right to erasure: Request deletion of your personal data
- Right to portability: Export your data in a machine-readable format
- Right to restriction: Limit how we process your data
- Right to object: Object to certain types of processing
To exercise your rights, visit your profile settings where you can export or delete your data, or contact us directly.
7. Data Security
We implement appropriate security measures to protect your data:
- Passwords are hashed using Argon2 algorithm
- All communications are encrypted with HTTPS/TLS
- JWT tokens for secure authentication
- Regular security updates and monitoring
- Secure hosting infrastructure
8. Data Transfers
Your data is stored on servers located in the European Union (Germany) provided by Hetzner Online GmbH. We do not transfer your data outside the EU.
10. Policy Updates
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a notice on our application or sending you an email.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at: