Privacy Policy
Effective Date: January 26, 2026
Last Updated: January 26, 2026
GDPR Compliance: This Privacy Policy complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Polish data protection laws.
1. Data Controller
The Data Controller responsible for your personal data is:
Paweł Szczabel
ul. Wygonowa 51/2A
45-402 Opole, Poland
VAT ID (NIP): PL9910361892
Email: pawelszczabel@gmail.com
2. About the Application
Jufo is a meditation tracking application that helps users build a consistent meditation practice with the goal of achieving 10,000 hours of meditation. The app tracks your meditation sessions and displays your progress on a global leaderboard.
3. Data We Collect
We collect and process the following personal data:
| Data Category | Specific Data | Purpose |
|---|---|---|
| Account Data | Email address | User authentication and account recovery |
| Profile Data | Username (nickname) | Public display on leaderboard |
| Usage Data | Meditation session duration, date, time, total statistics | Progress tracking and leaderboard ranking |
| Technical Data | Device type, OS version, app version | App functionality and troubleshooting |
| Location Data | Approximate location (time zone only) | Deliver meditation reminders at the correct local time |
📍 About Location Data: We only use your approximate location to determine your time zone for scheduling meditation reminders. We do NOT collect your precise GPS coordinates or track your movements.
🛡️ Data We DO NOT Collect:
- Precise GPS coordinates or movement tracking
- Contacts from your device
- Photos, videos, or audio recordings
- Health data beyond meditation duration
- Payment or financial information (the app is free)
- Advertising identifiers or tracking data
4. Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
- Contract Performance (Art. 6(1)(b)): Processing is necessary to provide the app's core functionality—tracking your meditation progress and displaying it on the leaderboard.
- Legitimate Interests (Art. 6(1)(f)): We process technical data to maintain app stability and improve user experience.
- Consent (Art. 6(1)(a)): Where required, we obtain your explicit consent before processing.
5. Data Storage and Security
Your data is stored securely using Google Firebase infrastructure:
- Firebase Authentication — for secure login management
- Cloud Firestore — for storing meditation data
Security measures include:
- Encryption in transit (TLS 1.2+)
- Encryption at rest (AES-256)
- Access controls and authentication requirements
- Regular security audits by Google
6. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States, where Google's servers are located.
These transfers are protected by:
- EU-US Data Privacy Framework
- Standard Contractual Clauses (SCCs)
- Google's compliance with GDPR requirements
7. Data Retention
We retain your personal data for as long as your account is active. After account deletion:
- All personal data is deleted within 30 days
- Anonymized aggregate statistics may be retained indefinitely
- Backup copies are automatically deleted within 90 days
8. Your Rights Under GDPR
As a data subject, you have the following rights:
| Right | Description |
|---|---|
| Access (Art. 15) | Request a copy of your personal data |
| Rectification (Art. 16) | Correct inaccurate or incomplete data |
| Erasure (Art. 17) | Request deletion of your data ("right to be forgotten") |
| Restriction (Art. 18) | Limit how we process your data |
| Portability (Art. 20) | Receive your data in a machine-readable format |
| Objection (Art. 21) | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw consent at any time (where applicable) |
To exercise any of these rights, contact us at: pawelszczabel@gmail.com
9. Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Poland, the relevant authority is:
Prezes Urzędu Ochrony Danych Osobowych (UODO)
ul. Stawki 2
00-193 Warszawa, Poland
Website: uodo.gov.pl
10. Third-Party Services
We use the following third-party services that may process your data:
11. Children's Privacy
Jufo is not intended for children under 13 years of age (or 16 in some EU countries). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification for significant changes
📧 Contact the Data Controller
For any privacy-related questions or to exercise your rights:
Paweł Szczabel
ul. Wygonowa 51/2A
45-402 Opole, Poland
VAT ID: PL9910361892