PRIMAL Privacy Policy

Version 2.6 · Last updated: 2026-06-17

This Privacy Policy explains how PRIMAL (“we,” “us,” or “our”) collects, uses, stores, and protects your information when you use our mobile applications, websites, and related services (together, the “Services”).

1. What data we collect

Depending on the features you use, we may collect the following:

Account & identity

  • Display name, email address, profile photo, Firebase user ID, and sign-in provider (Apple Sign-In, Google Sign-In, or email/password).
  • Email/password accounts require email verification. Verified email is required for social features (friends and messaging) per our server rules.

Habit & progress data

  • Habits you create (name, category, goals, reminders, schedule), daily habit logs, sealed daily rosters, daily scores (0–100), streaks, weekly/monthly averages, and achievement unlocks.
  • Up to 90 days of daily score history synced to your public profile.

Onboarding & body metrics

  • Quiz answers during setup (goals, sleep, training, sunlight, stress, nutrition ratings, schedule, wake time) and body metrics (age, height, weight, BMI, unit preference).
  • A profile bio you enter, stored in your private account data (Firebase) for sync across your devices. It is not shown on your public profile or shared with friends.
  • Gender selected in the body metrics editor, stored in your private account data (Firebase) with your other body metrics. It is not shown on your public profile or shared with friends.

Onboarding answers, body metrics, bio, and gender are stored in your private account record and are readable only by you—not by friends or other users.

Apple Health (optional, read-only)

  • If you connect Apple Health, PRIMAL may read (read-only; we do not write to HealthKit) step count, Apple Exercise Time, walking + running distance, and heart rate (heart rate display in app only). PRIMAL currently auto-syncs Steps habits only into habit logs when Apple Health sync and the Steps data-source toggle are enabled. A Training (Exercise Minutes) toggle is available in Settings but does not yet auto-fill habits. Walking/running distance is authorized for potential future use but is not currently written to habit logs. Manual habit logs always override HealthKit auto-fill.
  • We do not read height, weight, BMI, body fat, lean body mass, resting heart rate, active energy, mindful sessions, date of birth, or biological sex via HealthKit.

Social & messaging

  • Friend connections, friend requests (pending/accepted/declined), invite-link relationships (primal://invite?uid={FirebaseUID} — links contain the inviter’s user identifier), and your list of friend user IDs (used for friend suggestions).
  • Public profile fields: display name, photo, scores, streaks, achievements, up to ~90 days of score history, friend UID list, and (if enabled) last 7 days of habit names, subtitles, categories, icons, progress, completion status, and daily scores. Readable by you, confirmed friends, and users with a pending friend request (either direction) — not all signed-in users.
  • Chat messages (text up to 500 characters), preset “cheer” messages sent as normal chat messages (e.g. “👍 Great job today!”), conversation metadata (participants, last message, read/unread state, typing indicators via typingByUser, per-user conversation hide timestamps). Messaging is strictly between users; PRIMAL does not send message content to generative AI services.
  • Block list: blocked user ID, display name, optional photo URL, block timestamp (stored per blocker; one-directional). You may block another user from their profile, Messages, or your friends list. Effects: the blocked user cannot send you messages or friend requests; pending friend requests between you are removed; if you were friends, the friendship is removed; the conversation is removed from your inbox. The blocked user is not notified. Either party blocking the other prevents messaging and friend requests in both directions. You can unblock users anytime from Settings → Blocked Users.
  • User reports: reporter UID, reported UID, reported display name, reason, context (profile | message | friendRequest), optional context note (≤50 chars), timestamp (create-only; not readable in app).
  • Push delivery: FCM device tokens and platform stored per device when you enable notifications and grant iOS permission; notification preference messagesEnabled synced to your account.

Device & local app data

  • Notification preferences, leaderboard display preferences, habit-sharing toggle, dismissed friend suggestions, paywall presentation timestamps, last app-open time (for re-engagement reminders), and in-app notification inbox entries (achievements, delivered reminders, friend events, stored locally, pruned after 7 days, max 150 items).
  • First-run app walkthrough completion flags (stored locally in UserDefaults only; not synced to servers).
  • Stable device identifier for FCM registration (stored locally).
  • Popup/walkthrough completion IDs (local only).
  • Anti-abuse counters stored server-side for quota enforcement (e.g. daily messages sent, habit logs, friend requests).
  • Habit data in on-device storage (SwiftData) for offline use and sync.
  • Camera and Photo Library access when you choose to add or change a profile photo (uploaded to Firebase Storage or stored as an inline fallback).

Purchases

  • Subscription entitlement status via Apple StoreKit (monthly or annual PRIMAL Pro). We do not receive your payment card details.

Support

2. How we use your data

We use your data to:

  • Power the core PRIMAL experience, including tracking, scoring, and streaks.
  • Sync your account and data across your devices.
  • Calculate your daily score based on the habits and inputs you log.
  • Publish your public profile (scores, streaks, achievements, name, photo) so friends and users with pending friend requests can view profile and leaderboard information.
  • Share your last 7 days of habit summaries with friends when “Share daily habits with friends” is enabled (default on).
  • Operate friend invites, friend requests, accept/decline flows, unfriending, friend suggestions (friends-of-friends), one-on-one messaging, friend leaderboards, and preset “cheer” messages.
  • Filter outbound chat messages with a client-side blocklist before sending.
  • Operate user blocking and unblock flows; enforce blocks on messaging and friend requests.
  • Receive and review in-app user reports for safety and moderation.
  • Deliver local notifications you enable (habit reminders, evening check-ins, weekly recap, streak-at-risk nudges, re-engagement, friend request/acceptance alerts) and mirror some to your in-app notification inbox.
  • Deliver remote push notifications for new messages via FCM when notifications are enabled and iOS permission is granted.
  • Register and refresh FCM device tokens; remove stale tokens.
  • Honor social preferences: hide the home friends leaderboard card, turn off habit sharing with friends, remove friends, hide conversations on your side, and manage notification categories in Settings.
  • Enforce plan limits (habits, friends, daily messages) for Free vs Pro tiers.
  • Provide Progress Insights analytics charts (PRIMAL Pro unlocks full charts; free users see blurred/limited insight charts).
  • Let you export habit log history as CSV from in-app Settings (data portability).
  • Restrict certain features (messaging, purchases, profile photo upload, friend invites) on modified/jailbroken devices for security.
  • Improve reliability, fix bugs, prevent abuse, and respond to support requests.
  • Process subscriptions and comply with legal obligations.

3. Third-party services

We use trusted third-party services to operate PRIMAL. Each provider processes data under its own privacy policy and only as needed to deliver the features you use:

  • Firebase (Google): authentication, Cloud Firestore database, Firebase Storage (profile photos), and security rules. Stores account, habit, social, and messaging data as described in this policy.
  • Apple Sign-In: optional account sign-in.
  • Google Sign-In: optional account sign-in.
  • Firebase Cloud Messaging (FCM): delivers remote push notifications for new messages to devices that opted in.
  • Firebase Cloud Functions: server-side trigger sends message push when a new chat message is created; respects block lists and message-notification preferences.
  • Apple HealthKit: optional read-only health data you authorize (step count, exercise time, distance; heart rate on-device only). PRIMAL currently auto-syncs Steps habits only into habit logs when Apple Health sync is enabled — see §9.
  • Apple App Store / StoreKit: subscription billing, free-trial eligibility, purchase history, and refunds (handled by Apple).
  • TrustKit: TLS certificate pinning for secure connections to Google/Firebase services. Does not collect personal data.

We do not currently use RevenueCat, Firebase Analytics, Firebase Crashlytics, advertising networks, or cross-app tracking SDKs in the PRIMAL mobile app.

We are not responsible for the privacy practices of third-party services. We encourage you to review their policies directly.

4. Data storage and international transfers

Your data is stored using Google Firebase infrastructure and may be processed in the United States or other countries where our service providers operate. We use appropriate safeguards to protect personal data. If your data is transferred outside your country, we use additional safeguards where required by law, such as standard contractual clauses or equivalent protections.

5. Security measures

We use industry-standard safeguards to protect your information, including encryption in transit (HTTPS), authentication protections through Apple Sign-In and Google Sign-In, Firebase security rules, and access controls limited to people and systems that need access to operate the Services. No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

6. Data retention

We keep personal data only as long as needed for the purposes described in this policy, unless a longer period is required by law. Typical retention periods include:

  • Account information: kept while your account is active and deleted or anonymized after account deletion, subject to backup and legal exceptions below.
  • Habit data, logs, scores, streaks, and achievements: kept while your account is active to provide tracking and history features.
  • Friend data: kept while a friendship exists and removed when you or the other user removes the connection or deletes an account.
  • Messages: kept while your account is active so both participants can view conversation history. When you hide a conversation, it is hidden only for you (soft delete). When you delete your account, messages you sent are permanently removed from our servers. The other participant may retain their copy of the thread and messages they sent until they delete their account.
  • Notification preferences: stored while your account is active to honor the notification and social settings you choose in the app or on your device.
  • Public score history: up to 90 days of daily scores in your public profile.
  • Friend-visible habit history: up to 7 days when habit sharing is enabled.
  • Hidden conversations: if you hide a chat, it stays hidden on your device until new messages arrive; the other participant retains their copy until one of you deletes their account.
  • In-app notification inbox: stored locally on your device, auto-pruned after 7 days (max 150 items).
  • On-device HealthKit cache: retained locally until you revoke Health access or delete the app.
  • Purchase and subscription data: retained as needed to manage subscriptions, resolve billing issues, and meet tax, accounting, or legal requirements.
  • Block list: kept while your account is active; deleted when you unblock or delete your account.
  • User reports: retained for moderation, safety review, and legal compliance; not accessible to users in the app after submission.
  • FCM device tokens: kept while signed in and push is enabled; deleted on sign-out, account deletion, or when tokens become invalid.
  • Support communications: retained as long as needed to respond to your request and maintain a reasonable support history.

When you delete your account, associated personal data is permanently removed from our active systems. Limited encrypted backup copies may remain temporarily for disaster recovery and legal obligations, but are not accessible in the app and are deleted on backup rotation.

7. Who can see your data

You (account owner) can see all of your habits, logs, settings, onboarding quiz answers, body metrics, and messages.

Friends (confirmed connections) can see:

  • Your display name, profile photo, daily/weekly/monthly scores, current streak, achievements, and leaderboard ranking.
  • Up to ~90 days of your daily score history on your public profile.
  • If “Share daily habits with friends” is enabled (default on): your last 7 days of habit names, subtitles, categories, icons, progress, completion status, and daily score per day.
  • They cannot see your onboarding quiz answers or body metrics (goals, sleep ratings, age, height, weight, BMI), raw habit log values beyond shared windows, HealthKit data, email address, password, or full historical logs beyond the shared windows above.

Users with a pending friend request (either direction, not yet accepted) can read your limited publicProfiles document — display name, photo, scores, streaks, achievements, score history, friend UID list, and habit-sharing status — to support friend requests and suggestions. They cannot read your private habit subcollections or messages unless they are a conversation participant.

Messaging participants can see messages in shared one-on-one conversations. Messages are not visible to non-participants.

Profile photos stored in Firebase Storage can be read by you and your confirmed friends only (for display in the app).

Controls available to you: You can block and unblock users; manage Blocked Users in Settings; remove/unfriend users; turn off “Show Habits to Friends” in Settings (default on); hide the Friends Leaderboard card on Home (Settings → General); hide conversations on your side; and report users in-app (reports are sent to PRIMAL for review). You may also email theprimalapp@gmail.com. Unfriending stops friend visibility but does not block invite links unless you block the user.

Block list visibility: Only you (the blocker) can read your block list. Blocked users can detect they are blocked indirectly (e.g., cannot message or send requests) but are not shown a block notification.

Our team: limited access only when needed for support, security, abuse prevention, or legal compliance.

8. Messaging privacy

Messages are one-on-one, visible only to the two participants, and stored in Firebase so you can send, receive, and view history. Outbound messages are checked on your device against a blocklist of prohibited terms before sending; blocked messages are not delivered. We do not currently operate server-side message monitoring. Message text cannot be edited after sending. Daily send limits apply (50/day Free, 500/day Pro). Typing indicators (typingByUser) and read/unread state are stored in Firebase. Sending a “cheer” posts a preset message as a normal chat message from you. Chat is peer-to-peer only — PRIMAL does not use generative AI or chatbots to read or respond to messages. You can hide a conversation on your side (soft delete); the other participant retains their copy. Account deletion permanently removes messages you sent; the other participant may keep their copy until they delete their account. Message push notifications may include sender display name and message text preview (up to 500 characters) on the recipient’s device; push is not sent if either party has blocked the other or if message notifications are disabled.

9. Apple HealthKit

If you connect Apple Health, PRIMAL may read (read-only; no writes to HealthKit) the data types you authorize: step count, Apple Exercise Time, walking + running distance, and heart rate (display in app only). We do not read height, weight, BMI, body fat, lean body mass, resting heart rate, active energy, mindful sessions, date of birth, or biological sex via HealthKit. HealthKit data is:

  • never sold;
  • never used for advertising;
  • never used for marketing;
  • never used for data mining;
  • only used to provide user-requested features inside the app.

When Apple Health sync is enabled, PRIMAL currently auto-syncs Steps habits only into Firebase habitLogs as numeric habit progress — not as raw HealthKit samples. A Training (Exercise Minutes) toggle is available but does not yet auto-fill habits. Walking/running distance is authorized for potential future use but is not currently written to habit logs. Heart rate is shown on-device only and is not uploaded to Firebase or shared with friends. Manual habit logs override HealthKit auto-fill. You control sync with a master Apple Health toggle plus per-category toggles (Steps, Training).

You can revoke HealthKit access at any time through Apple Health settings on your device.

10. Notifications

Local notifications (scheduled on device):

  • Morning habit reminders (based on your wake time)
  • Evening “habits left today” reminders
  • Weekly recap (Sundays)
  • Streak-at-risk nudges
  • Per-habit scheduled reminders you configure
  • Re-engagement after ~48 hours of inactivity
  • Friend request received / friend request accepted

Remote push notifications (FCM, server-triggered): New message alerts when you have notifications enabled in PRIMAL Settings, iOS notification permission granted, and a registered device token. Push includes sender display name and message preview. Rich notifications may show the sender’s profile photo. Disabling notifications in PRIMAL Settings stops remote message push registration and syncs your preference to our servers. Disabling notifications in iOS Settings also prevents delivery.

Some delivered notifications are mirrored to your in-app notification inbox (local storage, pruned after 7 days, max 150 items). You can disable categories in PRIMAL Settings or turn off all notifications in iOS Settings. Disabling notifications does not delete your account or habit data.

11. Profiling and automated processing

PRIMAL automatically calculates scores, streaks, and leaderboard rankings based on the habits and activity you log. These are automated system outputs used to provide app functionality. They do not produce legal, financial, employment, insurance, housing, or similarly significant effects.

12. Analytics and diagnostics

Mobile app: PRIMAL does not currently collect third-party analytics, crash reports, or advertising data in the iOS app. We do not use App Tracking Transparency or cross-app tracking. Insights and progress analytics are computed on your device and are not transmitted to our servers.

Website: Our marketing site uses Vercel Analytics and Vercel Speed Insights only after you accept non-essential cookies in our banner, as described on our Cookies page. Declining cookies means no analytics scripts load.

PRIMAL does not show ads or run an advertising system in the app.

13. Subscriptions (PRIMAL Pro)

PRIMAL Pro is an auto-renewing subscription billed through Apple (monthly or annual). The annual plan may include a 7-day free trial where offered by Apple. Pro unlocks higher limits: up to 50 active habits, up to 50 friends, and up to 500 messages per day (vs 10 habits, 20 friends, and 50 messages on Free), plus full Progress Insights analytics charts (free users see blurred/limited insight charts).

Payment, renewal, cancellation, and refunds are handled by Apple under Apple’s terms. To cancel, go to Settings → Apple ID → Subscriptions on your iPhone. Deleting the app does not cancel billing. Restore purchases is available in the app paywall.

14. Account deletion process

You can delete your account in the app. When deletion is confirmed, we permanently remove your associated data from our active Firebase systems, including your profile, habits, logs, messages, friends, scores, streaks, achievements, and related account data. Deletion takes effect when you confirm it in the app.

Account deletion removes: your Firebase Auth account, Firestore user document and habit/log subcollections, public profile, friend graph entries, friend requests, messages you sent, your block list entries, FCM device tokens and notification preference documents, and your profile photo from Firebase Storage. The other participant in a conversation may retain their copy of the thread and messages they sent until they delete their account. Reports you submitted may be retained for moderation and legal purposes even after account deletion (minimal retention where required by law). Hiding a conversation is a per-user soft delete only. Local on-device data is also cleared. Sign-out alone does not delete cloud data.

Some limited data may remain in secure backups temporarily for disaster recovery and legal obligations, but it is not accessible in the app and is deleted on backup rotation. We may retain minimal records where required by law, such as billing or fraud-prevention records handled by Apple or required tax and accounting data. You may also contact us at theprimalapp@gmail.com if you need help deleting your account.

15. Viewing legal pages in the app

Privacy Policy and Terms links inside the PRIMAL app open theprimalapp.com in an in-app browser (Safari). That site may set cookies as described in our Cookies policy.

16. Children

PRIMAL is not intended for users under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us data, contact us and we will delete it.

17. Your privacy rights (GDPR / EEA / UK)

If you are in the European Economic Area, UK, or Switzerland, you may have the right to:

  • access your personal data;
  • rectify inaccurate data;
  • erase your data;
  • restrict processing in certain circumstances;
  • receive a portable copy of your data;
  • object to certain processing; and
  • withdraw consent where processing is based on consent.

You can manage much of your information in the app, including CSV export of habit log history and account deletion in Settings. Contact us at theprimalapp@gmail.com to exercise these rights. We will respond within a reasonable time and as required by applicable law. You may also lodge a complaint with your local data protection authority.

18. California privacy rights

If you are a California resident, you may have the right to:

  • know what personal information we collect, use, and disclose;
  • access specific pieces of personal information we hold about you;
  • correct inaccurate personal information;
  • delete personal information, subject to legal exceptions;
  • opt out of certain sharing for cross-context behavioral advertising, where applicable; and
  • not be discriminated against for exercising these privacy rights.

We do not sell personal information, including HealthKit data, and PRIMAL does not run an advertising system in the app. You can export habit log history as CSV and delete your account in Settings. To exercise these rights, contact us at theprimalapp@gmail.com. We will verify your request as required by law and respond within the timeframes required by applicable California law.

19. Changes

We may update this Privacy Policy from time to time. We will post the updated version here and change the “Last updated” date. Material changes may also be communicated in-app or by other reasonable notice.

20. Contact

Privacy questions: theprimalapp@gmail.com

Contact

Join 240+ people already on PRIMAL.

Ready to be PRIMAL?

Free to start. Set up your habits in minutes and log your first day.