Privacy Policy

Last updated: 31 May 2026

Sādhak is a spiritual practice tracker built for our community. This page explains what information the app collects, why, and what control you have over it. We've tried to write it plainly. If anything is unclear, email us at [email protected].

Who runs Sādhak

Sādhak is operated independently (not a registered business entity yet). You can reach the operator at [email protected] for any privacy question, data request, or concern.

What we collect

Information you give us when you sign up

• Email address — used to sign you in and to send you transactional email (confirm your address, reset your password). Required.
• Display name — used to personalise your own profile screen, and shown to other members in any shared activity view your account has access to (only when you've opted in). Required.
• First name, last name — used to personalise the app (e.g. "Good morning, Shruti") and the confirmation email. Required at signup.
• Date of birth, gender — required at signup. Used to confirm you meet our minimum age and to personalise references in the app. We don't share them with other users or with third parties.
• Profile photo — optional. Stored as a public image (any signed-in user can view it through the app). You can remove it any time from your profile.

Information the app generates as you use it

• Practices — the name, type, target, and schedule of each practice you choose to track.
• Daily logs — for each practice and each day, the count or duration you've recorded.
• Skip records — when you mark a day as skipped, with an optional reason you can type in.
• Library favorites — which library items you've favorited.
• Community activity (when applicable) — if your account has access to any shared community features and you opt in to one, we store which activity you've joined and your daily contribution toward it. Your display name and progress are visible to other members of the same activity. Not all accounts have access to these features; if yours doesn't, none of this applies.

Account access level

Every account has an internal access level that determines which features are available to you. The access level is something we set, not something you provide — but it's stored on your account so the app can show you the right features. You can ask us at any time what access level your account is on by emailing [email protected].

Information we don't collect

We want to be clear about what isn't happening:

• No analytics or telemetry SDKs. Sādhak does not include Google Analytics, Firebase Analytics, Sentry, Bugsnag, Mixpanel, PostHog, Amplitude, or anything similar.
• No advertising IDs. We don't track you for ads. There are no ads in the app.
• No phone numbers. We don't ask for or store phone numbers. The app uses email for all account-related communication.
• No location. The app does not request or collect your location, precise or otherwise.
• No microphone, camera, or contacts. The app only asks for access to your photo library, and only when you tap "change profile photo".
• No push notifications yet. A future version may add daily-reminder notifications; if and when it does, we'll update this policy.

How we use this information

We use the information above to:

• Sign you in and keep your session active.
• Show you your practices, logs, stats, and any shared community activities your account has access to.
• Show your display name and progress to other members of a shared community activity you've joined — only if that feature is available on your account and the Show in shared views toggle is on. The toggle is on by default and you can turn it off in your profile settings. If your account doesn't have access to shared activities, this never happens.
• Send you transactional email — currently just the email-confirmation message at signup and password-reset emails when you ask for one.

We do not sell your information. We do not share it for advertising. We do not use it to train AI models.

Where your information lives

Sādhak stores your data with the following providers. They process data on our behalf, under contract.

• Supabase (supabase.com) — hosts our database, authentication, and the storage bucket for profile photos. Your account, practices, logs, and skips all live in a Supabase Postgres database with row-level security so other users cannot read them.
• Resend (resend.com) — sends transactional email on our behalf (the confirmation message at signup, password-reset links). Email content includes your first name and the email address.
• Expo (expo.dev) — distributes the app and serves over-the-air updates of the app's JavaScript bundle. Expo does not receive your account data.

Your data is stored on servers operated by Supabase in the United States (us-east-1). If you sign up from elsewhere, you are consenting to that transfer.

How long we keep it

We keep your account data for as long as your account is active. If you delete your account (Settings → Delete account in the app), we remove your personal information, practices, logs, skips, and profile photo from our active systems immediately.

Some routine database backups may retain a copy for up to 30 days as part of normal disaster-recovery practice; those copies are not used for any other purpose.

Your rights and choices

You can do all of the following at any time:

• See what we have. Almost everything we store about you is visible inside the app — your profile, practices, logs, skipped days, and any community activity participation. If you'd like a machine-readable export, email [email protected] and we'll send you a JSON copy.
• Edit your profile. Profile fields can be changed from the Settings screen at any time.
• Hide yourself from shared activity views (if your account has access to these features). You'll see a Show in shared views toggle in Settings. Turn it off and your display name is replaced with a placeholder for other members in any shared view you appear in. If your account doesn't have access to these features, the toggle isn't shown and you don't appear in any shared view — nothing to configure.
• Delete your account. Settings → Delete account → type DELETE to confirm. This removes your personal information and practice data from our active systems. If you are an admin or have created shared community content that other members are participating in, the app will block you and ask you to email [email protected] first so we can transfer ownership cleanly.
• Reset your password. From the login screen, tap "Forgot password?".

If you're in a jurisdiction with statutory privacy rights (EU/UK/California/etc.), you also have the right to object to or restrict our processing, and to lodge a complaint with your local data-protection authority. Reach out and we'll help.

Security

We use industry-standard practices to protect your data: HTTPS for all network traffic, row-level security on every database table so users can only read their own rows, and one-way password hashing through Supabase Auth. We are a small operation, though — no system is perfectly secure. If you believe you've found a vulnerability, please email us at [email protected].

Age requirement

You must be at least 13 years old to create an account. The content of the app is appropriate for all ages, but we require users to be 13+ in line with common app-store policies and to keep the app out of scope for children's-privacy regulations (e.g. COPPA). If we learn that an account was created by someone under 13, we will delete it.

Changes to this policy

We'll update the date at the top of this page when we change anything material. For significant changes (e.g. a new third party, a new category of data) we'll also surface an in-app notice the next time you open the app.

Contact

Privacy questions, data export requests, deletion help, and bug reports all go to:

📧 [email protected]