Privacy Policy

1. Introduction

VESSEL (“we,” “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use our habit and ritual tracking app and related services (the “Service”).

2. Information We Collect

We collect information you provide and data generated by your use of the Service:

• Account data: email, password (hashed), and any profile details you add.
• Content you create: rituals, tasks, projects, gems, calendar entries, templates, and similar data you store in the app.
• Usage and device data: how you use the app (e.g. pages, actions), device type, browser, and general location (e.g. region) where relevant for security or service operation.
• Payment data: for VESSEL Pro, billing is processed by Stripe. We do not store full payment card numbers; we may store billing-related identifiers and subscription status.
• Integrations: if you connect Google Calendar, Spotify, or other services, we receive and use only the data necessary to provide those features. For Google Calendar, we request access to your calendar events solely to display your schedule and sync meetings into your workflow; we do not use this data for any other purpose or share it. Spotify integration records playback time. All integration data is used only within VESSEL.

3. How We Use Your Information

We use the information above to provide, maintain, and improve the Service; to authenticate you and manage your account; to process subscriptions; to support integrations you enable; to send important service or security notices; and to comply with law. We may use aggregated or anonymized data for analytics and product improvement. We do not sell your personal information.

4. Data Storage and Security

Your data is stored on infrastructure we use to run the Service (e.g. databases, hosting). We take reasonable technical and organizational measures to protect your data against unauthorized access, loss, or misuse. No system is completely secure; we encourage you to use a strong password and keep it confidential.

5. Sharing and Disclosure

We do not sell your personal data. We may share data with service providers that help us operate the Service (e.g. hosting, email, payment processing), subject to confidentiality and data-handling agreements. Where we show display ads, advertising partners may process data as described in the Advertising section below. We may disclose information if required by law, to protect our rights or safety, or with your consent.

6. Advertising

On some public pages (for example our marketing site and sign-in), we may show display advertisements served by Google AdSense or similar partners. Those partners may use cookies, pixels, or similar technologies to measure delivery and, where permitted, to personalize ads. You can read how Google uses data when you use our site in Google’s Partner Sites policy and Google’s Advertising policy. VESSEL Pro subscribers are not shown these display ad units in the app experience we control.

If you are in the European Economic Area, the United Kingdom, or other regions that require consent for personalized advertising, you may need a certified consent management platform (CMP) and Google Consent Mode configuration to comply with applicable rules. We do not yet operate an in-app consent banner for ads; consult your legal advisor if you serve users in those regions.

7. Your Rights and Choices

Depending on where you live, you may have rights to access, correct, delete, or port your data, or to object to or restrict certain processing. You can update account and profile information in the app. To request deletion or exercise other rights, contact us using the method provided in the app or on our website. You can withdraw integration permissions (e.g. Google Calendar) via the integration settings or your third-party account.

8. Retention

We retain your data for as long as your account is active or as needed to provide the Service and fulfill the purposes described in this policy. After account deletion, we may retain certain data for a limited period for legal, security, or operational reasons, after which it is deleted or anonymized.

9. Children

The Service is not directed at children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us so we can delete it.

10. International Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place where required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the “Last updated” date. Continued use of the Service after changes constitutes acceptance. For material changes, we may provide additional notice (e.g. in-app or by email).

12. Contact

For privacy-related questions or to exercise your rights, contact us at the support or contact method provided in the app or on our website.