We wrote this privacy policy to be read by a real person, not a lawyer. Our goal is simple: tell you exactly what we collect, why we collect it, and what you can do about it.
Stelo App ("Stelo", "we", "us") is based in Dubai, UAE. By using the Stelo app, you agree to the practices described here.
1. What we collect
What you give us
- Account info: A display name, your 4-digit friend code (we generate this for you), and an optional email address. Email is only needed if you want password recovery | you can use Stelo without one.
- Habit and task data: The habits you create, your daily check-ins, todo items, Pomodoro session logs, and any custom labels or notes you add.
- Profile preferences: Your chosen avatar, colour theme, language, and other settings you configure.
- Payment info: If you subscribe to Stelo+, billing is handled entirely by RevenueCat and Stripe. We receive only your subscription status and renewal date | never your full card number or billing address.
What we collect automatically
- Usage patterns: Which features you use and how often, so we know what to improve. We keep this at the aggregate level | we don't watch individual sessions.
- Device info: Operating system version, device type, and your locale/language. Needed so the app works correctly on your platform.
- Crash logs: If the app crashes, we receive an error log to help us fix the bug. These logs contain technical stack traces | not your habit data.
What we never collect
- Your real name, phone number, or physical address (unless you choose to add them).
- Your location, camera, microphone, or contacts.
- Data from other apps or websites. We have no advertising SDK and don't track you across the internet.
2. How we use your data
We use your data to run the app | nothing more exotic than that:
- Sync your habits, tasks, and progress across your devices.
- Calculate your streaks, XP, and level-based unlocks.
- Process and manage your Stelo+ subscription via RevenueCat and Stripe.
- Power social features like friend streaks and leaderboards | only with users you have explicitly added.
- Send you transactional emails (password resets, billing receipts) if you have provided an email address.
- Diagnose crashes and bugs so we can fix them.
We do not use your data to train AI models, build advertising profiles, or sell to third parties. Our business model is simple: we make money when you find Stelo+ valuable. That's it.
3. Where your data lives
Your data is stored on servers operated by Supabase | a infrastructure provider that runs on AWS with data centres in the EU. Supabase is SOC 2 Type II certified. Data is encrypted in transit (TLS 1.3) and encrypted at rest.
We apply Row Level Security so that each user can only ever see their own data in our database. Payment data lives exclusively with Stripe and RevenueCat | we never touch raw card numbers.
4. Who we share data with
We do not sell your data. The only parties who see your data are:
- Supabase | database hosting (EU servers).
- RevenueCat & Stripe | subscription and payment processing.
- Vercel | web app hosting.
- Your friends on Stelo | if you use social features, your username, streak length, and level are visible to friends you have added. You control this in Settings.
- Law and safety | if required by a valid court order or to protect the safety of our users, we may disclose information to the appropriate authorities.
5. Your rights
You have the following rights over your personal data, regardless of where you live:
- Access: Ask us for a copy of the personal data we hold about you.
- Correction: Ask us to correct inaccurate information.
- Deletion: Delete your account at any time in Settings > Delete account. We'll remove your data from our servers within 30 days.
- Portability: Request your habit and task data in a machine-readable format.
- Objection: Object to certain types of processing.
- Withdrawal of consent: If you gave consent for something specific, you can withdraw it at any time.
To exercise any of these rights, email support@steloapp.io. We respond within 30 days.
6. Data retention
We keep your data for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Anonymised, aggregated data (like total global check-ins per day) may be kept indefinitely because it cannot identify you.
7. Cookies and local storage
See our Cookie Policy for a full explanation. The short version: we use essential session storage only. No tracking cookies, no ad networks.
8. Children
Stelo is not designed for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has created an account, contact us at support@steloapp.io and we will delete it promptly.
9. Changes to this policy
If we make material changes to this policy, we will notify you via an in-app notice at least 14 days before the changes take effect, or by email if you have provided one. The "Last updated" date at the top reflects the most recent revision.
10. Contact
Privacy questions, data requests, or anything else:
Email: support@steloapp.io
Company: Stelo App, Dubai, United Arab Emirates