iamconsistent.
Back to home

Privacy Policy

Last updated: January 2026

Privacy Policy

Last updated: January 2026

iamconsistent.io ("Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard information when you use our habit tracking application.

1. Who We Are (Data Controller)

  • The Service is provided by Exsudo AB (VAT No. 556778142101)
  • Exsudo AB is the data controller for personal data processed under this Privacy Policy
  • Address: Laggarebo 2, 57892 Aneby, Sweden
  • Contact: hello@iamconsistent.io

2. Information We Collect

A) Account Information

  • Email address (provided via Clerk authentication)
  • Account creation date
  • Authentication-related data managed by Clerk (e.g., identifiers needed to sign you in)

B) Habit Data (User Content)

  • Habit names and descriptions you create
  • Habit completion entries and dates
  • Optional notes you add to entries
  • Streak and progress statistics derived from your habit activity

C) Payment Information

  • Payment processing is handled by Stripe
  • We do not store credit card numbers or full payment details
  • We receive confirmation of payment status (and related records needed for accounting/receipts)

D) Technical and Usage Data

  • Browser type and version
  • Device information (high-level)
  • IP address (primarily for security and abuse prevention)
  • Basic usage patterns and feature interactions (to operate and improve the Service)

Cookies

  • We do not use cookies at this time
  • If we introduce cookies or similar tracking technologies later, we will update this Privacy Policy and, where required, provide appropriate choices

3. How We Use Your Information

  • Provide and operate the habit tracking service (including syncing, saving, and displaying your habits)
  • Calculate streaks, statistics, and progress
  • Authenticate you and secure accounts
  • Process payments and manage access to paid features (if applicable)
  • Send essential service communications (e.g., important account or service notices)
  • Improve reliability, performance, and user experience
  • Prevent fraud, abuse, and ensure security

4. Legal Bases for Processing (GDPR/EEA)

If you are in the EEA/UK, we rely on the following legal bases under GDPR. Where we rely on legitimate interests, you can object (see “Your Rights” below).

PurposeExample DataLegal Basis
Provide the Service and core featuresAccount info, habit dataContract (performance of a contract)
Authentication and account securityAccount info, technical dataLegitimate interests (keeping the Service secure) and/or Contract
Payments and access managementPayment status, account infoContract and/or Legal obligation (accounting/tax recordkeeping where required)
Essential service communicationsEmail addressContract and/or Legitimate interests (service operation)
Fraud prevention, abuse detection, security monitoringIP address, technical dataLegitimate interests (protecting users and the Service)
Product improvement and debuggingUsage patterns, technical dataLegitimate interests (improving reliability and UX)

5. How We Share Information

  • We do not sell your personal data
  • We share information only as needed to operate the Service, including with service providers that act as data processors on our behalf, such as Clerk (authentication), Stripe (payments), and Cloudflare (hosting and database)
  • We may also share information if required to comply with law, enforce our terms, or protect rights and safety

6. International Data Transfers

  • Some service providers may process data outside the EU/EEA
  • Where required, we use appropriate safeguards for international transfers (such as Standard Contractual Clauses) and other lawful transfer mechanisms

7. Data Storage and Security

  • Your data is stored on Cloudflare’s infrastructure, including a D1 database
  • Data is encrypted in transit using HTTPS
  • Authentication is handled by Clerk and payment processing by Stripe
  • We use reasonable, industry-standard security measures designed to protect your data
  • No method of transmission or storage is 100% secure, but we work to reduce risk and improve safeguards over time

8. Data Retention

  • Habit data is retained for as long as your account is active
  • Cloudflare logs are retained for the lifetime of the hosting account (primarily for security, reliability, and troubleshooting)
  • When you delete your account, we delete or anonymize your personal data within 30 days, except where we must retain certain information for legal, tax, accounting, or security purposes
  • Deleted data may persist in backups for a limited period before being fully overwritten/removed as part of normal backup cycling

9. Your Rights

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data (data portability, where applicable)
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interests
  • Lodge a complaint with your supervisory authority
  • To exercise these rights, contact: hello@iamconsistent.io (we may need to verify your identity)
  • If you are in Sweden, you can lodge a complaint with IMY (Integritetsskyddsmyndigheten); if you are elsewhere in the EEA/UK, you can contact your local authority

10. Changes to This Policy

  • We may update this Privacy Policy from time to time
  • We will post the updated version on this page and update the “Last updated” date
  • If changes are material, we will take reasonable steps to notify you

11. Contact

  • For privacy-related questions or requests, contact: hello@iamconsistent.io