Privacy Policy

Controller

The data controller for reckon is Ali Dahud, 7100 Szekszard, Rakoczi utca 67, Hungary.

Email: alidahud@gmail.com

Data We Collect

We collect the data needed to provide the app:

• Email address, if you sign in by email or Google.
• Google account identifier, if you choose Google sign-in.
• Your identity statement, if you write one during onboarding.
• Urge check-ins, including feeling text, place, next action, outcome, and time.
• Nightly reflections, including your answers and direction choice.
• Authentication session records, including hashed refresh tokens and user agent.
• Short-lived verification code records for email sign-in.
• Billing identifiers, local free access dates, subscription status, tax IDs if provided, and payment status from Stripe.

Urge and reflection entries may contain sensitive personal data, depending on what you write. Do not include personal data about other people unless you have a clear reason and permission.

Why We Use Data

Sensitive Check-ins

reckon is designed for private self-reflection around urges and porn quitting. The app does not require you to write explicit details. If you choose to write sensitive information, you explicitly consent to reckon processing the check-ins and reflections you save only so the app can save them, show them back to you, and generate your private pattern view.

You can withdraw that consent by asking us to delete your account and entries. Withdrawal does not affect processing that already happened before the request.

Cookies And Local Storage

reckon uses essential first-party cookies. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

• reckon_access: keeps you signed in for short requests. It lasts about 15 minutes.
• reckon_refresh: renews your session. It can last up to 30 days.
• reckon_google_state and reckon_google_nonce: protect Google sign-in. They last about 10 minutes.

These cookies are necessary for authentication and security. When Google sign-in redirects away from the app, reckon may temporarily store your draft identity statement in your browser session storage so it can be restored after login.

Sharing

We do not sell personal data. We do not share personal data for cross-context behavioral advertising. We do not use your entries for ads.

The server is hosted in Germany by netcup GmbH, Karlsruhe. We may also share data with service providers that run the database, deliver infrastructure, process billing, calculate tax, or help provide login. Stripe processes checkout, subscriptions, billing portal, payment method updates, invoices, and tax calculation. If you choose Google sign-in, Google processes the authentication request under its own privacy terms. Service providers may process data only as needed to provide their services to reckon.

International Transfers

reckon is controlled from Hungary and its server is hosted in Germany. Some infrastructure, database, or login providers may process data outside Hungary, Germany, or the European Economic Area. Where required, transfers rely on an adequacy decision, standard contractual clauses, or another GDPR-approved safeguard.

Retention

We keep account data, identity statements, urge entries, and reflection entries while your account exists, unless you ask us to delete them sooner. Billing records are kept as needed to provide access, resolve disputes, prevent abuse, and meet tax/accounting obligations. Authentication cookies expire as described above. Email verification codes expire after 10 minutes and are not usable after that.

If you request deletion, we will delete or anonymize personal data unless we need to keep limited information for legal, security, or abuse-prevention reasons.

Your Rights

Depending on where you live and the legal basis for processing, you may have the right to access, correct, delete, export, restrict, or object to the use of your personal data. You may also withdraw consent where processing is based on consent.

To exercise these rights, email alidahud@gmail.com. We may need to verify that the request comes from the account owner. The app does not currently provide self-serve export or deletion; those requests are handled by email.

If you are in the EU or EEA, you also have the right to complain to a data protection supervisory authority, including the authority where you live, where you work, or where you believe an infringement happened. Because reckon is controlled from Hungary, you may also contact the Hungarian National Authority for Data Protection and Freedom of Information, Falk Miksa utca 9-11, H-1055 Budapest, email privacy@naih.hu.

Security

reckon uses authentication cookies marked for HTTP-only access, same-site use, and secure transport in production. Refresh tokens are stored as hashes in the database. No system can be guaranteed perfectly secure, but we keep the data collected as small as the product allows and use technical controls appropriate for a private journal-style app.

No Tracking Ads

reckon does not use advertising networks, behavioral advertising, or third-party analytics in the current product. If that changes, this policy will be updated and non-essential cookies or trackers will not be loaded unless the law allows it or you consent.

Children

reckon is not intended for children under 16. If you believe a child has provided personal data, contact us so we can delete it.

Important Limit

reckon is not therapy, medical care, crisis support, or an emergency service. Entries are not monitored for emergencies. If you are at risk of harming yourself or someone else, contact local emergency services or a qualified professional.

Changes

We may update this policy when the app, legal requirements, or service providers change. The updated date at the top shows when the policy last changed.