Privacy Policy
Last updated: 5 July 2026
1. Data controller
The controller of your data is Jonathan VALLE (sole trader), 3 Boucle Charles Ferdinand, 57330 Entrange, France — contact: support@gonnachange.com.
2. Data we collect
• Account: your email address and your password (encrypted, never readable by us). • Profile: your display name if you provide one, your language, your notification preferences and, if you write one, your personal pledge, shown in the app and used to compose your daily reminder — never sent to our analytics tools. • Tracking data: your resolutions (name, type, dates), your checked days, your hard-day notes and your SOS journal, synced with your account to back up your journey and restore it on your devices. • Consent: the date you accepted the Terms and this policy. • Subscription: the status of your subscription, managed via RevenueCat and the stores. We never collect your payment card details: payment is handled by Apple or Google. • Technical: analytics data (PostHog, only if you consent to it), error diagnostics (Sentry) and a push notification identifier.
3. Your tracking data is protected
Your resolutions, your checked days, your hard-day notes and your SOS journal relate to health and habits: this is sensitive data. It is stored on your device and synced to our servers (hosted by Supabase in the European Union — region: PLACEHOLDER_SUPABASE_REGION) to back up your journey and restore it on your devices. Access is strictly limited to your account, through per-user isolation enforced at the database level.
This content is never sent to our analytics or diagnostics tools: only event types, counts and technical identifiers are — never the name of a resolution, a note or a journal entry. GonnaChange contains no advertising and sells no data.
4. Purposes and legal bases
We use your data to provide and personalise the service, back up your tracking data and manage your subscription (performance of the contract), to send you notifications (your consent, which you can withdraw at any time), to measure the app's audience (your consent, collected in the app and withdrawable at any time in the settings), to fix errors in order to improve the app (legitimate interest), and to keep the service secure (legitimate interest).
5. Sub-processors and recipients
We rely on providers acting on our behalf: Supabase (database hosting and authentication), RevenueCat (subscription management), PostHog (analytics), Sentry (error diagnostics), Brevo (transactional emails, such as verification codes), Expo (push notification delivery), Apple and Google (distribution and payment).
Some of these providers are located outside the European Union; such transfers are then governed by the European Commission's standard contractual clauses.
6. Retention period
Your account data and the tracking data synced to our servers are kept for as long as your account is active, then deleted within 30 days of the account's deletion, unless a legal obligation requires otherwise. The local copy of your tracking data is deleted when you delete the app or reset its data.
7. Your rights
Under the GDPR, you have the right of access, rectification, erasure, portability, restriction and objection. You can exercise them by writing to support@gonnachange.com.
You may also lodge a complaint with the CNIL (www.cnil.fr).
8. Account deletion
You can request the deletion of your account and your data at any time by writing to us at support@gonnachange.com.