Privacy Policy

Effective May 2, 2026

Short version: Momentum stores the goals you set, the days you check off, the reactions you give, and the email + display name you sign up with. We don't sell your data, we don't run ads, and you can permanently delete everything from inside the app at any time.

Who we are

"Momentum," "we," and "us" mean the team operating the Momentum iOS app and this website. You can reach us at support@momentum-app.com.

What we collect

We collect only what we need to make the app work:

Account info — your email address and chosen display name. Your password (if you signed up with email) is never stored in plaintext; authentication is handled by our backend provider, Supabase, which stores a hashed copy. If you signed up with Sign in with Apple, we receive an opaque user identifier and (only on first sign-in) the name and email Apple chooses to share — Apple never sends us your password, and you can choose to share your real email or a private relay address that forwards to your inbox.
Goal data — the titles of the goals you set, the weekdays they're scheduled for, your weekly progress, and your streaks.
Group membership — which groups you've created or joined, and whether you're an admin or member.
Activity logs — each time you check off a scheduled day, we store a row recording the goal, day, and timestamp.
Reactions — the emoji reactions you give to other people's activity logs, plus reactions others give to yours.
Push token — the device token your iPhone provides so Apple can deliver push notifications to you. We never see the contents of your phone, only the opaque token Apple supplies.
Reports — if you report another user, we store the reason text you wrote so we can review it.

We do not collect your contacts, location, photos, calendar, microphone, or any health data.

How we use it

To run the app — show your goals, your group's activity, and your streaks.
To send the push notifications you've consented to (Sunday goal reminder, reactions on your activity, join requests for groups you admin).
To investigate and act on reports of bad behavior.

We do not use your data for advertising. We do not sell or rent your data to anyone. We do not train AI models on your data.

Who we share with

Three third parties handle data on our behalf, only as needed to deliver the service:

Supabase — our database and authentication provider. Your data is stored on Supabase's hosted Postgres infrastructure. See supabase.com/privacy.
Apple Push Notification service (APNs) — Apple delivers push notifications to your device. Apple receives the notification body (e.g. "Sam reacted 🔥 to your Run") and your device token, but not your underlying account.
Vercel — hosts this marketing site and the email signup form (if you opted in to be notified at launch).

Where data is stored, and for how long

Data is stored on our backend provider's infrastructure (US region by default) for as long as your account exists. When you delete your account from inside the app (Profile → Delete account), we permanently remove your sign-in info, your profile, your goals, your activity logs, your reactions, your notification settings, and any reports you've filed — all at once. Deletion is immediate and irreversible.

Your rights

Delete your data at any time from inside the app (Profile → Delete account).
Request a copy of your data by emailing support@momentum-app.com. We'll respond within 30 days.
Block any other user — they vanish from your activity feed and group lists. Long-press their name to find this option.
Report a user by long-pressing their name. We investigate every report.
Residents of the EU/UK and California have additional rights under GDPR / CCPA — including the right to access, correct, or restrict the use of your data. Contact us at the email above to exercise them.

Children

Momentum is intended for users aged 13 and over. We do not knowingly collect data from anyone under 13. If you believe a child under 13 has created an account, contact us and we'll delete it.

Security

Connections between the app and our servers are encrypted in transit. Access to your data is restricted at the database level so that you can only see and edit your own information, and the information of friends in groups you've joined. Passwords are stored in hashed form by our authentication provider — never as plain text.

No system is perfectly secure. Please choose a strong password, avoid reusing one from another site, and let us know immediately if you suspect anyone has gained access to your account.

Changes to this policy

We may update this policy as the app evolves. If we make material changes, we'll notify signed-in users via in-app notice and update the effective date above. Continued use of the app after a change means you accept the updated policy.

Contact

Questions, concerns, or data requests: support@momentum-app.com.