Privacy Policy

Last updated: 27 November 2025

We are 7Stockapp OÜ (registry code 16976938), Lahtri tn 12, 15551 Tallinn, Estonia ("we", "us", "our"). This Privacy Policy explains how we collect, use, disclose and safeguard your information in connection with our mobile application TheUp, our related website and backend APIs (together, the "Services"). We act as the data controller for personal data processed in connection with the Services.

Please read this Privacy Policy carefully. By accessing or using the Services, you acknowledge that you have read and understood this Policy. This text is for general information only and is not legal advice. You should consult with a legal professional to verify compliance with applicable law (including GDPR and any local rules).

---

1. Personal Data We Collect

Depending on how you use TheUp, we may process the following categories of personal data:

1.1 Account and Identification Data

• Email address and password.
• Verification codes and related metadata (e.g. expiry time, status).
• Basic profile data such as your encrypted first and last name.
• Account status information (e.g. whether your account is active, date of account creation).

1.2 Usage and Service Data

• Information about how you use the app, including feature usage and interaction logs.
• Token usage, subscription plan (e.g. free or premium), limits and statistics related to AI usage.
• Logs related to security, abuse protection and system monitoring (e.g. IP address, user agent, security events).

1.3 Content You Provide

• Your projects, goals and motivation data that you save in the app.
• Free-text notes, self-descriptions and other information you enter as part of your motivation profile.
• Saved words and notes you store in the app.
• AI chat messages, prompts and conversation history with the assistant.

1.4 Device and Notification Data

• Device identifiers, notification tokens (for example FCM/APNs tokens) and language settings.
• Notification configuration, including notification window, frequency, last notification time and count.
• Technical information sent by your device (e.g. operating system, app version, error logs).

1.5 Support and Communication Data

• Messages you send us via in-app support or email, including the subject and content of the message.
• Contact details you choose to share when requesting support (for example an alternative email address).

1.6 Payment and Subscription Data

• We do not receive or store your full payment card details. Purchases and subscriptions are processed by Apple App Store and Google Play Store.
• Through our billing provider (for example RevenueCat) we may receive information such as your subscription status, active entitlements, product identifiers, country and purchase or renewal dates.

2. How We Use Your Personal Data

We use your data for the following purposes:

• To provide and maintain the Services – including account creation, authentication, syncing your data across devices and basic app functionality.
• To deliver personalised motivation and AI assistance – using your projects, motivations, notes and prior interactions to generate relevant suggestions, notifications and AI responses.
• To send push notifications – including personalised motivation messages based on your profile, preferences and notification schedule.
• To manage subscriptions and billing – including determining your current plan (free or premium), access rights and usage limits.
• To provide customer support – replying to your inquiries, investigating issues and resolving complaints.
• To ensure security and prevent misuse – detecting and blocking abusive behaviour, managing blocked IP addresses, preventing fraud and protecting our infrastructure.
• To improve and develop the Services – analysing aggregated usage patterns, troubleshooting issues and testing new features.
• To comply with legal obligations – responding to lawful requests from authorities, handling legal claims and keeping necessary accounting records.

3. Legal Bases for Processing (EEA/UK Users)

Where GDPR or similar laws apply, we rely on the following legal bases:

• Performance of a contract – to provide the Services under our Terms of Use and EULA.
• Legitimate interests – for security, service improvement, preventing abuse and sending non-promotional service messages.
• Consent – where required by law, for example for certain marketing communications or optional features.
• Legal obligations – where we must process or retain data to comply with law.

4. Cookies and Similar Technologies

Our website may use cookies or similar technologies for essential functionality, security and basic analytics. In the mobile app, we generally rely on device identifiers and notification tokens rather than browser cookies. Where required by law, we will provide you with additional information and choice with respect to non-essential cookies.

5. Third-Party Services and International Transfers

We use trusted third-party service providers to help us operate the Services, including:

• Cloud hosting and infrastructure providers that host our servers and databases.
• Push notification providers such as Firebase, to deliver notifications to your devices.
• Billing and subscription platforms such as RevenueCat, and the Apple App Store and Google Play Store as payment processors.
• AI providers such as OpenAI and Google for generating AI-based responses and motivational content based on your input and history.
• Analytics and security tools that help us understand usage patterns, detect abuse and maintain service stability.

These providers may process your personal data on our behalf and only in accordance with our instructions and applicable data protection laws. Some of these providers may be located outside the European Economic Area. Where this results in a transfer of personal data to a third country, we will take appropriate safeguards (for example, using standard contractual clauses) as required by law.

6. Data Retention

We retain personal data for as long as necessary for the purposes described in this Policy, including:

• for the duration of your account and for a reasonable period afterwards to handle queries or disputes;
• for as long as required by applicable law (for example, for tax and accounting records);
• for as long as needed to maintain security logs and prevent abuse.

We may anonymise or aggregate data so that it no longer identifies you, in which case we may use such information indefinitely without further notice.

7. How We Protect Your Data

We implement technical and organisational measures designed to protect your data, including:

• Using encryption for sensitive data fields (for example, certain profile and motivation data) at rest.
• Restricting access to personal data to authorised personnel and systems only.
• Maintaining security logs, blocked IP lists and configurable security settings to detect and mitigate threats.

However, no system can be guaranteed to be 100% secure. You are responsible for keeping your account credentials confidential and for using the Services in a secure manner.

8. Your Rights

Depending on your jurisdiction (for example, if you are in the EEA or UK), you may have the following rights:

• The right to access the personal data we hold about you.
• The right to request correction of inaccurate or incomplete data.
• The right to request deletion of your personal data, subject to legal retention requirements.
• The right to request restriction of processing in certain circumstances.
• The right to object to processing based on our legitimate interests.
• The right to data portability, where technically feasible.
• The right to withdraw consent at any time where processing is based on consent.
• The right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of alleged infringement.

To exercise your rights, please contact us using the contact details below. We may need to verify your identity before responding to your request.

9. Children’s Privacy

The Services are not directed to children under the age of 16, and we do not knowingly collect personal data from children under this age. If we learn that we have collected personal data from a child under the relevant age threshold without appropriate consent, we will take steps to delete such information and, if appropriate, restrict or close the account.

10. App Store and Google Play

If you download TheUp from the Apple App Store or Google Play Store, your use of the store itself is also governed by the store’s own terms and privacy policy. The stores and our billing provider may process data such as your country, device information, purchase history and subscription status. We do not control their independent processing activities.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date at the top. Where appropriate, we may also notify you through the app or by email.

12. Contact Us

If you have any questions or requests regarding this Privacy Policy or our processing of your personal data, you can contact us at:

7Stockapp OÜ
Lahtri tn 12
15551 Tallinn
Estonia
Email: [email protected]

---

This document is provided for general informational purposes only and does not constitute legal advice. Before publishing, you should review it with a qualified legal professional to ensure that it complies with the laws applicable to your business and target markets.