Privacy Policy

Last updated: February 26, 2026

Unscrol ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("the App").

1. Information We Collect

1.1 Personal Information

When you create an account, we collect:

• Email address — used for account identification, login, and communication.
• PIN (hashed) — your 4-digit PIN is securely hashed before being stored. We never store your PIN in plain text.

1.2 Usage Data

We automatically collect certain information when you use the App, including:

• Check-in data (morning, afternoon, evening slots)
• Streak and milestone progress
• Urge tracking entries (timestamps and categories)
• Focus session durations
• Mood tracking entries
• Leaderboard scores and rankings

1.3 Device Information

We may collect device-related information such as device type, operating system version, and unique device identifiers for analytics and troubleshooting purposes.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the App
• Authenticate your identity and secure your account
• Track your digital wellness progress
• Generate leaderboard rankings
• Send account-related communications (e.g., PIN reset codes)
• Analyze usage patterns to improve features
• Respond to support requests

3. Data Storage & Security

Your data is stored on secure servers using MongoDB Atlas with encryption at rest and in transit. We implement industry-standard security measures, including:

• Passwords and PINs are hashed using bcrypt
• All API communications use HTTPS/TLS encryption
• JWT tokens are used for session management with short expiration times
• OTP codes for PIN recovery expire after 10 minutes

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• With your consent — when you explicitly agree to share data
• Leaderboard — your display name and score are visible to other users on the public leaderboard
• Legal requirements — if required by law, regulation, or legal process
• Service providers — trusted third-party services that help us operate the App (e.g., email delivery, hosting), bound by confidentiality agreements

5. Third-Party Services

The App may use the following third-party services:

• MongoDB Atlas — database hosting
• Cloudflare — CDN and DDoS protection
• SMTP providers — email delivery for verification codes

Each third-party service has its own privacy policy governing how they handle data.

6. Your Rights

You have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Portability — request an export of your data in a machine-readable format
• Withdraw consent — withdraw your consent at any time where processing is based on consent

To exercise any of these rights, contact us at support@unscrol.app.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will remove your data from our active systems within 30 days. Backup copies may persist for up to 90 days before being permanently deleted.

8. Children's Privacy

Unscrol is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your data.

10. Contact Us