Privacy Policy

Last updated: July 1, 2026  ·  Effective: July 1, 2026  ·  Version 1.1

This Privacy Policy explains how Grovi ("Grovi," "we," "us," or "our") collects, uses, and protects your information when you use the Grovi mobile, desktop, and web applications and related services (the "Service"). We've tried to write it in plain language. If anything is unclear, please reach out.

In short: we collect only what we need to run Grovi for you, we store it securely on Google's infrastructure, our AI features run on your device, we never sell your data, and you can erase it at any time.

1.Information We Collect

Information you provide

Information stored only on your device

Some data never leaves your device. It is kept in local app storage and is not synced to our servers:

Information collected automatically

We do not connect to your bank, and we do not collect bank logins, card numbers, or payment-account credentials. Any spending figures come only from amounts you type in yourself.

2.On-Device AI

Grovi's AI features are designed to run on your device:

The text you capture is not sent to a third-party AI service for categorization or processing.

3.Notifications

Reminders (such as the daily ritual reminder) are local notifications, scheduled by the app on your own device. We do not operate a push-notification server and cannot send remote push messages to your device. You can turn reminders off at any time in the app or in your device settings.

4.How We Use Your Information

We use your information to:

We do not use your personal content to serve advertising, and we do not sell or rent your personal information.

5.How Your Information Is Stored and Shared

Grovi is built on Google Firebase. Your account and content are stored using Firebase Authentication and Cloud Firestore, hosted on Google Cloud servers, and protected by security rules that restrict each user's data to their own account. Google processes this data on our behalf as a service provider under its own security and privacy commitments.

ProviderPurposeData involvedWhere it applies
Firebase Authentication (Google)Account sign-in (email and password)Email address, display name, hashed credentials, authentication tokensAll platforms
Cloud Firestore (Google)Storing and syncing Your Content under your own accountYour Content (tasks, transactions, budgets, focus sessions, check-ins)All platforms
Firebase Hosting (Google)Serving the web app and these policy pagesLimited technical request data (such as IP address and timestamps)Web
Firebase Crashlytics (Google)Crash reporting, so we can find and fix bugsCrash traces, device model, and operating-system versionNative apps only (not web)
Firebase Performance Monitoring (Google)App performance diagnostics (such as startup and network timing)Performance timings and basic device informationNative apps only (not web)
Firebase App Check (Google)Verifying that requests come from a genuine copy of the appDevice-integrity attestation tokensNative apps only (not web)
Google FontsRendering the app's typographyLimited technical request dataAll platforms
Hugging Face (model host)One-time download of the optional on-device AI model fileLimited technical request data only — none of Your ContentNative apps only, and only if you enable on-device AI

We may also disclose information if required by law, to protect the rights, safety, or property of Grovi or others, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you of any change in ownership or use of your personal information).

6.Data Retention

We retain your account information and Your Content for as long as your account is active. When you delete an item, or use "Reset all data," the associated data is removed from our active databases. Residual copies may persist briefly in backups before being overwritten in the ordinary course of operations.

7.Your Rights and Choices

Depending on where you live, you may have rights to access, correct, export, restrict, or delete your personal information. Within Grovi you can:

If you are in the European Economic Area, the United Kingdom, or a similar jurisdiction, you have rights under the GDPR (including access, rectification, erasure, portability, and objection). If you are a California resident, you have rights under the CCPA/CPRA, including the right to know and the right to delete; we do not sell your personal information. To exercise any of these rights, contact us at privacy@grovi.app.

8.Security

We use industry-standard safeguards, including encryption in transit, authenticated access, and database security rules that restrict each user's data to their own account. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your information and to address vulnerabilities promptly.

9.Children's Privacy

Grovi is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

10.International Users

Your information may be processed and stored on servers located in the United States or other countries where our service providers operate. By using the Service, you understand that your information may be transferred to facilities outside your country of residence, which may have different data-protection rules. Where required, we rely on appropriate safeguards for such transfers.

11.Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice, such as by posting the updated policy in the app or on this page and updating the "Last updated" date. Your continued use of the Service after the changes take effect constitutes acceptance of the revised policy.

12.Contact Us

If you have questions, requests, or concerns about this Privacy Policy or your data, contact us at privacy@grovi.app.