Last updated: 26 March 2026
This Privacy Policy explains how Upstrive GmbH ("Upstrive," "we," "us," or "our") collects, uses, discloses, stores, and otherwise processes personal data in connection with the Upstrive mobile application, related websites, customer support, and AI-powered features (together, the "Services").
This Privacy Policy is intended to provide a GDPR-level baseline for users globally. Depending on where you live, additional local rights or disclosures may apply.
The controller responsible for the processing of personal data described in this Privacy Policy is:
Upstrive GmbH
Techno Z Urstein
Urstein S15
5412 Puch bei Hallein
Austria
Email: info@upstrivesystem.com
General contact: info@upstrivesystem.com
If appointed and legally required, our data protection officer or privacy contact can be reached at: info@upstrivesystem.com
This Privacy Policy applies to personal data that we process when you:use the App or any in-app feature; create or manage an account; communicate with our support team; interact with our AI-powered features; receive notifications; visit our websites or landing pages; or otherwise engage with us.
If we provide additional privacy notices for specific features, experiments, surveys, promotions, or jurisdictions, those notices supplement this Privacy Policy.
Some parts of the Services use artificial intelligence to generate messages, provide contextual suggestions, enable chat-style interactions, and support your in-app experience. When you use these features, we may process:
| Category of AI-related data | Examples |
|---|---|
| User-submitted content | Messages, prompts, questions, free-text entries, uploaded content, and feedback |
| Contextual in-app data | Current screen, selected feature, recent in-app actions, completed activities, and progress state |
| Technical and safety data | Device, session, crash, abuse prevention, moderation, and logging information |
| AI outputs | Generated text, suggestions, summaries, classifications, safety flags, and similar results |
We describe these AI-related activities in more detail in our AI Features and Data Use Notice, which forms part of the legal information governing use of the Services.
Important: Unless we expressly tell you otherwise in a separate opt-in notice, we do not use your personal data or submitted content to train general-purpose AI models for unrelated purposes, and we do not permit our AI inference providers to use your submitted personal data for their own independent model training purposes.
If that practice ever changes, we will provide a separate, clear notice and obtain any consent required by applicable law before doing so.
The categories of personal data we collect depend on how you use the Services.
We may collect the following data you provide directly to us:
| Category | Examples |
|---|---|
| Account and profile data | Name, username, email address, password, authentication credentials, account preferences |
| User content | Messages, chat content, app inputs, reflections, uploaded images or files, form entries, survey responses |
| Transactional and subscription data | Purchase status, subscription tier, renewal status, billing identifiers, store transaction references (we do not receive full payment card numbers from app stores) |
| Communications | Support requests, emails, in-app support messages, complaint details, and other correspondence |
| Consent and preference data | Marketing preferences, AI preferences, notification settings, privacy choices, consent records |
We may automatically collect:
| Category | Examples |
|---|---|
| Device and technical data | IP address, device type, operating system, app version, language, time zone, identifiers reasonably necessary for service delivery, and configuration data |
| Usage and event data | App opens, viewed screens, clicks, feature use, session duration, crash events, performance metrics, diagnostics, and security events |
| Approximate location or regional data | Country or region inferred from IP or app store settings, where necessary for localization, fraud prevention, or compliance |
| Notification-related data | Push token, opt-in status, message delivery status, and interaction with notifications |
We may receive personal data from:
| Source | Examples |
|---|---|
| App stores and payment platforms | Subscription status, purchase confirmation, refund status, transaction identifiers |
| Authentication providers | Basic login or identity details if you choose a third-party sign-in option |
| Service providers | Hosting, security, analytics, observability, content moderation, customer support, and AI inference providers |
| Other lawful sources | Information you direct third parties to share with us or that we obtain to investigate fraud, abuse, or legal claims |
We may generate or derive information from the personal data above, such as service preferences, likely feature relevance, basic engagement patterns, or AI-generated summaries necessary to provide the Services.
Where such inferences relate to an identified or identifiable user, we treat them as personal data.
If you are in the EEA, UK, or another jurisdiction requiring a legal basis, we rely on one or more of the bases described below. The same purposes generally apply globally, even where a formal legal-basis framework does not apply in the same way.
| Purpose of processing | Examples | Legal basis typically relied upon |
|---|---|---|
| Provide and operate the Services | Create accounts, authenticate users, provide app functions, generate requested AI responses, synchronize progress, deliver notifications | Performance of a contract; in limited cases, legitimate interests |
| Provide AI-powered features | Process prompts, context, and related signals to generate in-app AI content and suggestions | Performance of a contract and/or consent, depending on the feature and local law |
| Personalization and feature relevance | Tailor content, recommendations, and AI outputs to your use of the Services | Consent where required; otherwise legitimate interests, subject to balancing |
| Security, fraud prevention, and abuse detection | Protect accounts, investigate misuse, maintain service integrity, enforce policies | Legitimate interests; legal obligation where applicable |
| Diagnostics and reliability | Monitor crashes, errors, service availability, and technical performance | Legitimate interests; consent where required by law or configuration |
| Customer support and communications | Respond to messages, troubleshoot issues, provide service notices | Performance of a contract; legitimate interests |
| Legal compliance and defense of claims | Tax, accounting, consumer protection, legal requests, disputes, recordkeeping | Legal obligation; legitimate interests |
| Optional marketing | Send promotional emails or push notifications where permitted | Consent where required; otherwise legitimate interests subject to applicable law |
Where we rely on legitimate interests, we take your rights and interests into account and apply safeguards such as data minimization, access restrictions, contractual controls, technical security, and user controls.
Where we rely on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
When you use AI-powered features, we may process personal data for the following purposes:
| AI purpose | Typical data used |
|---|---|
| Generate in-app responses | User prompts, recent conversation, feature context, selected settings |
| Generate contextual suggestions | Current screen, progress data, recent completed activities, preference settings |
| Maintain safety and quality | Abuse signals, moderation flags, device/session data, limited logs |
| Troubleshoot incidents | Technical logs, error data, and, where necessary and proportionate, limited prompt/output excerpts |
We design AI features to support the user experience and not to make legal, medical, employment, insurance, credit, education-admission, or similarly significant decisions about you.
We do not intentionally use AI to infer special categories of personal data about you, such as health status, religious beliefs, political opinions, sexual orientation, or biometric identity, unless clearly disclosed and lawfully justified for a specific feature.
Please do not submit highly sensitive personal data, confidential third-party information, or emergency/crisis information into AI chat or free-text features unless we expressly request it for a specific, lawful purpose.
Our Services are generally not intended to require special categories of personal data for ordinary use. However, because users may choose to enter free text, upload content, or interact with AI features, sensitive data may be included in user submissions.
If we become aware that particularly sensitive data is being processed without a valid basis or business need, we may restrict, delete, or stop processing that content where legally and technically feasible.
If a feature is specifically designed to process sensitive data, we will provide a dedicated notice and any additional consent or legal safeguards required by applicable law.
The Services are not directed to children under 10 years. If you are under the required age in your jurisdiction, do not use the Services unless permitted by applicable law and, where required, with valid parental or guardian authorization.
If we learn that we have collected personal data from a child in violation of applicable law, we will take steps to delete the data and, where appropriate, deactivate the account.
If the Services are intended to be used by teens or young people in some jurisdictions, we may provide additional youth-specific privacy and safety notices.
Depending on the features you use, the App may request permission to access certain device functions or data.
| Permission / access | Why we request it |
|---|---|
| Photos / files | To let you upload selected content or attachments |
| Notifications | To send service-related or, where permitted, promotional notifications |
| Camera [if applicable] | To capture content directly in the App |
| Microphone [if applicable] | To enable audio input or voice-related features |
You can change device permissions through your operating system settings. If you disable a permission, some features may no longer work properly.
We may disclose personal data to the following categories of recipients, strictly on a need-to-know basis and subject to appropriate contractual or legal safeguards:
| Recipient category | Why disclosure occurs |
|---|---|
| Hosting and infrastructure providers | Cloud storage, hosting, networking, content delivery |
| AI inference and content safety providers | Generate AI outputs, moderate content, maintain service safety |
| Analytics, diagnostics, and observability providers | Detect crashes, errors, abuse, and performance problems |
| Customer support and communications providers | Manage support workflows and service messages |
| Payment, subscription, and platform partners | Handle subscriptions and purchase administration |
| Professional advisors and corporate counterparties | Legal, tax, accounting, financing, corporate transactions |
| Competent authorities and litigants | Comply with law, enforce rights, respond to lawful requests |
As of the date above, our principal service provider categories include at least the following:
| Provider | Function | Typical role |
|---|---|---|
| Amazon Web Services EMEA Sarl | Hosting and infrastructure | Processor |
| Functional Software, Inc. (Sentry) | Error monitoring and diagnostics | Processor |
| OpenAI | AI inference and related safety services | Processor / subprocessor |
| SendFox | Customer support or communications | Processor |
Before publication, this table should be updated to reflect the actual live vendor stack.
We do not sell personal data in exchange for monetary consideration.
We do not permit our AI inference providers to use your personal data submitted through the Services for their own independent purposes, such as training general models, building unrelated user profiles, or marketing to you, except where:
If applicable law defines "sale," "sharing," or similar concepts more broadly, users in those jurisdictions may have additional rights, which we honor as required.
We may process and store personal data in countries other than the country in which you live, including the EEA, the UK, the United States, and other jurisdictions where we or our service providers operate.
Where required by law, and especially for transfers of personal data from the EEA, UK, or Switzerland to countries that do not provide an adequate level of data protection under local law, we use appropriate safeguards, such as:
| Safeguard | Example |
|---|---|
| Adequacy decisions | Where the destination country has been recognized as adequate |
| Standard Contractual Clauses | Contracts with processors or subprocessors outside the EEA/UK |
| Supplementary measures | Access controls, encryption, minimization, and vendor diligence |
You may contact us for more information about the safeguards relevant to your personal data.
We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
The exact retention period depends on the type of data, the purpose of processing, the sensitivity of the data, legal obligations, and the need to resolve disputes, enforce agreements, and maintain security.
Our standard retention logic is as follows:
| Data category | Typical retention approach |
|---|---|
| Account data | Retained while your account is active and for a limited period afterward as necessary for legal, security, and dispute-handling purposes |
| User-submitted content | Retained for as long as needed to provide the Services, support features you use, or comply with deletion and backup cycles |
| AI prompts and outputs | Retained only as long as needed to provide the feature, maintain safety, troubleshoot incidents, and meet legal obligations, subject to configured retention limits |
| Diagnostics and security logs | Retained for limited periods proportionate to security and reliability needs |
| Customer support records | Retained as needed to manage inquiries, complaints, and legal obligations |
| Transaction and tax records | Retained for the period required by accounting, tax, and similar legal obligations |
Depending on where you live, you may have the right to request:
| Right | Description |
|---|---|
| Access | A copy of the personal data we hold about you |
| Rectification | Correction of inaccurate or incomplete data |
| Deletion | Erasure of your personal data in certain circumstances |
| Restriction | Limitation of processing in certain cases |
| Objection | Objection to processing based on legitimate interests and, where applicable, direct marketing |
| Portability | A copy of certain data in a portable format |
| Consent withdrawal | Withdrawal of consent at any time where processing relies on consent |
| Complaint | Complaint to a supervisory authority or regulator |
If local law grants additional rights, such as the right to opt out of certain profiling, targeted advertising, or specific automated processing, we will honor those rights where applicable.
You may exercise your rights by contacting us at info@upstrivesystem.com. We may need to verify your identity before completing your request.
If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection supervisory authority.
We may use limited personalization or profiling to tailor content, recommendations, and AI-generated responses based on your in-app behavior and preferences.
However, unless we clearly notify you otherwise, we do not use solely automated decision-making that produces legal effects or similarly significant effects about you within the meaning of Article 22 GDPR.
If that changes for a specific feature, we will provide additional notice and any rights or safeguards required by law.
We implement technical and organizational measures designed to protect personal data against unauthorized access, destruction, loss, alteration, or disclosure. These measures may include access controls, vendor due diligence, contractual protections, encryption in transit and at rest where appropriate, logging, environment separation, and incident-response procedures.
No method of transmission or storage is perfectly secure. We therefore cannot guarantee absolute security.
The App may be distributed through third-party platforms such as the Apple App Store and Google Play. Those platform operators process personal data independently under their own privacy notices and terms.
If you purchase a subscription or digital product through an app store, the store may provide us with limited transaction data necessary to validate and manage your purchase.
If permitted by law, we may send you product updates, offers, newsletters, or promotional messages. Where required, we will do so only with your consent.
You can opt out of promotional emails by using the unsubscribe link in the email or by contacting us. You can manage push notifications through the App settings or your device settings.
We may update this Privacy Policy from time to time to reflect changes in our Services, legal obligations, or processing practices.
If we make a material change, we will provide notice through the App, our website, email, or other appropriate means where required by law. The "Last updated" date at the top of this Privacy Policy indicates when the latest revision was made.
If you have questions, concerns, or requests relating to this Privacy Policy or our privacy practices, please contact us at:
Upstrive GmbH
Email: info@upstrivesystem.com
General contact: info@upstrivesystem.com
