Privacy Policy

Last Updated: May 24, 2026

At a Glance

This summary serves as our Notice at Collection under the California Consumer Privacy Act and a plain-language overview for everyone else. The full legal text follows below.

No accounts, no names, no emails. Grit Method does not require you to create an account. We do not collect your name, email address, phone number, or any other directly identifying information.
What we collect. Your four daily intentions and onboarding answers are stored on your device. Anonymous usage data (events, device type, country, and optional feedback text you choose to submit) goes to Amplitude. Subscription status comes from Apple via RevenueCat. To generate personalized coaching, your intention text and onboarding answers are sent to Anthropic's Claude language model through a Cloudflare Worker.
Sensitive personal information. We do not process biometric data, precise location, health data, financial account numbers, or any other category of sensitive personal information.
AI processing. Your intention text and onboarding answers are sent to Anthropic through Cloudflare's AI Gateway, which operates under a Zero Data Retention agreement with Anthropic. Anthropic does not retain this data after processing and does not use it to train its models.
No tracking. We do not use the iOS Advertising Identifier (IDFA), do not track you across apps or websites, and do not share your data with advertisers.
Your rights. Depending on where you live, you can request access to, correction of, or deletion of your data.
Contact: gritmethod[at]contrast.co

1. Introduction

Grit Method is an iOS application that helps you set and track four daily intentions: one hard thing to do, one trap to avoid, one thing to be grateful for, and one way to help others. This Privacy Policy explains what data Grit Method handles, why, and what choices you have.

Grit Method is operated by Contrast Apps LLC, a limited liability company based in Texas, United States. Contrast Apps LLC is the data controller for the purposes of the EU General Data Protection Regulation (GDPR) and the equivalent legal role under the California Consumer Privacy Act (CCPA/CPRA) and other US state privacy laws.

If you have any questions about this policy or your data, email us at gritmethod[at]contrast.co.

2. What We Collect and Why

2.1 Data You Provide

When you use Grit Method, you may provide the following:

Daily intentions. The short text you write for each of the four daily intention categories.
Onboarding answers. Self-reported demographic and motivational answers, including: role, self-rated grit level, primary goal, grit-area focus, hard-thing blocker, top trap, desired outcome, gratitude frequency, helping frequency, and helping motivation. None of this is required to use the app; you can skip questions.
Feedback text (optional). If you submit feedback through the "Something wrong?" Quick Action or post-onboarding feedback form, the text you type is sent to Amplitude as part of the feedback event so we can read and act on it.

Where it lives. Your daily intentions and onboarding answers are stored locally on your device using Apple's SwiftData framework. We do not maintain a server-side copy of those local app records. Data leaves your device when we send it to Anthropic for AI coaching generation (see Section 3.2), when subscription status is processed through Apple/RevenueCat, and when analytics or submitted feedback is sent to Amplitude.

Legal basis (GDPR): Contract. We process this data to provide the app's core features.

2.2 Data Collected Automatically

When you use Grit Method, the following is collected automatically:

By the Amplitude analytics SDK. An anonymous Amplitude-generated device identifier, your IP address (used to derive approximate location at the country/region level and then discarded), your iOS version, app version, device model, language, and the names of in-app events you trigger (e.g. intention_set, gratitude_reflection_completed). Event names and counts are recorded. Your daily intention text is not sent to Amplitude. If you submit feedback in a field labeled for feedback, that feedback text is sent to Amplitude with the feedback event.
By the RevenueCat subscription SDK. An anonymous RevenueCat App User ID, the App Store transaction identifier for any purchase, and your current subscription status. RevenueCat does not receive your name, email, or payment method.

Legal basis (GDPR): Legitimate interest. To maintain, secure, and improve the application, and to fulfill our subscription contract with you.

2.3 Data Received From Third Parties

Apple App Store. Anonymous transaction identifiers and subscription status when you start a free trial or purchase a subscription. Apple does not share your name, email, billing address, or payment method with us.

3. How We Use Your Information

3.1 To provide the app

The four daily intentions, streak history, and settings stay on your device and are used to render the in-app experience and the home-screen widgets.

3.2 To generate AI coaching observations

Once during onboarding, after you've set your first day's four intentions, Grit Method sends the following to Anthropic via a Cloudflare Worker proxy:

the local date and time;
your self-reported onboarding profile (role, self-rated grit level, primary goal, grit area, hard-thing blocker, top trap, desired outcome, gratitude frequency, helping frequency, helping motivation, and selected pain statements);
the text of your four daily intentions (titles and contents).

Anthropic's Claude language model processes this data and returns two short coaching messages, which are displayed in the app. Requests reach Anthropic through Cloudflare's AI Gateway, which operates under a Zero Data Retention agreement with Anthropic, so Anthropic does not retain prompts or responses after processing. Under Anthropic's commercial API terms, this data is also not used to train Anthropic's models. Cloudflare's role in this flow is limited to relaying the request between your device and Anthropic.

These coaching messages are informational and motivational only. Grit Method does not use AI or profiling to make any decision about you that produces legal, financial, employment, credit, insurance, or other significant effects.

Legal basis (GDPR): Legitimate interest. To provide a personalized in-app coaching experience.

3.3 To improve the app

Anonymous usage events (sent to Amplitude) help us understand which features work and which need improvement. Ordinary analytics events do not contain your intention text or any directly identifying information. Feedback events include the feedback text you choose to submit.

Legal basis (GDPR): Legitimate interest.

3.4 To process subscriptions

Subscription status data (received via RevenueCat) lets us unlock premium features and recognize active subscribers across devices.

Legal basis (GDPR): Contract.

3.5 To comply with the law

We may process or disclose data to comply with applicable laws, regulations, court orders, or valid government requests.

Legal basis (GDPR): Legal obligation.

3.6 To personalize suggestions on your device (Apple Intelligence)

On supported devices where Apple Intelligence is enabled, Grit Method uses Apple's on-device Foundation Models framework to rank which of our existing curated suggestions appear first when you tap "Random" during onboarding. The model receives the onboarding profile you have provided so far and the list of curated suggestion IDs we ship for the relevant intention category. It returns the IDs it considers most relevant; Grit Method then shuffles within that ranked pool to preserve the random-button feel. The model does not write or rewrite suggestion text — only suggestion text that ships inside the app is shown to you.

This processing stays entirely on your device. No data is sent to our servers, to Apple's servers, or to any third party for this feature. To opt out, disable Apple Intelligence in iOS Settings.

Legal basis (GDPR): Legitimate interest. To provide a more relevant onboarding experience on devices that support it.

We do not use your data for marketing, profiling for advertising purposes, or any automated decision-making that has legal effects on you.

We do not sell your personal data. We share limited data with the following service providers as needed to operate the app:

Service	Role	What we share	Privacy policy
Apple	App distribution and in-app purchase processing	Standard StoreKit transaction data; handled by Apple	apple.com/legal/privacy
RevenueCat	Subscription management	Anonymous App User ID, StoreKit transaction data, subscription status	revenuecat.com/privacy
Amplitude	Product analytics and submitted feedback	Anonymous device identifier, IP-derived approximate location, app/device metadata, event names and properties, optional feedback text you submit	amplitude.com/privacy
Cloudflare	Backend relay for AI coaching	Same payload as below (Anthropic), passed through Workers	cloudflare.com/privacypolicy
Anthropic	AI language model (Claude) for coaching observations	Local date/time, onboarding profile, four daily intentions	anthropic.com/legal/privacy

All five recipients above act as service providers (under California Consumer Privacy Act § 1798.140(ag)) or processors (under GDPR Art. 4(8)) bound by written agreements that restrict their use of personal information to the purposes described in this policy. None of them act as independent third parties or are permitted to use your personal information for their own commercial purposes.

We do not share your data with advertisers or data brokers. We do not engage in cross-context behavioral advertising.

In the event Contrast Apps LLC is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will provide notice within the app before any such transfer takes effect.

5. Your Rights

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:

Access. Request a copy of the personal data we hold about you.
Rectification. Request correction of inaccurate or incomplete data.
Erasure. Request deletion of your data.
Restriction. Request that we limit how we process your data.
Portability. Receive your data in a structured, commonly used format.
Objection. Object to processing based on legitimate interest.
Lodge a complaint. File a complaint with your national data protection authority.

To exercise any of these rights, email gritmethod[at]contrast.co. Because Grit Method does not require accounts, we may ask you to provide your Amplitude device identifier, RevenueCat App User ID, or App Store transaction identifier to verify your request — see Section 5.2 for the full verification procedure. Most data is stored only on your device; deleting the app removes most personal data immediately. For data held by our processors (Amplitude, RevenueCat, Anthropic via Cloudflare), contact us and we will coordinate with the relevant provider on your behalf.

5.2 CCPA/CPRA rights (California users)

If you are a California resident, you have the rights described below under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

Right to know. You have the right to know what personal information we have collected about you in the past 12 months, including the categories collected, the sources, the business purposes for collection, and the categories of third parties to whom we disclosed the information. See Sections 2, 3, and 4 of this policy for that information.

Categories of personal information collected in the past 12 months, using the CCPA's own categories:

Identifiers. Anonymous Amplitude device identifier, anonymous RevenueCat App User ID, App Store transaction identifiers, IP address (used to derive approximate location at the country/region level and then discarded).
Commercial information. Subscription status and purchase history.
Internet or network activity. Names and counts of in-app events you trigger.
Geolocation. Approximate location at country/region level, derived from IP address.
User-generated content. Daily intentions, onboarding answers, and optional feedback text.

We do not collect: real name, contact information (email, phone, address), government identifiers, biometric information, account credentials, precise geolocation, sensitive personal information, or inferences drawn for profiling.

Right to delete. You have the right to request deletion of personal information collected from you. Most data is stored only on your device; deleting the app removes it immediately. For data held by our service providers (Amplitude, RevenueCat, Anthropic via Cloudflare), contact gritmethod[at]contrast.co.

Right to correct. You have the right to request correction of inaccurate personal information.

Right to opt out of the sale or sharing of personal information. We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of; this is true by default.

Right to limit the use of sensitive personal information. We do not collect or process sensitive personal information as defined under the CCPA.

Right to non-discrimination. We will not deny you services, charge you different prices, provide a different level or quality of service, or suggest that you will receive a different price or service quality if you exercise any of these rights.

Authorized agents. You may designate an authorized agent to make a request on your behalf. The agent must provide signed written authorization from you when submitting the request.

How we verify requests. Because Grit Method does not require accounts, we cannot verify your identity through a username and password. To verify a request, we may ask you to provide your Amplitude device identifier, RevenueCat App User ID, or, if applicable, your App Store transaction identifier for a recent purchase. The app shows the Amplitude device identifier and RevenueCat App User ID in Settings > Support. We will only respond to requests we can reasonably verify.

How to exercise your rights. Email gritmethod[at]contrast.co with the right you wish to exercise and any device identifier needed to verify your request. We will acknowledge within 10 business days and respond within 45 calendar days. We may extend the response window once by an additional 45 days where reasonably necessary, with notice to you.

5.3 Other US state privacy laws

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Kentucky, Rhode Island, Maryland, New Jersey, New Hampshire, Delaware, Nebraska, Minnesota, or Florida (or another US state with a comprehensive consumer privacy law), you have substantially the same rights as outlined in Section 5.2:

right to access and confirm what we have collected about you;
right to correct inaccurate information;
right to delete your information;
right to receive a portable copy of your data;
right to opt out of the sale or sharing of personal information (we do not engage in either);
right to opt out of profiling that produces legal or similarly significant effects (we do not engage in this; see Section 3.2);
right to non-discrimination for exercising any of these rights.

If you reside in a US state that provides a statutory appeal right and we deny your request, you may appeal by emailing gritmethod[at]contrast.co with "Appeal" in the subject line.

To exercise any of these rights, use the same channel and verification process described in Section 5.2.

5.4 Notice for EU/UK users — our representative

Contrast Apps LLC is established in Texas, United States, and has not designated an EU or UK representative under GDPR Art. 27 / UK GDPR Art. 27. Our processing of EU and UK personal data is limited to anonymous analytics metadata, anonymous subscription identifiers, and a single AI coaching request during the onboarding flow. We do not process special categories of personal data at scale, do not engage in monitoring of behaviour at scale, and our processing is not likely to result in a risk to the rights and freedoms of data subjects. We believe this processing qualifies for the Art. 27(2) exception. EU and UK users may contact us directly at gritmethod[at]contrast.co for any privacy matter.

5.5 Notice for users in other jurisdictions

If you reside outside the United States, European Union, EEA, United Kingdom, or Switzerland, you may have rights under your local privacy law that are substantially similar to those described above (access, correction, deletion, portability, opt-out of sale or sharing).

Brazil (LGPD). Brazilian residents have rights under Lei Geral de Proteção de Dados (Law No. 13.709/2018), including the rights to confirmation, access, correction, anonymization, portability, deletion of unnecessary or excessive data, and withdrawal of consent.
Canada (PIPEDA + Quebec Law 25). Canadian residents have rights under the Personal Information Protection and Electronic Documents Act and, for Quebec residents, Quebec Law 25, including access, correction, and deletion.
Australia (Privacy Act). Australian residents have rights under the Privacy Act 1988 and the Australian Privacy Principles, including access and correction.

To exercise any of these rights, use the same channel and verification process described in Section 5.2.

6. Data Security

We use industry-standard security practices to protect your data:

All network traffic between Grit Method and our service providers is encrypted in transit using HTTPS/TLS.
On-device storage uses Apple's SwiftData framework, which leverages iOS's built-in encryption.
Our service providers (Apple, RevenueCat, Amplitude, Cloudflare, Anthropic) maintain their own security certifications.

No transmission over the internet or storage on a device is 100% secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.

If a data breach affects your personal information, we will notify you and the relevant authorities as required by law.

Our App Privacy Details and Apple Privacy Manifest declarations are filed with Apple and visible on the App Store listing. The Privacy Manifest declares the data categories we collect, the purposes, the required-reason API usage, and any tracking domains (we declare none).

7. Data Retention

Local app data (intentions, streak history, settings, onboarding answers): retained on your device until you delete the app or clear its data. We do not maintain a server-side copy.
Analytics events and submitted feedback (Amplitude): retained indefinitely under Amplitude's standard policy unless we request deletion. To request deletion of your data, email gritmethod[at]contrast.co.
Subscription data (RevenueCat / Apple): retained indefinitely by RevenueCat and Apple for billing history, chargeback handling, and tax and accounting compliance.
AI coaching data (Anthropic, via Cloudflare AI Gateway): not retained beyond the request itself, under Cloudflare's Zero Data Retention arrangement with Anthropic. Cloudflare may retain minimal operational logs (request metadata, IP) per its standard policy.

8. Children's Privacy

Grit Method is not designed for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information to us, contact gritmethod[at]contrast.co and we will delete any such information.

For California residents under 16, we do not sell or share personal information for cross-context behavioral advertising.

9. Cookies and Tracking

9.1 In the iOS app

Grit Method does not use HTTP cookies. The app does not request the iOS Advertising Identifier (IDFA) and does not present the App Tracking Transparency (ATT) prompt. We do not engage in cross-app or cross-website tracking.

9.2 On the website

The website gritmethod.app does not set any cookies. It serves static pages with no analytics, no advertising, and no behavioral tracking of any kind.

9.3 Do Not Track and Global Privacy Control

Some browsers send "Do Not Track" (DNT) signals, and modern browsers support the Global Privacy Control (GPC) header to indicate a preference against tracking and the sale or sharing of personal information. Because Grit Method does not engage in cross-context behavioral advertising, does not sell or share personal information, does not track you across apps or websites, and the gritmethod.app website sets no cookies, DNT and GPC signals have no further effect on what we already do by default. We do not use any tracking technology that DNT or GPC would otherwise restrict.

10. International Data Transfers

Contrast Apps LLC is based in Texas, United States. Our service providers operate primarily in the United States. If you access Grit Method from outside the United States, your data will be transferred to and processed in the US.

For users in the EU/EEA, UK, or Switzerland, transfers of your personal data to the US rely on the appropriate safeguards documented in each processor's published Data Processing Agreement (DPA). For details on the safeguards each processor uses, see:

11. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will display a notice within the app and update the effective date at the top. Continued use of Grit Method after a material change means you accept the updated policy.

12. Contact Us

For any privacy questions or to exercise your rights:

Email: gritmethod[at]contrast.co
Address: Contrast Apps LLC, 102 Wonder World Dr, STE 304-560, San Marcos, TX 78666, United States

We typically respond within 3 to 5 business days.

13. Previous Versions

Effective	Summary of changes
2026-05-24	Initial publication.