Last updated: May 2, 2026
1. Introduction
Grounded ("we", "our", or "us") is a screen-time management and app-blocking application for Android. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.
By using Grounded you agree to the practices described in this policy. If you do not agree, please do not use the app.
2. Age requirements
Grounded is intended for users aged 16 or older (or 13 or older outside the European Union). We do not knowingly collect personal data from children under these ages. The app may be used by a parent or guardian to manage screen time for younger children on a shared device; in that case, the account belongs to the adult.
If you believe a child under the applicable age has created an account, please contact us at info@grounded-app.es and we will delete the account promptly.
3. Data we collect
| Data | Why we collect it | Stored where |
|---|---|---|
| Email address | Account identity, password reset, account-related notices | Our server (encrypted at rest) |
| Password | Authentication | Stored only as a bcrypt hash — the plain-text password is never saved |
| Device fingerprint hash | Silent re-login after reinstall without storing raw device identifiers | Our server — a one-way SHA-256 hash only; the original device ID is never saved |
| App usage minutes (per app, per day) | Enforcing daily time budgets you set for apps | Our server |
| App package names you choose to block | Applying your blocking rules | Our server |
| Blocking group settings & schedules | Applying your blocking configuration | Our server |
| Tasks & reward history | Tracking task completion and credit rewards | Our server |
| Credits balance & transaction history | Managing your in-app credits | Our server |
| Purchase records & add-on subscriptions | Verifying purchases and unlocking features | Our server; also held by Google Play under their own policy |
| Parental PIN | Protecting settings from being changed by the supervised user | Stored only as a bcrypt hash on our server |
4. Device permissions used
| Permission | Purpose |
|---|---|
| Usage Access | Reads how many minutes you have used each app today to enforce time budgets |
| Display over other apps (overlay) | Shows a blocking screen when a time budget is exhausted or a schedule is active |
| Query all packages | Lists installed apps so you can select which ones to block |
| Foreground Service (special use) | Keeps the blocking monitor running in the background so rules are enforced even when the screen is off |
| Receive boot completed | Restarts the blocking service automatically after the device reboots |
| Internet access | Communicates with our server to sync settings and verify subscriptions |
No permission is used to collect data beyond what is described in Section 3.
5. How we use your data
- To operate and synchronise your blocking rules and settings across reinstalls
- To enforce daily time budgets and blocking schedules
- To manage your account, credits, and purchased add-ons
- To send a one-time password reset code when you request it
- To respond to support or account-deletion requests
We do not use your data for advertising, profiling, or any purpose beyond operating the app.
6. Data sharing and third parties
We do not sell, rent, or share your personal data with third parties, with one exception:
- Google Play (Google LLC) — processes payments for in-app purchases and subscriptions. Google may retain transaction records under their own Privacy Policy. Grounded has no control over records held by Google Play.
We may disclose data if required by law or to protect our legal rights, but only to the minimum extent required.
7. Data security
- All communication between the app and our server uses HTTPS (TLS).
- Passwords and PINs are stored exclusively as bcrypt hashes — they cannot be reversed.
- Device identifiers are stored only as a one-way SHA-256 hash.
- Our server infrastructure is hosted on Hetzner (EU data centres, Germany/Finland).
8. Data retention
We retain your data for as long as your account exists. When you delete your account, all personal data is permanently and immediately deleted from our servers. No backups, logs, or archives of your personal information are kept after deletion.
See our Account Deletion page for full details and in-app instructions.
9. Your rights
Under the GDPR (EU/EEA users) and applicable data protection laws, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and all associated data at any time (in-app or by email)
- Withdraw consent — you may stop using the app and request deletion at any time
- Lodge a complaint with your national data protection authority
To exercise any of these rights, contact us at info@grounded-app.es.
10. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.
11. Contact
For any privacy-related questions or requests, contact us at info@grounded-app.es.