Privacy Policy
Last Updated: February 23, 2026
Prospect Connect Media LLC, operating as EarnItGrid
At EarnItGrid, we believe your habit data is deeply personal. This Privacy Policy explains what information we collect, how we use it, and the choices you have. We've written this in plain language because you deserve to understand exactly what happens with your data.
The short version: We collect only what we need to provide the Service. Your habit data is yours. We don't sell your personal information. Ever.
Table of Contents
1. Information We Collect
1.1 Information You Provide
Account Information
When you create an account, we collect:
| Data | Purpose | Required |
|---|---|---|
| Email address | Account identification, communications | Yes |
| Name | Personalization, display in app | Yes |
| Profile picture | Display in app (from Google OAuth) | No |
| Password | Authentication (if not using Google OAuth) | Conditional |
Habit Data
When you use EarnItGrid, we collect:
| Data | Purpose |
|---|---|
| Habits you create | Provide the tracking service |
| Completion status | Track your progress, calculate stars |
| Skip/fail reasons | Help you understand patterns |
| Stars earned | Manage your reward balance |
| Rewards you create | Enable the reward system |
| Rewards redeemed | Track your reward history |
Payment Information
When you subscribe to ProGrid, Stripe (our payment processor) collects:
- Credit/debit card number
- Expiration date
- Billing address
We do not store your full card details. Stripe handles all payment processing securely and is PCI-DSS compliant.
Communications
When you contact us, we collect:
- Email address
- Message content
- Any attachments you send
1.2 Information Collected Automatically
Technical Information
When you access the Service, we automatically collect:
| Data | Purpose |
|---|---|
| IP address | Security, geo-detection for cookie consent |
| Browser type and version | Compatibility, debugging |
| Device type | Responsive design optimization |
| Operating system | Compatibility, debugging |
| Referring URL | Understand traffic sources |
| Pages visited | Improve user experience |
| Time spent on pages | Understand engagement |
| Actions taken | Improve features |
Cookies and Similar Technologies
We use cookies and similar technologies to:
- Keep you logged in
- Remember your preferences
- Understand how you use the Service
- Improve our Service
For detailed information, see our Cookie Policy.
1.3 Information from Third Parties
Google OAuth
If you sign up using Google, we receive:
- Your Google email address
- Your name
- Your profile picture (if available)
We do not receive your Google password or access to your Google account beyond basic profile information.
2. How We Use Your Information
We use your information for the following purposes:
2.1 Providing the Service
- Creating and managing your account
- Storing and displaying your habits and tracking data
- Calculating and managing your star balance
- Processing your rewards
- Syncing data across your devices
2.2 Improving the Service
- Analyzing usage patterns to improve features
- Identifying and fixing bugs
- Developing new features
- Conducting research and analytics
2.3 Communications
- Sending service-related notifications (password resets, security alerts)
- Responding to your inquiries and support requests
- Sending product updates (you can opt out)
- Sending promotional communications (with your consent, you can opt out)
2.4 Security and Fraud Prevention
- Detecting and preventing fraud, abuse, and security incidents
- Enforcing our Terms of Service
- Protecting the rights and safety of our users and third parties
2.5 Legal Compliance
- Complying with applicable laws and regulations
- Responding to legal requests and court orders
- Establishing, exercising, or defending legal claims
3. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
3.1 Service Providers
We share information with third-party service providers who perform services on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Vercel | Hosting | Technical data, IP address |
| Neon | Database | All user data (encrypted) |
| Stripe | Payments | Payment and billing data |
| Resend | Email address, name | |
| Authentication | OAuth tokens | |
| Microsoft Clarity | Analytics | Usage data, session recordings |
| Upstash | Rate limiting | IP address, request data |
| OpenRouter | AI features | Habit data (for AI Coach) |
All service providers are contractually obligated to protect your data and use it only for the purposes we specify.
3.2 Legal Requirements
We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to:
- Comply with legal obligations
- Protect our rights or property
- Prevent fraud or abuse
- Protect the safety of our users or the public
3.3 Business Transfers
If Prospect Connect Media LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.
3.4 With Your Consent
We may share your information with third parties when you give us explicit consent to do so.
4. Third-Party Services
Our Service integrates with the following third-party services:
Google (Authentication)
- Purpose: Account creation and login via OAuth
- Data shared: Receives confirmation of successful authentication
- Privacy policy: google.com/policies/privacy
Stripe (Payments)
- Purpose: Process subscription payments
- Data shared: Payment information, email, billing address
- Privacy policy: stripe.com/privacy
Vercel (Hosting)
- Purpose: Host the EarnItGrid application
- Data shared: Technical request data
- Privacy policy: vercel.com/legal/privacy-policy
Neon (Database)
- Purpose: Store user data securely
- Data shared: All user data (encrypted at rest and in transit)
- Privacy policy: neon.tech/privacy-policy
Resend (Email)
- Purpose: Send transactional and marketing emails
- Data shared: Email address, name
- Privacy policy: resend.com/legal/privacy-policy
Microsoft Clarity (Analytics)
- Purpose: Understand user behavior, improve UX
- Data shared: Usage data, session recordings (anonymized)
- Privacy policy: privacy.microsoft.com
Upstash (Security)
- Purpose: Rate limiting to prevent abuse
- Data shared: IP address, request metadata
- Privacy policy: upstash.com/trust/privacy
OpenRouter (AI)
- Purpose: Power the AI Habit Coach feature
- Data shared: Habit data (when using AI features)
- Privacy policy: openrouter.ai/privacy
5. Cookies and Tracking
We use cookies and similar technologies to provide and improve the Service.
Types of Cookies We Use
| Type | Purpose | Examples |
|---|---|---|
| Essential | Required for the Service to function | Authentication, security |
| Analytics | Help us understand how you use the Service | Microsoft Clarity |
| Preferences | Remember your settings | Theme, language |
| Marketing | Deliver relevant advertising (future) | Not currently used |
Managing Cookies
You can manage your cookie preferences:
- Through our cookie consent banner (EU/UK users)
- Through your browser settings
- By visiting our Cookie Policy
6. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.
Retention Periods
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Habit tracking data | Until you delete your account |
| Payment records | 7 years (legal/tax requirements) |
| Security logs | 90 days |
| Analytics data | 26 months |
| Support communications | 3 years |
After Account Deletion
When you delete your account:
- Your personal data is deleted within 30 days
- Some data may be retained in backups for up to 90 days
- Anonymized, aggregated data may be retained indefinitely
- Data required for legal compliance may be retained as required by law
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
Technical Measures
- Encryption in transit (TLS/HTTPS)
- Encryption at rest (database encryption)
- Secure authentication (Google OAuth, hashed passwords)
- Rate limiting to prevent abuse
- Regular security audits
Organizational Measures
- Limited access to personal data (need-to-know basis)
- Employee security training
- Incident response procedures
- Regular security reviews
Your Role
You can help protect your data by:
- Using a strong, unique password
- Enabling two-factor authentication on your Google account
- Keeping your login credentials confidential
- Logging out on shared devices
No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. If we become aware of a security breach affecting your data, we will notify you as required by law.
8. International Data Transfers
EarnItGrid is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States.
For EU/UK Users
When we transfer your data outside the EU/UK, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Our service providers' compliance with applicable data protection laws
9. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
All Users
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and data
- Export: Download your habit tracking data
- Opt-out: Unsubscribe from marketing communications
How to Exercise Your Rights
You can exercise most rights directly in the app:
- Account settings: Update your profile, download data, delete account
- Email preferences: Manage communication settings
For other requests, contact us at help@earnitgrid.com. We will respond within 30 days.
10. Your Rights Under GDPR (EU/UK Users)
If you are located in the European Union or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR.
Legal Basis for Processing
We process your data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Performance of contract |
| Account security | Legitimate interest |
| Analytics and improvement | Legitimate interest |
| Marketing (with consent) | Consent |
| Legal compliance | Legal obligation |
Your GDPR Rights
- Right of access: Obtain a copy of your personal data
- Right to rectification: Correct inaccurate personal data
- Right to erasure: Request deletion of your personal data ("right to be forgotten")
- Right to restrict processing: Limit how we use your data
- Right to data portability: Receive your data in a portable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent at any time (where processing is based on consent)
- Right to lodge a complaint: File a complaint with your local data protection authority
Data Controller
Prospect Connect Media LLC is the data controller for your personal data.
Contact for GDPR Requests
Email: help@earnitgrid.com
We will respond to GDPR requests within 30 days. If we need more time, we will notify you.
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your residence, place of work, or place of the alleged infringement.
11. Your Rights Under CCPA (California Users)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Your CCPA Rights
- Right to know: Request information about the personal information we collect, use, and disclose
- Right to delete: Request deletion of your personal information
- Right to opt-out of sale: We do not sell your personal information
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights
- Right to correct: Request correction of inaccurate personal information
- Right to limit use of sensitive personal information: Request limits on use of sensitive data
Categories of Personal Information We Collect
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, IP address | Yes |
| Personal information (Cal. Civ. Code § 1798.80) | Name, address | Yes |
| Commercial information | Purchase history, subscription status | Yes |
| Internet activity | Browsing history, interactions | Yes |
| Geolocation data | Approximate location (country) | Yes |
| Sensory data | N/A | No |
| Professional information | N/A | No |
| Education information | N/A | No |
| Inferences | Preferences based on usage | Yes |
| Sensitive personal information | N/A | No |
We Do Not Sell Personal Information
We do not sell your personal information to third parties. We do not "share" personal information for cross-context behavioral advertising.
How to Exercise Your CCPA Rights
Submit a request by:
- Emailing help@earnitgrid.com
- Using the data export/deletion features in your account settings
We will verify your identity before processing your request. We will respond within 45 days.
Authorized Agents
You may designate an authorized agent to submit requests on your behalf. The agent must provide proof of authorization.
Financial Incentives
We do not offer financial incentives for the collection or sale of personal information.
12. Children's Privacy
EarnItGrid is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at help@earnitgrid.com. We will delete such information promptly.
If we learn we have collected personal information from a child under 13, we will delete that information as quickly as possible.
13. Do Not Track
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked.
Currently, there is no universal standard for how websites should respond to DNT signals. As such, EarnItGrid does not currently respond to DNT signals. However, you can manage tracking through:
- Our cookie consent banner
- Your browser's privacy settings
- Our analytics opt-out options
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons.
How We Notify You
- Minor changes: Updated "Last Updated" date
- Material changes: Email notification and/or prominent notice in the Service
Your Options
If you do not agree with the revised Privacy Policy, you should stop using the Service and delete your account. Continued use after changes become effective constitutes acceptance of the revised policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Prospect Connect Media LLC
Operating as EarnItGrid
Email: help@earnitgrid.com
Response Time: We aim to respond to all inquiries within 30 days.