Effective date: 27 March 2026
Patto ("we", "us", "our") operates the Patto mobile application and web app (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
Account information. When you sign up or sign in, we collect your email address. We use email magic links for authentication — no password is required. You may optionally provide a display name during onboarding.
Profile information. You may optionally add a bio and upload a profile photo. We generate a unique username for you automatically.
User-generated content. This includes communities you create, habit check-in posts, photo uploads attached to check-ins, comments, and emoji reactions.
Usage data. We store habit completion logs (which habit, which community, and the date) to calculate streaks and community insights. We do not use third-party analytics or ad-tracking services.
Notifications. We store in-app notification records (e.g., when someone reacts to your post or joins your community) so you can view your activity feed.
Device tokens. If you enable push notifications, we store a device token to deliver notifications to your device via Apple Push Notification service (APNs) and Firebase Cloud Messaging.
With other users. Patto is a social accountability app. Your display name, username, avatar, and check-in posts are visible to other authenticated users. Communities you join and your habit completions are visible to members of those communities.
With service providers. We use Google Firebase (Cloud Firestore, Firebase Authentication, Cloud Storage, and Cloud Messaging) to operate the Service. Firebase processes your data on our behalf under Google Cloud's terms of service and data processing agreements.
Subscription payments. If you subscribe to Patto Pro, your purchase is processed by Apple via the App Store. We use RevenueCat to manage subscription status. RevenueCat receives your anonymised app user ID and subscription events. No payment card details are ever shared with us. RevenueCat's privacy policy is available at revenuecat.com/privacy.
We do not sell your data. We do not share your personal information with advertisers, data brokers, or any third parties for marketing purposes.
Your data is stored on Google Firebase infrastructure. Firestore security rules restrict access so that users can only modify their own data. Authentication tokens are managed by Firebase Auth. All data is transmitted over HTTPS/TLS.
We retain your data for as long as your account is active. When you delete your account through the app, we permanently delete your user profile, all posts you created, your daily logs, and your community memberships. This deletion is immediate and irreversible.
Patto is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy within the app. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy, contact us at hello@pattosocial.com.