Back to Home
WithoutX Logo

Privacy Policy

Last updated: January 7, 2026

1. Introduction

Welcome to WithoutX. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our habit-tracking application.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (email address, username, display name)
  • Profile information (avatar, bio)
  • Challenge and check-in data (habits you track, progress, notes)
  • Check-in photos (Apex subscribers can upload images with their daily check-ins)
  • Social interactions (comments, likes, friend connections, team memberships)
  • Device information and usage analytics (to improve our service)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Track your habit progress and calculate achievements
  • Enable social features like friends, teams, and leaderboards
  • Send you notifications about your progress (if enabled)
  • Respond to your comments, questions, and requests
  • Detect, investigate, and prevent fraudulent or abusive activity

4. Information Sharing

We do not sell your personal information. We may share your information only in the following circumstances:

  • With your consent or at your direction
  • Public profile information and public challenges are visible to other users
  • With service providers who assist us in operating our platform
  • To comply with legal obligations or protect our rights

5. Image Storage & Moderation

Check-in photos uploaded by Apex subscribers are:

  • Stored securely on Cloudflare R2 cloud storage
  • Compressed to WebP format to optimize storage and loading times
  • Automatically scanned for NSFW (Not Safe For Work) content using AI moderation
  • Permanently deleted when you delete the associated check-in, challenge, or account

Images flagged as inappropriate may be automatically rejected or removed. We reserve the right to review and remove any uploaded content that violates our Terms of Service.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure.

7. Your Rights

You have the right to:

  • Access and update your personal information through your profile settings
  • Delete your account and associated data
  • Export your data
  • Opt out of promotional communications
  • Disable push notifications

8. Account Deletion

When you delete your account, we process your data as follows:

Data That Is Permanently Deleted:

  • Your profile information (username, display name, bio, avatar)
  • Email address and authentication credentials
  • All personal progress (streaks, check-ins, points, achievements)
  • Your challenges and goals
  • Teams you own (all team data is deleted)
  • All uploaded images (check-in photos, avatars)
  • Friend connections and notifications
  • Subscription and billing information

Data That Is Anonymized (Not Deleted):

  • Comments and messages: Your comments in teams and on challenges will remain visible but display as “Deleted User” to preserve conversation context for other participants.

Why we anonymize instead of delete certain data: WithoutX is a social accountability platform. Complete deletion of all user content would break team conversations and challenge discussions for other users. Anonymization removes your personal identity while preserving the context that others depend on. This approach satisfies GDPR “right to be forgotten” requirements while maintaining data integrity.

Account deletion is permanent and cannot be undone. You can delete your account from your Profile Settings.

9. Discord Bot

If you use the WithoutX Discord bot, we collect and process the following data:

  • Discord User ID: Used to link your Discord account to your WithoutX account
  • Discord Username: Displayed within the app when you link accounts
  • Command Interactions: We process commands you send to the bot (e.g., /streak, /checkin) to provide the service

We do not read or store your Discord messages outside of direct bot commands. The bot only responds to explicit slash commands you initiate.

You can unlink your Discord account at any time using the /unlink command or through your WithoutX profile settings.

10. Browser Extension

If you use the WithoutX browser extension, we handle data as follows:

Data Stored Locally (On Your Device Only):

  • Your authentication token (to keep you logged in)
  • Blocked website list and settings
  • Extension preferences and theme settings

Data Sent to Our Servers:

  • Check-in data when you complete a check-in through the extension
  • Your streak and challenge data (fetched from our API)

What We Do NOT Collect: We do not track your browsing history, collect website content, or monitor your activity beyond the explicit website blocking feature you configure.

You can uninstall the extension at any time to stop all data collection. Local data is deleted when the extension is removed.

11. Cookies and Similar Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how you use our services. You can control cookies through your browser settings.

12. Children’s Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last updated” date.

14. Contact Us

If you have any questions about this privacy policy, please contact us at support@withoutx.org