Privacy Policy

Last Updated: June 14, 2026
At The Earth App ("we", "our", or "us"), we are committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use and share it, how long we keep it, and the choices and rights you have. It applies to our website, our mobile applications, and any related services (collectively, the "services"). By accessing or using our services, you agree to the practices described in this Privacy Policy. This Privacy Policy should be read together with our Terms of Service.
1. Information We Collect
Information you provide to us. When you create an account or use our services, we collect the information you choose to give us. This includes your username, email address, and password, and may include profile details such as your first and last name, phone number, physical address, country, biography, profile photo, and the interests and activities you select. We also collect the content you submit, such as prompts, prompt responses, articles, events, event images, quest submissions, and any reports you file about other content or users.
Information from third-party sign-in. If you choose to register or log in using a third-party provider — currently Google, Microsoft, Discord, GitHub, or Apple — we receive a unique identifier for your account with that provider and basic profile information that you authorize the provider to share, which typically includes your email address, name, and profile picture. We do not receive your password for those accounts.
Information we collect automatically. When you use our services, we automatically collect certain technical information, including your IP address (and the approximate location and country it indicates), browser and device type, operating system, and usage data about how you interact with our services. We use cookies, local storage, and similar technologies (described in Section 4) to operate the services, and we use Cloudflare Turnstile during sign-up, log-in, and other sensitive actions to help distinguish humans from automated abuse; Turnstile may process device and browser signals and your IP address for that purpose. We retain a record of the IP addresses you log in from to help secure your account (for example, to require an additional verification step when you sign in from a new location) and to enforce rate limits and prevent abuse.
Location, sensor, camera, and health data. Some features — particularly quests in our mobile application — may, with your permission, access additional information from your device. This can include your device's location while you are using the app (used to verify and tag where you complete a photo-based quest step), motion and step-count data from your device's activity sensors, and, on supported devices, distance or workout data you allow us to read from your platform's health service (such as Apple Health). Distance and workout data read from your health service is used only to record your progress on distance-based quests; it is never sold, shared with third parties, or used for advertising. If you submit photos, we may read embedded metadata (EXIF), which can include the location where a photo was taken, and we may use that location to determine the general area (such as the country) associated with a submission. Quests may also use your device's camera and microphone when you choose to complete steps that require a photo, video, or audio recording. Your device prompts you for permission before we access location, camera, microphone, health, or motion data, and you can change these permissions at any time in your device settings.
Notifications and on-device data. If you enable push notifications, we collect a device push token (provided by Apple Push Notification service or Firebase Cloud Messaging) so we can deliver notifications to you. Our mobile application also keeps diagnostic logs on your device to help you troubleshoot problems; these logs are sanitized to remove credentials, remain on your device, and are not transmitted to us unless you choose to export and share them.
2. How We Use Your Information
We use the information we collect to provide, maintain, and improve our services; to create and manage your account; to personalize your experience and power features such as quests, badges, journeys, leaderboards, cosmetics, and content recommendations; to communicate with you; to maintain the security and integrity of our services (including verifying new sign-ins, preventing fraud and abuse, and enforcing rate limits); to enforce our Terms of Service and respond to content reports; to understand how our services are used through analytics; and to comply with our legal obligations.
We send two general kinds of email. Transactional and service messages — such as email verification, security and login-verification codes, notifications about your account or content, and moderation notices — are part of providing the service, and you cannot opt out of them while you maintain an account. Marketing and promotional messages are optional, and you may opt out at any time by using the unsubscribe link in those messages or by adjusting your notification preferences. We do not sell, rent, or trade your personal information, and we do not use your personal information for third-party advertising.
3. Automated Processing and AI Features
Some features rely on artificial intelligence. To generate personalized features — such as badge-mastery quests and AI-generated profile images — we send certain profile information (which may include your username, biography, country, display name, and selected interests and activities) to AI models operated through our infrastructure provider's AI platform (Cloudflare Workers AI). We also use AI to generate and rank general, non-personalized content such as articles, prompts, and quizzes. AI-generated output may be inaccurate or incomplete and should not be relied upon for important decisions. We do not use these AI features to make decisions that produce legal or similarly significant effects about you without human involvement.
4. Cookies, Local Storage, and Similar Technologies
We use cookies and browser local storage to operate the services rather than to track you for advertising. These include a session cookie that keeps you logged in, a cookie that records whether you have visited before (used for onboarding), and, if you arrive through a referral link, a cookie that records the referral code. We also use local storage on your device to remember preferences and interface state (for example, completed tours, widget data, and a queue of actions to retry when you are offline). We do not use third-party advertising or cross-site tracking cookies. You can control or clear cookies and local storage through your browser or device settings, though some features may not work properly without them.
5. How We Share Your Information
We do not sell, trade, or rent your personal information to third parties. We share information only in the following circumstances:
With service providers and sub-processors who help us operate the services and are bound to protect your information and use it only on our behalf. These currently include: Cloudflare (hosting and edge infrastructure, AI inference through Workers AI, image processing, Turnstile bot protection, and aggregate request analytics); Google, including Firebase Cloud Messaging for push notifications, Google Fonts, the Google Maps Platform for converting addresses and coordinates into place information, and Google sign-in; Microsoft, Apple, GitHub, and Discord for third-party sign-in; and Unsplash, Pixabay, YouTube, Wikipedia, and the Internet Archive for retrieving media and reference content that you search for or that enriches activities. Apple Push Notification service is used to deliver notifications on Apple devices.
With other users, according to your privacy settings. Information and content you mark as public may be visible to anyone, including unauthenticated visitors, while information you restrict is shown only to the people you allow (see Section 6).
For legal and safety reasons, when we believe in good faith that disclosure is required by law or legal process, or is necessary to protect the rights, property, or safety of The Earth App, our users, or the public.
With our administrators for moderation. Our administrators may review the content and data you submit to quests — including photos, audio recordings, text responses, scan and event data, and related submission metadata — to enforce our policies, investigate abuse, and keep the services safe, and they may remove that content or related rewards when it violates our rules. This quest submission data is used for moderation and to power your own quest experience; it is not made available to other users.
In a business transfer, such as a merger, acquisition, financing, or sale of assets, in which case we will continue to protect your information consistent with this Privacy Policy and notify you of any material change in how it is handled.
6. Public Information and Your Privacy Controls
You control how visible your account and content are. You can set your account to "Public," "Unlisted," or "Private," which determines whether your content is discoverable by everyone, only by logged-in users with a direct link, or only by people you approve. Individual profile fields — such as your country, address, and phone number — can be set to "Public," "Mutual," "Circle," or "Private," which controls who can see that information. Some information, such as leaderboard standings, badges, cosmetics, and journey streaks, may appear publicly when your settings allow it. We honor these settings, but please remember that anything you make public can be seen, copied, or shared by others, and we cannot guarantee the security of information you choose to share.
7. Data Retention
We keep your account information for as long as your account is active and as needed to provide the services. Some data is kept only for limited periods: onboarding state is retained for about a year; journey streaks for about 48 hours; anonymous mood votes for about 30 days; generated badge-mastery quests for about 90 days; email and verification tokens for about 30 days; and pending content reports expire automatically after about 7 days if no action is taken. Certain user content is also removed automatically over time — for example, prompts after roughly 2 days, articles after roughly 14 days, and events roughly 30 days after they end. When content is removed by moderation, we keep a temporary record for about 30 days (as described in our Terms of Service) before permanent deletion. These periods are approximate and may change as our services evolve. Residual copies may persist in backups for a limited time and are overwritten in the normal course of operations.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These include access controls, the use of reputable infrastructure providers, and encryption of certain stored content, such as event image submissions. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your login credentials confidential.
9. International Data Transfers
We are based in the United States, and our services are operated using infrastructure located in the United States and on the global networks of our service providers. If you access our services from outside the United States, your information will be transferred to, stored in, and processed in the United States and other countries that may not have the same data protection laws as your jurisdiction. Where required, we rely on appropriate safeguards for such transfers, and by using our services you consent to this transfer and processing.
10. Your Rights and Choices
You can access and update most of your information directly within the services by editing your profile and adjusting your privacy and notification settings, and you can delete your account at any time (we may ask you to re-authenticate first to confirm it is you). You can also opt out of marketing emails as described in Section 2.
If you are in the European Economic Area, the United Kingdom, or a similar jurisdiction, you have the right to access, correct, delete, restrict, or object to our processing of your personal information, the right to data portability, and the right to withdraw consent where processing is based on consent. We process personal information on the legal bases of performing our contract with you (to provide the services), our legitimate interests (such as securing and improving our services), your consent (for example, for device permissions and marketing emails), and compliance with legal obligations. You also have the right to lodge a complaint with your local data protection authority.
If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it, the right to request access to and deletion or correction of your personal information, and the right to opt out of the "sale" or "sharing" of personal information. We do not sell or share your personal information as those terms are defined under California law, and we will not discriminate against you for exercising your rights.
To exercise any of these rights, contact us at support@earth-app.com. We may need to verify your identity before responding, and we will respond within the time required by applicable law.
11. Children's Privacy
Our services are not directed to children, and you must be at least 13 years old (or older where required by your jurisdiction, such as 16 in parts of the European Economic Area) to create an account. In accordance with the Children's Online Privacy Protection Act (COPPA) and other applicable laws, we do not knowingly collect personal information from children under the applicable age. If we learn that we have collected personal information from a child under that age without appropriate consent, we will delete it as soon as possible. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@earth-app.com so we can take appropriate action.
12. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. Any changes will be effective immediately upon posting on our website, and we will update the "Last Updated" date above. We will endeavor to notify you of significant changes through our services or other communication channels. Your continued use of our services after any such changes constitutes your acceptance of the updated Privacy Policy.
13. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at support@earth-app.com for assistance.