Legal — Privacy
Last updated May 02, 2026
This Privacy Notice describes how David Sharpe (doing business as Aspera) accesses, collects, stores, uses, and shares your personal information when you use Aspera.
Aspera is an identity-based discipline app that helps you build lasting habits by proving daily progress against personal goals. You declare an identity, set 3–6 daily proof tasks, and track your consistency over time through streaks, reflections, and progress history. This notice applies whenever you download or use the app, or engage with us in any related way.
Questions or concerns? Reading this notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use Aspera. If you have questions, contact us at davidbsharpe@icloud.com.
The points below summarise the notice. The full sections that follow are authoritative — read them for the detail.
What personal information do we process? Information you give us directly (your name, email address, password, username) and a small amount of technical data collected automatically when you use the app.
Do we process sensitive personal information? No.
Do we collect information from third parties? No.
How do we process your information? To provide, improve, and administer Aspera; to communicate with you; to keep the service secure; and to comply with law.
With whom do we share information? Only with the limited service providers that help us run Aspera (listed below).
What are your rights? Depending on where you live, you can request access, correction, deletion, portability, or withdraw consent at any time.
In short — we collect personal information that you provide to us.
We collect personal information that you voluntarily provide when you register on Aspera, express an interest in our products and services, participate in activities in the app, or otherwise contact us. The information we collect depends on how you interact with us, the choices you make, and the features you use. It may include:
Sensitive Information. We do not process sensitive information.
Application data. If you use Aspera and grant permission, we may also receive push-notification tokens so we can deliver reminders and account-related notifications. You can turn these off at any time in your device settings.
All personal information you provide must be true, complete, and accurate, and you must notify us of any changes.
In short — some information, such as IP address and device characteristics, is collected automatically.
We automatically collect certain information when you use Aspera. This data does not directly reveal your identity but may include device and usage information such as IP address, device model, operating system, language preferences, country, and information about how and when you use the Services. This is used primarily to keep the app secure, diagnose issues, and improve the experience.
In short — we process your information to provide, improve, and administer Aspera, communicate with you, keep the service secure, and comply with law.
In short — we only process your personal information when we have a valid legal reason to do so.
The GDPR and UK GDPR require us to explain the legal bases we rely on. We may rely on the following:
We may process your information where you have given us express or implied consent. In limited cases, applicable law permits processing without consent — for example, for fraud detection, witness statements, journalism, or where disclosure is required by subpoena.
In short — we may share information in specific situations and with specific third parties.
We share your data only with third-party vendors and service providers who require access to perform services on our behalf. We have contracts in place that are designed to safeguard your personal information; these third parties may not use it for any purpose other than the one we instruct, and they commit to protect the data and retain it only for the period we specify.
The third parties we currently rely on are:
We may also share your information in connection with a business transfer — for example, during negotiations of a merger, sale of company assets, financing, or acquisition of all or part of our business.
In short — we may transfer, store, and process your information in countries other than your own.
Our servers are located in the United States. Regardless of where you are, please be aware that your information may be transferred to, stored by, and processed in the United States and other countries where our service providers operate. If you are in the EEA, UK, or Switzerland, those countries may not have data-protection laws as comprehensive as your own. We will take all necessary measures to protect your personal information in accordance with this notice and applicable law.
We have implemented the European Commission's Standard Contractual Clauses for transfers of personal information between us and third-party providers where applicable. These clauses can be provided upon request.
In short — we keep your information for as long as necessary to fulfil the purposes outlined in this notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us to keep your personal information for longer than the period of time in which you have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it, or — if that's not possible (for example, because it sits in backup archives) — we will securely store it and isolate it from any further processing until deletion is possible.
In short — we aim to protect your personal information through a system of organisational and technical security measures.
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the personal information we process. However, despite our safeguards, no electronic transmission over the internet or information-storage technology can be guaranteed to be 100% secure. We cannot promise that hackers, cybercriminals, or other unauthorised third parties will never defeat our security and improperly collect, access, steal, or modify your information. Transmission of personal information to and from Aspera is at your own risk.
In short — depending on your state of residence in the US or your region (EEA, UK, Switzerland, Canada), you have rights that allow you greater access to and control over your personal information.
In some regions you have the right to: (i) request access to and obtain a copy of your personal information; (ii) request correction or erasure; (iii) restrict processing; (iv) data portability where applicable; and (v) not to be subject to automated decision-making. In certain circumstances you may also object to processing. To make a request, contact us using the details in section 12.
If you are in the EEA or UK and believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or the UK Information Commissioner's Office. If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
If we are relying on your consent to process your personal information, you may withdraw it at any time by contacting us using the details in section 12. Withdrawal will not affect the lawfulness of processing before your withdrawal, nor processing conducted on lawful grounds other than consent.
You can review, change, or delete the information in your account at any time by logging into Aspera and visiting your account settings. Upon request to terminate your account, we will deactivate or delete your account and information from our active databases. We may retain limited information to prevent fraud, troubleshoot problems, assist investigations, enforce our terms, or comply with applicable legal requirements.
If you have questions about your privacy rights, email us at davidbsharpe@icloud.com.
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal a preference not to have data about your online browsing monitored. No uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates a tracking-opt-out choice. If a standard is adopted, we will revise this notice accordingly.
In short — if you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have specific rights regarding your personal information.
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, IP address, email address, account name | Yes |
| B. Personal information as defined in the California Customer Records statute | Name, contact information, education, employment, employment history, financial information | Yes |
| C. Protected classification characteristics under state or federal law | Gender, age, date of birth, race and ethnicity, national origin, marital status, demographic data | No |
| D. Commercial information | Transaction information, purchase history, financial details, payment information | No |
| E. Biometric information | Fingerprints and voiceprints | No |
| F. Internet or other similar network activity | Browsing history, search history, online behaviour, interactions with our services and advertisements | Yes |
| G. Geolocation data | Device location | No |
| H. Audio, electronic, sensory, or similar information | Images and audio, video, or call recordings created in connection with our business activities | No |
| I. Professional or employment-related information | Business contact details, work history, professional qualifications | No |
| J. Education information | Student records and directory information | No |
| K. Inferences drawn from collected personal information | Inferences drawn from any of the above to create a profile about preferences and characteristics | No |
| L. Sensitive personal information | — | No |
We will use and retain the collected personal information as needed to provide the Services or for as long as you maintain an account with us.
Learn more about the sources of personal information in section 1, "What information do we collect?"
Learn more about how we use your personal information in section 2, "How do we process your information?"
We may disclose your personal information to our service providers pursuant to a written contract. We do not sell or share personal information for targeted advertising. We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We have disclosed identifiers and internet/network-activity information to service providers in the preceding twelve (12) months for the categories of business purposes listed in section 4.
To exercise these rights, contact us using the details in section 12. Under certain US state data-protection laws, you can designate an authorised agent to make a request on your behalf; we may deny a request from an agent that does not provide proof of valid authorisation.
Upon receiving your request, we will need to verify your identity. We will only use the personal information provided in your request to verify identity or authority. If we cannot verify you from existing information, we may request additional information for verification, security, or fraud-prevention purposes.
If we decline to take action on your request, you may appeal by emailing davidbsharpe@icloud.com. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons. If your appeal is denied, you may submit a complaint to your state attorney general.
California Civil Code §1798.83, also known as the "Shine the Light" law, permits California residents to request once a year, free of charge, information about the categories of personal information (if any) we disclosed to third parties for direct-marketing purposes, and the names and addresses of those third parties in the immediately preceding calendar year. To make such a request, please write to us at the address in section 12.
In short — yes, we will update this notice as necessary to stay compliant with relevant laws.
The updated version will be indicated by an updated "Revised" date at the top of this notice. If we make material changes, we may notify you by prominently posting a notice or by sending you a direct notification. We encourage you to review this notice frequently.
If you have questions or comments about this notice, you can contact us by email at davidbsharpe@icloud.com or by post at:
David Sharpe
87 White St
New York, NY 10013
United States
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we hold, details about how we have processed it, correction of inaccuracies, or deletion of your personal information. You may also have the right to withdraw consent. To make a request, email us at davidbsharpe@icloud.com.