1. Information We Collect
- Phone number – for app login and notifications.
- Payment information – processed via Stripe (tokens & transaction IDs only; no card numbers stored).
- Habit-tracking data – habits you create and their completion status.
- Device information – device model, OS, and identifiers for functionality and security.
- Usage data – analytics on feature use, crash reports, and diagnostics.
- App cache – temporary storage of your habits and preferences for offline access and performance.
2. How We Use Your Information
- To provide, operate and maintain the app.
- To process payments for missed habits via Stripe.
- To send transactional SMS / push notifications.
- To track and manage your habit data.
- To improve and personalise our service and user experience.
- To ensure security, detect fraud and enforce our Terms of Service.
- To comply with legal obligations and accounting requirements.
3. Legal Bases for Processing
We process your personal data on the following bases:
- Contract – providing the habit-tracking service you request.
- Legitimate interest – preventing fraud, securing our platform, and improving the service.
- Consent – sending optional marketing messages (you may withdraw at any time).
- Legal obligation – keeping financial records required by tax laws.
4. Payment Processing
We use Stripe, a PCI Service Provider Level 1 certified processor. Consequently:
- Card details are sent directly to Stripe; we never store them.
- Data in transit is encrypted using TLS 1.3.
- We receive only payment tokens and transaction metadata.
- Your payment data is protected by Stripe's industry-standard safeguards.
5. Data Storage & Security
- All data is stored in Supabase, running on secure cloud infrastructure.
- Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
- Role-based access controls; least-privilege principle.
- Quarterly vulnerability scans and annual third-party penetration tests.
- Access to production data is logged and reviewed every 90 days.
6. Data Retention
We retain your data as follows:
- Account Information: We keep your phone number and account details until you delete your account.
- Habits: Active habits are stored until you delete them. When you delete a habit, it remains active until the end of the current day and is then permanently removed.
- Payment Information: We retain payment records for 7 years to comply with tax and accounting requirements.
- App Cache: Local app data is stored on your device and can be cleared at any time through your device settings.
7. Your Rights
You have the right to:
- Access, correct or delete your personal data.
- Export your data in a portable format.
- Withdraw consent at any time.
- Opt out of marketing communications.
- Request information about how your data is used.
How to exercise your rights: Send a request to hutimk@gmail.com. We respond within 30 days and may need to verify your identity.
9. App Storage & Cache
We use app caching and local storage to:
- Store your habits and preferences locally for offline access
- Improve app performance and reduce data usage
- Maintain your session state
- Enable faster loading times
You can clear the app cache through your device's settings at any time. Note that clearing the cache will require you to log in again and may temporarily affect app performance.
10. Children's Privacy
Our service is not directed to children under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
11. Updates to This Policy
We may update this Privacy Policy from time to time. We will post any changes on this page and update the "Effective date" at the top. If changes materially affect your rights, we will notify you by email or in-app at least 14 days before they take effect.
This template is provided for informational purposes and does not constitute legal advice. Consult qualified counsel to ensure compliance with laws applicable to your organisation.