🔐Privacy Policy

The Privacy Notice explains how HabitU ("we," "our," or "us") collects, uses, shares, and protects your personal data. It is designed to comply with international privacy laws, such as GDPR and CCPA, ensuring transparency and safeguarding your privacy.

1. Introduction

This Privacy Notice outlines our commitment to protecting your personal data when you use HabitU (the "App") and the services provided through it. By accessing or using the App, you agree to the practices described in this Privacy Notice.

This Privacy Notice applies to data collected through the App, including user-provided data and automatically collected data.

It also covers any interactions you may have with us through email, support channels, or other communication methods.

We comply with applicable privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant regulations in the jurisdictions where the App is available.

By using the App, you consent to the collection, use, and sharing of your data as described in this Privacy Notice. If you do not agree, please cease using the App.

We may update this Privacy Notice periodically to reflect changes in the App, legal requirements, or business practices.

Significant updates will be communicated through the App or via push notifications. The "Last Updated" date at the top of this notice will reflect the most recent changes.

2. Data We Collect

To provide you with personalized and effective services, App collects various types of data. This section explains what data we collect, how we collect it, and for what purposes.

2.1 Categories of Data Collected

Personal Information:

• Name, email address, and age, gender (optional).

• Information you provide during account registration or profile setup.

Device Information:

• Technical details about the device you use to access the App, including:

• Device model and operating system.

• Unique device identifiers (e.g., UUID).

• IP address.

Usage Data:

Information about your interactions with the App, such as:

• Features you access.

• Time spent using the App.

• Progress tracking and input data (e.g., habit cessation metrics).

Behavioral Data:

• Data related to your habits, goals, and progress (e.g., quitting smoking or other tracked habits).

Analytics Data:

• Collected through third-party tools like Amplitude and AppsFlyer, including:

• User engagement metrics.

• Crash reports and performance logs.

2.2 How We Collect Data

We gather data in the following ways:

Data You Provide Directly:

• When you register an account, set goals, or input progress updates.

• When you contact us for support or participate in surveys or feedback sessions.

Automatically Collected Data:

• Through your interactions with the App, using cookies, SDKs, and other tracking technologies.

• Automatically logged device and usage data. We may collect and use your IP address to determine your general geographic location (e.g., country or time zone) for the following purposes:

1. To provide localized content and services.

2. To ensure compliance with regional legal requirements.

3. To improve user experience by aligning notifications and recommendations with your time zone

Data from Third Parties:

• Analytics platforms such as Amplitude and AppsFlyer provide aggregated and anonymized insights into user behavior.

2.3 Sensitive Data

The App may process data related to your habits (e.g., smoking or drinking), which could be considered sensitive under certain privacy laws.

• This data is processed only to provide core functionality and support your goals.

• We require explicit consent for processing this type of data where legally required.

2.4 Children’s Data

The App is intended for users aged 18 and older.

• We do not knowingly collect data from individuals under 18 years of age.

3. How We Use Your Data

The data we collect is used to provide, improve, and personalize your experience with the App. This section outlines the purposes for which we process your data and the legal bases for doing so.

3.1 Purpose of Data Use

We use your data for the following purposes:

1. Providing Core App Functionality:

• To enable you to track progress in quitting habits such as smoking, drinking alcohol, or gambling.

• To set up and manage your account, including registration, login, and profile settings.

1. Personalization and Recommendations:

• To tailor the App’s features, notifications, and insights to your specific goals and habits.

• To deliver motivational messages and reminders based on your input and progress.

1. Analytics and Performance Improvement:

• To monitor App performance, identify trends, and improve usability.

• To understand user behavior using analytics tools like Amplitude and AppsFlyer.

1. Communications:

• To send essential notifications, such as progress reminders or updates to these Terms and the Privacy Notice.

• To respond to your inquiries, feedback, or support requests.

1. Compliance with Legal Obligations:

• To fulfill legal requirements, such as those related to user consent, data protection laws (e.g., GDPR), and reporting.

• To ensure the App’s use complies with applicable regulations and does not facilitate prohibited behavior.

3.2 Legal Bases for Processing

We process your data under the following legal bases:

1. Contractual Necessity:

• Processing is necessary to provide the services you request, such as account management and goal tracking.

1. Legitimate Interests:

• For improving App performance, monitoring usage trends, and maintaining security.

• For sending non-promotional communications relevant to your use of the App.

1. User Consent:

• For processing sensitive data related to your habits (e.g., smoking or drinking habits).

• For sending personalized push notifications and recommendations.

1. Legal Compliance:

• To comply with applicable laws and respond to lawful requests from authorities.

3.3 Automated Decision-Making and Profiling

The App may use automated systems to analyze your data and provide personalized insights, such as:

• Recommendations for breaking habits based on your progress and activity.

• Suggested goals and adjustments tailored to your specific habits.

These processes do not have legal or similarly significant effects on you. If you have concerns about automated decision-making, you can contact us for further details.

3.4 Opt-Out Options

You can opt out of certain uses of your data, including:

• Personalized recommendations and motivational notifications.

• Analytics tracking via third-party services, as permitted by your device settings.

4. Sharing Your Data

We share your data only when necessary to provide and improve the App’s functionality, comply with legal obligations, or fulfill legitimate business purposes. This section outlines how, why, and with whom your data may be shared.

4.1 Categories of Recipients

We may share your data with the following categories of recipients:

1. Third-Party Service Providers:

• Analytics Providers:

• We use services like Amplitude and AppsFlyer to analyze usage trends, measure performance, and improve the App. These providers process usage data, device information, and engagement metrics on our behalf.

• Cloud and Hosting Providers:

• Data may be stored on secure servers managed by reputable third-party hosting services to ensure scalability and reliability.

• Technical Support Providers:

• We may engage service providers to assist with debugging, crash reporting, and performance monitoring.

1. Authorities and Legal Requests:

• We may disclose your data to law enforcement, regulatory authorities, or other government bodies if required to:

• Comply with legal obligations, such as responding to subpoenas or court orders.

• Protect the safety, rights, or property of App Developer, its users, or the public.

1. Business Transfers:

• In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of the transaction. You will be notified of such events and any changes to the Privacy Notice.

4.2 Purpose of Sharing

Data is shared for the following purposes:

• To operate and improve the App (e.g., analytics and hosting).

• To ensure compliance with applicable laws.

• To facilitate technical and customer support.

4.3 Data Anonymization and Aggregation

• We may share anonymized and aggregated data that cannot be used to identify you personally with third parties for research, statistical, or marketing purposes.

4.4 Third-Party Privacy Policies

• Third-party providers, such as Amplitude and AppsFlyer, operate under their own privacy policies. While we ensure their compliance with relevant laws, we recommend reviewing their privacy policies for additional details:

• Amplitude Privacy Policy

• AppsFlyer Privacy Policy

4.5 International Data Transfers

• If your data is transferred to service providers or servers located outside your country or region, such transfers will comply with applicable data protection laws.

• For transfers outside the European Economic Area (EEA), we implement safeguards such as standard contractual clauses or ensure that the recipient operates under an adequacy decision by the European Commission.

4.6 User Rights Regarding Data Sharing

• You may request a list of third parties with whom your data has been shared by contacting us.

• Where applicable, you can opt out of certain types of data sharing (e.g., analytics) via your device settings or App preferences.

1. Right to Information

You have the right to be informed about how your personal data is collected, used, and processed. This Privacy Policy provides clear and detailed information on these practices.

1. Right to Access

You can request access to your personal data and obtain details about the processing activities involving your data. Requests can be made by contacting us directly. Where applicable, you may also access this information through your account profile page. Upon written request, we will provide a copy of the personal data we have retained. Additional copies may incur a minimal administrative fee.

1. Right to Rectification

You can request the correction or updating of inaccurate or incomplete personal data. Please contact us directly or, where possible, make these changes in your account profile page.

1. Right to Erasure (Right to Be Forgotten)

You can request the deletion of your account and personal data by contacting us. Such requests will be fulfilled unless we are required by law or have a legitimate interest in retaining the data (e.g., for completed transactions or regulatory purposes).

1. Right to Object or Restrict Processing

You have the right to object to or restrict the processing of your personal data in certain circumstances, such as when processing is carried out for direct marketing purposes. If applicable, you may also opt out of marketing communications through your account settings.

1. Right to Data Portability

You can request that your personal data be transferred to another controller of your choice.

1. Identity Verification

To ensure confidentiality and security, we may require verification of your identity before fulfilling any requests related to your personal data. If you refuse to verify your identity, we may restrict processing of your data until verification is complete.

1. Automated Decision-Making and Profiling

We may use automated processing and profiling to reduce risks of fraud, money laundering, or service abuse. These processes analyze identification, transactional, and behavioral patterns. If you do not wish for automated processing to be carried out, you may contact us to request a review by our compliance officer.

1. Timeframe for Response

We will respond to your requests within one month. If additional time is needed, we will notify you and provide an explanation for the delay.

1. Non-Discrimination

You will not face discrimination for exercising your rights regarding your personal data. Unless necessary for specific services (e.g., user support), we will not deny goods or services, charge different prices, or offer varying levels of service quality based on the exercise of your rights.

1. No Fee for Most Requests

In most cases, there is no fee for accessing or exercising your rights related to your personal data. However, if a request is clearly unfounded, repetitive, or excessive, we may charge a reasonable fee or decline the request.

6. Data Security

We take the protection of your personal data seriously and implement robust measures to safeguard it from unauthorized access, loss, or misuse. This section outlines the security practices and technologies we use to protect your data.

6.1 Security Measures Implemented

To ensure the confidentiality, integrity, and availability of your personal data, we employ the following measures:

1. Encryption:

• All sensitive data, including personal and behavioral information, is encrypted during transmission using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.

• Stored data is encrypted at rest using advanced encryption standards (AES).

1. Access Controls:

• User accounts are protected by unique credentials, and Users are advised to create strong passwords to enhance security.

• Access to personal data within our systems is limited to authorized personnel on a need-to-know basis.

1. Regular Audits and Monitoring:

• We perform regular security assessments, including vulnerability scans and penetration testing, to identify and mitigate potential risks.

• Systems are continuously monitored to detect and respond to suspicious activity.

1. Secure Infrastructure:

• Data is hosted on secure servers provided by reputable third-party hosting services that comply with industry standards and privacy regulations.

1. Backup and Recovery:

• We maintain regular backups of user data to prevent loss in the event of system failures or cyber incidents.

• Disaster recovery protocols are in place to ensure swift restoration of services if needed.

6.2 User Responsibilities for Security

1. Account Security:

• Users are responsible for safeguarding their login credentials and must notify us immediately if they suspect unauthorized access to their account.

1. Device Security:

• Ensure that your device is protected by up-to-date antivirus software and operating system updates.

• Avoid using public or unsecured networks when accessing the App.

1. Password Hygiene:

• Use strong, unique passwords for your account and avoid sharing them with others.

6.3 Data Breach Notification

1. Breach Response:

• In the unlikely event of a data breach that may affect your personal data, we will:

• Notify you promptly, as required by applicable laws.

• Provide information on the nature of the breach, the data affected, and steps you can take to mitigate potential risks.

1. Reporting Issues:

• If you suspect a security vulnerability or data breach, please contact us immediately.

6.4 Limitations of Security

While we take all reasonable precautions to protect your data, no system is entirely foolproof. By using the App, you acknowledge that:

• Security risks, such as unauthorized access or cyberattacks, are inherent in online environments.

• We cannot guarantee absolute security, but we commit to taking immediate corrective action in the event of an incident.

6.5 Compliance with Standards

• Our security practices are designed to comply with industry standards and legal requirements, including GDPR, CCPA, and other relevant regulations.

• Third-party service providers, such as hosting and analytics platforms, are contractually required to maintain comparable security measures.

7. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this Privacy Notice or to comply with legal and regulatory obligations. This section explains how we determine retention periods and what happens to your data after the retention period ends.

7.1 Retention Periods

1. Active Users:

• Personal data is retained for as long as your account remains active. This includes data used to provide core services such as tracking progress, sending notifications, and offering personalized insights.

1. Inactive Accounts:

• If your account remains inactive for 12 consecutive months, it may be marked for deletion.

• Before deletion, you will be notified via push notification or other available means to allow you to reactivate your account.

1. Legal and Regulatory Requirements:

• Certain data may be retained longer if required by law or to fulfill legal obligations, such as record-keeping for tax or compliance purposes.

1. Trial Period Data:

• Data collected during a free trial period will be retained in accordance with the same standards as paid accounts unless the account is deleted after the trial period ends.

We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Notice. Specifically:

1. Analytical data is retained for a maximum of 36 months to monitor trends and improve the App.

2. Account-related data is retained while your account remains active or for 36 months after your last interaction, whichever is shorter.

3. Data required for compliance with legal obligations is retained as mandated by applicable laws.

7.2 Criteria for Retention

We determine data retention periods based on the following criteria:

• The purpose of the data collection (e.g., providing services, compliance, or analytics).

• User activity, including the last login date or interaction with the App.

• Legal requirements in jurisdictions where the App is available.

• Ongoing user consent, where applicable.

7.3 Deletion of Data

1. User-Initiated Deletion:

• You can request the deletion of your account and associated data at any time by contacting us at support@habitu.support or using the account management options in the App.

• Upon receiving your request, we will delete your data within a reasonable timeframe, subject to applicable laws.

1. Automatic Deletion:

• If your account remains inactive or unused beyond the specified retention period, it may be automatically deleted.

• An advance notification will be sent to allow you to save or export your data before deletion.

1. Exceptions:

• Certain data may not be deleted if it is required for legal compliance, resolving disputes, or enforcing our agreements.

7.4 Anonymization of Data

• In cases where deletion is not feasible or necessary (e.g., for research or statistical purposes), your data may be anonymized. Anonymized data is stripped of personally identifiable information and cannot be linked back to you.

7.5 Backup Retention

• Backup copies of your data may be retained temporarily for disaster recovery purposes. These backups are encrypted and are securely destroyed after the backup retention period expires.

7.6 Notifications Regarding Retention

• We will provide notifications regarding significant changes to retention policies or prior to automatic deletion of inactive accounts.

8. Children's Privacy

Protecting the privacy of children is a priority for App. This section outlines our policies regarding the collection, use, and protection of data from individuals under the age of 18.

8.1 Age Restrictions

1. Minimum Age Requirement:

• The App is not intended for use by individuals under the age of 18. If you are below this age, you are prohibited from accessing or using the App.

8.2 Collection of Children’s Data

1. No Intentional Data Collection:

• We do not knowingly collect personal data from children under the age of 18.

1. Accidental Data Collection:

• If we discover that personal data from an individual under 18 has been inadvertently collected, we will take immediate steps to delete the data from our systems.

8.3 Reporting Children’s Data

1. How to Report:

• If you believe that we have collected data from someone under the age of 18, please notify us.

• Provide details such as the nature of the data and the account or user in question.

1. Response Timeline:

• We will investigate the report and take appropriate action, including deletion of the data, within a reasonable timeframe.

8.4 Parental Controls

1. Overview:

• Parents or legal guardians of minors using the App (aged 16-18) are encouraged to:

• Review the App’s features and functionality.

• Monitor the minor’s activity and ensure they are using the App in a responsible and safe manner.

1. Parental Requests:

• Parents or guardians can request access to, correction of, or deletion of a minor’s data by contacting us.

8.5 Compliance with Laws

1. Children’s Online Privacy Protection Act (COPPA):

• In jurisdictions such as the United States, we comply with COPPA regulations to ensure that children’s data is not collected without verifiable parental consent.

1. GDPR Protections:

• Under GDPR, children under 18 cannot consent to data processing without parental approval. We ensure compliance with this requirement in EU jurisdictions.

8.6 Educational Purpose Exception

• The App does not currently include educational programs specifically targeted at children. If educational features are added in the future, they will comply with applicable laws governing children’s privacy.

For further questions about children’s privacy, please contact us.

9. International Data Transfers

Detailed Description:

As a globally accessible application, App may transfer and process your personal data in countries outside of your own. This section explains how we ensure compliance with applicable privacy laws and safeguard your data during international transfers.

9.1 Locations of Data Processing

1. Primary Data Processing Locations:

• Your data may be processed and stored on servers located in countries where we or our third-party service providers operate.

• These locations may include countries outside your home jurisdiction, including the United States and the European Economic Area (EEA).

1. Third-Party Service Providers:

• Services such as Amplitude and AppsFlyer may process data in jurisdictions outside your country of residence. These providers comply with industry standards and applicable privacy regulations.

9.2 Compliance with GDPR and Other Laws

1. Adequacy Decisions:

• If your data is transferred from the EEA to a non-EEA country, we ensure that the destination country has been deemed "adequate" by the European Commission in terms of data protection.

1. Standard Contractual Clauses (SCCs):

• For data transfers to countries without an adequacy decision, we use European Commission-approved Standard Contractual Clauses or equivalent safeguards to ensure your data is protected.

1. Additional Safeguards:

• We implement supplementary measures, such as encryption and regular security audits, to provide additional protection for data transferred internationally.

9.3 Data Transfers Under CCPA

1. California Residents:

• For California residents, data transfers to other jurisdictions comply with the California Consumer Privacy Act (CCPA) and related regulations.

• Your rights regarding access, deletion, and portability remain applicable regardless of the location of data processing.

9.4 User Rights Regarding International Transfers

1. Transparency:

• You may request details about the countries to which your data has been transferred and the safeguards in place.

1. Objections to Transfers:

• In certain circumstances, you may have the right to object to international transfers. We will review such requests on a case-by-case basis.

9.5 Risks of International Transfers

• While we take every reasonable measure to safeguard your data, you acknowledge that data transferred to other jurisdictions may be subject to laws and government requests in those countries.

9.6 Future Changes to Data Transfer Policies

• If there are changes to our international data transfer practices or the laws governing such transfers, we will update this Privacy Notice accordingly and notify you of significant changes.

10. Changes to the Privacy Notice

Detailed Description:

We reserve the right to update or modify this Privacy Notice to reflect changes in our business practices, legal requirements, or App functionality. This section explains how we will notify you about changes and your rights regarding such updates.

10.1 Frequency of Updates

1. Periodic Reviews:

• This Privacy Notice will be reviewed and updated periodically to ensure it remains current and accurate.

• Updates may occur in response to changes in data protection laws, the introduction of new App features, or updates to third-party services.

1. Significant Changes:

• If changes materially affect how your personal data is processed, we will provide clear and prominent notice before the changes take effect.

10.2 Notification of Changes

1. In-App Notifications:

• We may inform you about updates to the Privacy Notice through Our website, publishing new version, or in-app notifications or alerts.

• Notifications wmayinclude a summary of the changes and a link to the updated Privacy Notice.

1. Push Notifications:

• For significant changes, push notifications may also be used to ensure you are aware of the updates.

1. Email Notifications (If Applicable):

• If you have provided an email address and consented to receive communications, we may send updates about changes via email.

10.3 User Consent for Changes

1. When Consent is Required:

• If updates to the Privacy Notice involve new data collection practices or processing activities that require consent, we will seek your explicit consent before implementing such changes.

• You will have the option to review and accept or decline the updated terms.

1. Opt-Out Rights:

• If you do not agree with the changes, you have the right to opt out of using the App or request the deletion of your account and data.

10.4 Effective Date of Changes

• Changes to this Privacy Notice will take effect on the "Last Updated" date specified at the top of the notice.

• For significant changes requiring consent, the effective date will be delayed to allow you adequate time to review and respond.

10.5 Access to Previous Versions

• You may request access to previous versions of this Privacy Notice to understand how your data has been handled historically.

For questions or concerns regarding changes to this Privacy Notice, please contact us at support@habitu.support.