Privacy Policy

Account information. When you create an account we collect your email address, display name, and authentication credentials (hashed, never stored in plaintext).

Habit data. We store the habits you create, completion logs, streaks, XP progress, and any implementation intentions (time, location, duration) you add.

Usage data. We collect information about how you interact with the app — features used, pages visited, and session duration — to improve the Service.

Device & technical data. We collect IP address, browser type, operating system, and crash reports to diagnose issues and improve reliability.

Payment information. Billing details are processed directly by Stripe. We do not store credit card numbers on our servers.

Communications. If you contact support or opt in to email notifications, we store those communications and preferences.

• To provide, operate, and improve the Service.
• To generate AI-powered coaching insights from your habit data.
• To send transactional emails (account confirmation, password reset, weekly AI reports) where you have opted in.
• To process payments and manage subscriptions.
• To detect and prevent fraudulent or abusive activity.
• To comply with legal obligations.
• To communicate product updates and offers (you can unsubscribe at any time).

We never sell your personal data. We do not use your habit data for advertising purposes.

We work with the following trusted third parties to operate the Service. Each is bound by their own privacy policy:

We retain your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law or legitimate business interest (e.g., billing records for up to 7 years).

Anonymised and aggregated analytics data may be retained indefinitely as it cannot be used to identify you.

We use strictly necessary cookies to maintain authentication sessions. We do not use third-party advertising cookies or cross-site tracking technologies.

We may use first-party analytics to understand feature usage. This data is anonymised and not shared with third parties.

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate data.
• Deletion: Request deletion of your account and associated data.
• Portability: Request your habit data in a machine-readable format.
• Objection: Object to processing for marketing purposes.
• Restriction: Request that we restrict processing in certain circumstances.

To exercise any of these rights, contact us at privacy@habitai.app. We will respond within 30 days.

We use industry-standard security measures including encryption in transit (TLS), encrypted storage, and regular security reviews. Access to production data is restricted to authorised personnel only.

Despite our best efforts, no security system is impenetrable. If you believe your account has been compromised, contact us immediately.

The Service is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If we become aware of such collection we will delete the data promptly.

Your data may be processed in countries outside your own, including the United States, where our servers and third-party services are located. We ensure appropriate safeguards are in place for such transfers (e.g., Standard Contractual Clauses for EU data).

We may update this Privacy Policy periodically. We will notify you of material changes via email or an in-app notice. The "last updated" date at the top indicates when changes were last made.

For privacy inquiries, data requests, or to report a concern, contact us at: surjeetsj@gmail.com. We aim to respond within 24 hours.