Legal

Privacy Policy

Last updated: April 6, 2026

1. Introduction

HabitDNA ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our mobile application and related services.

We comply with the General Data Protection Regulation (GDPR) and the India Digital Personal Data Protection Act (DPDP Act, 2023).

2. Information We Collect

We collect the following categories of data:

  • Account Information: Name, email address, and authentication credentials when you register (including via Google Sign-In).
  • Habit Data: Habits you create, timer sessions, durations, and timestamps.
  • Usage Data: AI feature usage, credit transactions, and interaction logs.
  • Gamification Data: XP earned, levels, badges, and streak history.
  • Social Data: If you opt in to the Community Leaderboard, your display name, level, XP, and badge count are visible to other users. This is entirely optional.
  • Device Information: Device type, operating system, app version, and crash reports (via Firebase Crashlytics) for troubleshooting and stability improvements.
  • Push Notification Tokens: Firebase Cloud Messaging (FCM) device tokens to deliver habit reminders, streak warnings, and weekly reports. You can disable notifications at any time in app settings.
  • Camera & Photos: Profile photo capture (camera access) and gallery selection. Photos are uploaded to secure cloud storage and not shared with third parties.
  • Payment Information: Subscription status (processed by Google Play — we do not store payment card details).
  • Advertising ID: Google Advertising ID is collected by the AdMob SDK to serve rewarded ads (watch an ad to earn AI credits). This is used for ad delivery and frequency capping only.
  • Analytics Data: Anonymous app usage events (screen views, feature usage) via Firebase Analytics to improve the app experience. No personally identifiable information is included in analytics events.

3. How We Use Your Information

  • To provide and maintain the HabitDNA service
  • To generate AI-powered insights, reports, and coaching (via OpenAI)
  • To calculate streaks, XP, levels, and badges
  • To manage your subscription and AI credit balance
  • To send push notifications (habit reminders, streak warnings, weekly reports) via Firebase Cloud Messaging
  • To send email notifications (weekly reports, verification codes) via Amazon SES
  • To serve rewarded ads (AdMob) so free users can earn AI credits
  • To display the Community Leaderboard (only for users who opt in)
  • To sync data to your home screen widget and Wear OS companion app
  • To monitor app stability and fix crashes (Firebase Crashlytics)
  • To improve our service through aggregated, anonymized analytics (Firebase Analytics)

4. AI Data Processing

When you use AI features (Daily Insights, Weekly Reports, Chat Coach), your habit history and stats are sent to OpenAI's API to generate personalized responses. We send only the minimum data necessary. OpenAI processes this data according to their API data usage policy and does not use it to train their models.

5. Data Storage & Security

  • Data is stored in AWS DynamoDB with encryption at rest
  • All data in transit is encrypted using TLS 1.2+
  • Authentication is handled by AWS Cognito with JWT tokens
  • API keys and secrets are stored in AWS Secrets Manager
  • We implement object-level authorization — you can only access your own data

6. Your Rights

Under GDPR and the India DPDP Act, you have the right to:

  • Access: Request a copy of all your personal data (Data Export)
  • Rectification: Update or correct your personal information
  • Erasure: Delete your account and all associated data
  • Portability: Export your data in a machine-readable format
  • Withdraw Consent: Opt out of optional data processing at any time

To exercise any of these rights, use the in-app settings or contact us.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, all personal data is permanently purged within 30 days. Anonymized, aggregated data may be retained for analytics purposes.

8. Third-Party Services

  • AWS (Amazon Web Services): Infrastructure, authentication (Cognito), data storage (DynamoDB), email delivery (SES), and file storage (S3).
  • OpenAI: AI-powered habit coaching features. Minimal habit data is sent to generate responses; OpenAI does not use API data for model training.
  • Google Play: Payment processing for subscriptions. We do not store payment card details.
  • Firebase (Google): Push notifications (FCM), crash reporting (Crashlytics), and anonymous analytics (Firebase Analytics).
  • Google AdMob: Rewarded video ads for free users to earn AI credits. AdMob may collect device identifiers and advertising ID for ad delivery. See Google's Privacy Policy.
  • Google Play Services (Wearable API): Data sync between your phone and Wear OS watch companion app.

9. Advertising

HabitDNA shows rewarded video ads to free-tier users who choose to watch them in exchange for AI credits. We use Google AdMob for ad delivery. AdMob may collect:

  • Google Advertising ID
  • Device information (model, OS version)
  • IP address (for geographic ad targeting)

Premium users never see ads. You can reset your Advertising ID or opt out of personalized ads in your device settings.

10. Children's Privacy

HabitDNA is intended for users aged 18 and over. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

11. International Data Transfers

Your data is stored on AWS servers in the Asia Pacific (Mumbai) region. If you access HabitDNA from outside India, your data may be transferred to and processed in India. We ensure appropriate safeguards are in place for international transfers.

12. Contact

For privacy-related inquiries, contact our Data Protection Officer at our contact page or email privacy@habitdna.app.