Legal

Privacy Policy

Last updated: April 1, 2026

1. Introduction

HabitDNA ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our mobile application and related services.

We comply with the General Data Protection Regulation (GDPR) and the India Digital Personal Data Protection Act (DPDP Act, 2023).

2. Information We Collect

We collect the following categories of data:

  • Account Information: Name, email address, and authentication credentials when you register.
  • Habit Data: Habits you create, timer sessions, durations, and timestamps.
  • Usage Data: AI feature usage, credit transactions, and interaction logs.
  • Gamification Data: XP earned, levels, badges, and streak history.
  • Device Information: Device type, operating system, and app version for troubleshooting.
  • Payment Information: Subscription status (processed by Apple App Store / Google Play — we do not store payment card details).

3. How We Use Your Information

  • To provide and maintain the HabitDNA service
  • To generate AI-powered insights, reports, and coaching (via OpenAI)
  • To calculate streaks, XP, levels, and badges
  • To manage your subscription and AI credit balance
  • To send notifications (habit reminders, streak warnings, reports)
  • To improve our service through aggregated, anonymized analytics

4. AI Data Processing

When you use AI features (Daily Insights, Weekly Reports, Chat Coach), your habit history and stats are sent to OpenAI's API to generate personalized responses. We send only the minimum data necessary. OpenAI processes this data according to their API data usage policy and does not use it to train their models.

5. Data Storage & Security

  • Data is stored in AWS DynamoDB with encryption at rest
  • All data in transit is encrypted using TLS 1.2+
  • Authentication is handled by AWS Cognito with JWT tokens
  • API keys and secrets are stored in AWS Secrets Manager
  • We implement object-level authorization — you can only access your own data

6. Your Rights

Under GDPR and the India DPDP Act, you have the right to:

  • Access: Request a copy of all your personal data (Data Export)
  • Rectification: Update or correct your personal information
  • Erasure: Delete your account and all associated data
  • Portability: Export your data in a machine-readable format
  • Withdraw Consent: Opt out of optional data processing at any time

To exercise any of these rights, use the in-app settings or contact us.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, all personal data is permanently purged within 30 days. Anonymized, aggregated data may be retained for analytics purposes.

8. Third-Party Services

  • AWS (Amazon Web Services): Infrastructure and authentication
  • OpenAI: AI-powered habit coaching features
  • Apple App Store / Google Play: Payment processing for subscriptions

9. Contact

For privacy-related inquiries, contact our Data Protection Officer at our contact page or email privacy@habitdna.app.