Privacy Policy

Effective date: March 13, 2026

1. Introduction

This Privacy Policy explains how HabitGrip ("we," "us," or "our") collects, uses, shares, and protects your personal data when you use the HabitGrip mobile application (the "App").

HabitGrip is designed as a local-first application — your data is stored on your device by default and never leaves it unless you explicitly opt in to cloud sync. We are committed to protecting your privacy and complying with applicable data protection laws, including the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Data Controller

The data controller responsible for your personal data is:

HabitGrip LLC
United States
Email: support@habitgrip.com

3. Data We Collect

Account Data

When you create an account, we collect your email address, display name, and authentication provider (e.g., Google, Apple, Facebook). This data is processed by our authentication provider, Supabase.

Habit and Activity Data

Your habits, tasks, activity logs, goals, tags, and related data are stored locally on your device using SQLite. If you opt in to cloud sync (Ultra plan), this data is also stored on our servers via Supabase.

Usage Analytics (With Your Consent)

With your explicit consent, we collect anonymous usage analytics via Firebase Analytics, including screen views and feature usage. This data does not include your personal habit information and is used solely to improve the app experience.

Crash Reports

We collect crash reports and error logs via Firebase Crashlytics to identify and fix technical issues. This data includes device type, operating system version, and stack traces. No personal habit data is included in crash reports.

Subscription Data

If you subscribe to a paid plan, subscription management is handled by RevenueCat. We receive information about your subscription status, plan type, and transaction identifiers. We do not receive or store your payment card details — those are handled directly by the Apple App Store or Google Play Store.

Device Information

We collect basic device information including operating system, app version, and device model for compatibility and debugging purposes.

Tracking Technologies

Firebase Analytics uses mobile advertising identifiers (IDFA on iOS, GAID on Android) solely for anonymous usage analytics, and only with your explicit consent. You can reset or disable these identifiers in your device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads). We do not use cookies, web beacons, or pixels as the App is not web-based.

4. Information We Do Not Collect

We do not collect geolocation, contacts, photos, health data, financial information, or browsing history. We do not use device fingerprinting or cross-app tracking.

Android Device Backups

If you use an Android device with the system "Backup" feature enabled (Settings > System > Backup), the Android operating system may automatically back up app data — including your local database — to your Google account. This backup is controlled by your device settings, not by HabitGrip. To prevent this, you can disable backup for this app or turn off device backup entirely in your Android settings.

5. How We Use Your Data

We use your personal data for the following purposes:

• To provide and operate the App and its features
• To create and manage your user account
• To sync your data across devices (if enabled)
• To process and manage subscriptions
• To send you notifications and reminders (if enabled)
• To analyze app usage and improve our services (with consent)
• To diagnose and fix technical issues
• To respond to your support requests

We do not sell your personal information. We do not use your data for advertising or behavioral profiling.

We do not use automated decision-making or profiling as defined under GDPR Article 22.

6. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data on the following legal bases:

• Consent (Article 6(1)(a)): For usage analytics and marketing communications. You can withdraw consent at any time through the app settings.
• Contract Performance (Article 6(1)(b)): To provide the App's core features, manage your account, and process subscriptions.
• Legitimate Interests (Article 6(1)(f)): For security and fraud prevention. Our legitimate interest is to maintain a stable, secure app experience. Where we rely on legitimate interests, you have the right to object under Article 21.

Crash reporting and usage analytics are processed based on your consent (Article 6(1)(a)). You can enable or disable these at any time in Settings > Tracking Preferences.

7. Third-Party Services

We use the following third-party services to operate the App. Each acts as a data processor on our behalf:

• Supabase — Authentication and cloud data storage. Privacy Policy.
• Firebase (Google) — Analytics and crash reporting. Privacy Policy.
• RevenueCat — Subscription management. Privacy Policy.

We maintain Data Processing Agreements (DPAs) with each provider as required by the GDPR.

8. International Data Transfers

Your data may be transferred to and processed outside the European Economic Area (EEA). We use the following infrastructure:

• Supabase — Authentication and cloud data are hosted in the EU (Frankfurt, Germany) region.
• Firebase (Google Cloud) — Analytics and crash report data may be processed in the United States. Google operates under the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs).
• RevenueCat — Subscription data is processed in the United States under Standard Contractual Clauses (SCCs).

For all transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the EU-US Data Privacy Framework, to ensure an adequate level of data protection.

9. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

• Account data: Until you delete your account
• Habit data (local): Stored on your device until you uninstall the app or delete the data
• Habit data (cloud): Until you delete your account or request erasure
• Analytics data: Retained by Firebase for up to 14 months
• Crash reports: Retained by Firebase for up to 90 days

Upon account deletion, personal data is removed from our servers within 30 days. Anonymized analytics data may be retained. Database backups containing your data are purged within 90 days of deletion.

10. Your Rights

Under the GDPR and other applicable data protection laws, you have the following rights:

• Right of Access (Article 15): Request a copy of your personal data
• Right to Rectification (Article 16): Correct inaccurate personal data
• Right to Erasure (Article 17): Request deletion of your data. You can delete your account at any time in Settings
• Right to Data Portability (Article 20): Export your data in a structured, machine-readable format using the Backup feature in Settings
• Right to Object (Article 21): Object to data processing based on legitimate interests
• Right to Restrict Processing (Article 18): Request restriction of processing in certain circumstances
• Right to Withdraw Consent: Withdraw consent for analytics at any time in Settings > Tracking Preferences. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
• Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority

To exercise any of these rights, contact us at support@habitgrip.com. We will respond to your request within 30 days, as required by applicable law.

11. Your California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information. You can delete your account at any time in Settings, or contact us at support@habitgrip.com.
• Right to Opt-Out of Sale: We do not sell your personal information to third parties. As such, there is no need to opt out of any sale.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. All app features remain available regardless of your privacy choices.

You can manage your analytics and crash reporting preferences at any time in Settings > Tracking Preferences. To submit a verifiable consumer request, contact us at support@habitgrip.com.

12. Disclaimer

The App is intended for general informational and productivity purposes only. It is not a substitute for professional medical, psychological, financial, or other expert advice.

If you have questions or concerns about your health, mental well-being, or any other professional matter, you should consult a qualified professional. Do not disregard professional advice or delay seeking it because of information or habits tracked in the App.

We make no guarantees regarding specific results or outcomes from using the App.

13. Children's Privacy

The App is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can delete it.

14. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Data transmitted between your device and our servers is encrypted using TLS/SSL. Your local data is stored in an encrypted SQLite database on your device.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay, as required by GDPR Articles 33 and 34.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Effective Date" at the top of this policy and, where appropriate, providing notice within the App. Your continued use of the App after any changes constitutes acceptance of the updated policy.

For users in the European Economic Area: Material changes to this Privacy Policy will require your renewed consent. We will present the updated policy for your review before continuing to process your data under the new terms.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:
Email: support@habitgrip.com
HabitGrip LLC
United States