Privacy Policy
Effective date: March 24, 2026 · Last updated: March 24, 2026
HabitPact ("we", "us", "our") is a habit tracking mobile application and website operated by an individual developer based in Poland, European Union. We take your privacy seriously. This policy explains what personal data we collect, why we collect it, and what rights you have over it.
This policy covers both the HabitPact mobile app (available on the Apple App Store and Google Play) and the HabitPact website at gethabitpact.com.
1. Data We Collect
1.1 Account Data
When you create an account, we collect:
- Email address — used for authentication and account recovery.
- Password — stored in hashed form; we never see or store your plaintext password.
- Apple ID token (if you sign in with Apple) — used solely for authentication. We receive only the information Apple shares (typically a unique identifier and, optionally, your email).
1.2 Habit and Goal Data
When you use the app, we store the data you create:
- Habits (names, schedules, weights, scopes)
- Goals (names, date ranges, assigned habits, reward tiers)
- Check-ins (which habits you completed on which dates)
- Rewards (descriptions and optional photos you upload)
1.3 Pair Mode Data
If you use Pair Mode, you link your account with a partner. Both of you can see shared habit data (habits marked as "pair" scope, joint check-ins, and shared goal progress). We store the pairing relationship to enable this feature.
1.4 Push Notification Tokens
If you enable notifications, we store your device push token to send you reminders. You can disable notifications at any time in your device settings or in the app.
1.5 Purchase Data
In-app purchases and subscriptions are processed by Apple (App Store) or Google (Google Play) and managed through RevenueCat. We receive a transaction identifier and subscription status. We do not receive or store your payment card details.
1.6 Website Analytics
Our website at gethabitpact.com uses PostHog for privacy-friendly analytics. PostHog runs in cookie-less mode on our site, meaning it does not place cookies on your browser and does not track you across websites. We collect aggregated, anonymous usage statistics (page views, referral sources, device type) to understand how visitors use our website. No personal data is collected through website analytics.
1.7 Data We Do Not Collect
- We do not collect your precise location.
- We do not collect contacts, photos (except reward photos you voluntarily upload), or health data.
- We do not collect data from other apps on your device.
- We do not use advertising trackers or tracking cookies.
2. Why We Collect Your Data
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide and operate the app | Account data, habit/goal data, check-ins | Contract performance (Art. 6(1)(b)) |
| Enable Pair Mode | Pair linking data, shared habits | Contract performance (Art. 6(1)(b)) |
| Send push notification reminders | Device push token | Consent (Art. 6(1)(a)) |
| Process in-app purchases | Transaction ID, subscription status | Contract performance (Art. 6(1)(b)) |
| Improve the website | Anonymous, aggregated analytics | Legitimate interest (Art. 6(1)(f)) |
| Respond to support requests | Email address, conversation content | Legitimate interest (Art. 6(1)(f)) |
| Comply with legal obligations | As required by law | Legal obligation (Art. 6(1)(c)) |
3. Third-Party Services
We use a limited number of third-party services to operate HabitPact. We do not sell your data to anyone. Here are the services that may process your data:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Supabase | Database, authentication, backend infrastructure | All app data (stored on Supabase cloud servers) | supabase.com/privacy |
| RevenueCat | In-app purchase and subscription management | Anonymous app user ID, purchase transactions | revenuecat.com/privacy |
| PostHog | Website analytics (cookie-less) | Anonymous page view data (no personal data) | posthog.com/privacy |
| Expo (Push Notifications) | Delivering push notifications | Device push token, notification content | expo.dev/privacy |
| Apple / Google | App distribution, authentication (Apple Sign In), payments | As per their respective platform policies | apple.com/privacy, google.com/privacy |
4. Data Storage and Security
Your data is stored on Supabase cloud infrastructure. Supabase uses industry-standard security measures including encryption at rest and in transit (TLS/SSL). Our database enforces Row Level Security (RLS) policies, ensuring that users can only access their own data (and shared data with their paired partner).
Authentication passwords are hashed using secure, industry-standard algorithms. We never store or have access to your plaintext password.
While we take reasonable measures to protect your data, no system is 100% secure. If you become aware of any security issue, please contact us immediately at contact@gethabitpact.com.
5. Data Retention
- Account data — retained for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days.
- Habit and goal data — retained for as long as your account is active and deleted when you delete your account.
- Push notification tokens — deleted when you disable notifications or delete your account.
- Purchase records — transaction identifiers are retained for as long as required for subscription management and legal/tax obligations.
- Website analytics — anonymous, aggregated data with no personal identifiers; retained indefinitely.
- Support correspondence — retained for up to 2 years after the last communication for quality and legal purposes.
6. Your Rights
Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — ask us to delete your personal data. You can also delete your account directly from within the app (Settings), which permanently removes all your data.
- Right to restriction of processing — ask us to temporarily limit how we use your data.
- Right to data portability — request your data in a structured, machine-readable format (JSON).
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent (e.g., push notifications), you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email us at contact@gethabitpact.com. We will respond within 30 days.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Poland, that is the UODO (Urząd Ochrony Danych Osobowych).
7. Cookies
Mobile app: The HabitPact app does not use cookies.
Website: Our website at gethabitpact.com does not use tracking cookies. We use PostHog in cookie-less mode for analytics, which means no cookies are placed on your browser for analytics purposes. The website may use essential, strictly necessary cookies (such as for security or load balancing) as part of standard web hosting, but we do not use any advertising, marketing, or third-party tracking cookies.
8. International Data Transfers
Our third-party service providers (Supabase, RevenueCat, Expo, PostHog) may process data outside of the European Economic Area (EEA). Where this occurs, transfers are protected by appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider operates in a country with an adequacy decision. You can request more details about these safeguards by contacting us.
9. Children's Privacy
HabitPact is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at contact@gethabitpact.com and we will promptly delete that data.
10. Changes to This Policy
We may update this privacy policy from time to time. When we make significant changes, we will notify you through the app or by email. The "Last updated" date at the top of this page will always reflect the most recent revision. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions about this privacy policy or how we handle your data, please contact us:
- Email: contact@gethabitpact.com
- Website: gethabitpact.com