Privacy Policy

1. Account Information

When you create an account, we collect:

• Email address: Required for account creation (optional for Apple Sign-In users as a privacy feature)
• Username: Required, unique identifier
• Password: Stored securely using industry-standard encryption. Apple Sign-In users do not need to set a password
• Full name: Optional
• Phone number and country code: Optional
• Identity statement: Optional (user-defined text describing the person you strive to be)
• Apple User ID: If you sign in with Apple, we collect your Apple User ID to link your account

2. Habit Tracking Data

To provide our core habit tracking functionality, we collect:

• Habit information: Titles, descriptions, categories, tracking types, measures/units, priority levels, colors, emojis, and whether the habit is positive or negative (quit habit)
• Habit entries: Daily performance data, dates, completion amounts/times, associated notes, and references to habits, targets, goals, and users
• Target data: Habit targets, timeframes (daily, weekly, custom intervals), schedules, date ranges, and completion status
• Goals and milestones: Goal titles, descriptions, targets, completion status, associated milestones, and linked habits
• Streak information: Current and longest streaks for each habit
• Achievement data: Achievement history, unlocked levels, achievement dates, and associated habit information
• Archived habits: Habits that have been archived but not deleted

3. Onboarding Information

During the onboarding process, we collect:

• User preferences: Answers to onboarding questions (multiple choice selections and free text responses)
• Selected options: Your choices during the onboarding flow
• AI-generated suggestions: Based on your onboarding responses, we use AI technology to generate personalized habit suggestions. Your onboarding answers and profile information are sent to our AI service provider for this purpose.

4. Notification Preferences

We collect your notification settings including:

• Global notification preferences: Enabled/disabled status
• Quiet hours: Start and end times
• Notification types: Sound, vibration, badge count preferences
• Reminder settings: Streak reminders, weekly summaries, achievement notifications, motivational messages, and reminder if missed
• Per-habit notification preferences: Custom notification times and settings for individual habits

5. Usage and Performance Data

We automatically collect:

• Experience points: Gamification points earned through habit completion
• Level information: User level, current level XP, next level XP, and progression data
• Statistics: Performance metrics, completion rates, daily scores, longest streaks by habit, and time-based analytics
• Habit sort order: Your preferred sorting method for habits

6. Authentication Data

• Authentication tokens: Stored securely on your device using encrypted storage for authentication purposes
• Apple identity tokens: Used for Apple Sign-In authentication and verification
• Google tokens: If Google Sign-In is enabled (currently disabled in the app)

7. Device and Technical Information

• Device identifiers: Through Adapty (subscription management service), though we have configured Adapty to disable IP address collection and Apple IDFA collection where possible
• App version: For compatibility and support purposes

8. Guest Account Data

If you use the App as a guest:

• Temporary username: Auto-generated temporary identifier
• Temporary email: Auto-generated temporary email address
• Onboarding data: Your onboarding responses and suggested habits
• Habit data: Any habits created during guest usage

Guest accounts can be converted to permanent accounts through email verification or with Apple Sign In.

Local Storage

• Secure Storage: Authentication tokens are stored using encrypted storage on your device
• Local Preferences: Notification preferences and habit sort order are stored locally on your device for quick access

Cloud Storage

Your data is stored on secure servers:

• Database: MongoDB Atlas (cloud database service)
• Backend API: Hosted on Render.com
• Data Transmission: All data transmission uses HTTPS encryption

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption: Data in transit is encrypted using industry-standard encryption protocols
• Password Security: Passwords are encrypted and never stored in plain text
• Authentication: Secure authentication mechanisms with token expiration
• Access Controls: Our systems require authentication for access to user data
• Secure Storage: Sensitive data is stored using encrypted storage

Data Retention

• Active Accounts: We retain your personal information for as long as your account is active and you use our services
• Deleted Accounts: When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal or legitimate business purposes (e.g., transaction records)
• Guest Accounts: Guest account data may be deleted if not converted to a permanent account within a reasonable period

1. Adapty (Subscription Management)

• Purpose: Manages in-app subscriptions and purchases
• Data Collected: Purchase transaction data, subscription status, user identification (user ID)
• Privacy Settings: We have configured Adapty to disable IP address collection and Apple IDFA collection where possible
• Privacy Policy: https://adapty.io/privacy/
• Note: Adapty is only activated on mobile platforms (iOS/Android), not on web

2. Apple Sign-In

• Purpose: Authentication service allowing you to sign in with your Apple ID
• Data Collected: Apple User ID, email (optional - you can choose to hide your email), full name (if provided)
• Privacy Features: Email address is optional and can be hidden for privacy. If you sign in with Apple, your email cannot be changed through the App (managed by Apple)
• Privacy Policy: https://www.apple.com/privacy/

3. OpenAI (AI-Powered Habit Suggestions)

• Purpose: Generates personalized habit suggestions based on your onboarding responses
• Data Sent: Your profile information (name, identity statement, goals) and onboarding question answers
• Data Received: Personalized habit suggestions
• Privacy Policy: https://openai.com/policies/privacy-policy
• User Control: You can choose not to use AI-generated suggestions during onboarding

4. Brevo (Email Delivery Service)

• Purpose: Sends email verification codes for guest account conversion
• Data Processed: Your email address and verification codes
• Service Provider: Brevo (formerly Sendinblue)
• Privacy Policy: https://www.brevo.com/legal/privacypolicy/
• Data Usage: Email addresses are used solely for sending verification codes and are not used for marketing purposes

5. MongoDB Atlas (Database Hosting)

• Purpose: Cloud database service that stores your account and habit data
• Data Stored: All user account information, habits, entries, goals, achievements, and preferences
• Privacy Policy: https://www.mongodb.com/legal/privacy-policy
• Security: MongoDB Atlas provides enterprise-grade security and encryption

6. Render.com (Backend Hosting)

• Purpose: Hosts our backend API that processes your data
• Data Processed: All API requests and responses
• Privacy Policy: https://render.com/privacy
• Security: Render.com provides secure cloud hosting infrastructure

How to Exercise Your Rights

To exercise any of these rights, please contact us at support@galbit.app. We will respond to your request within a reasonable timeframe and in accordance with applicable data protection laws.

For account deletion, you can use the "Delete Account" feature in the App's Edit Profile section, or contact our support team.

Notifications

• Purpose: To send you local notifications for habit reminders, streak reminders, weekly summaries, achievement notifications, and motivational messages based on your preferences
• User Control: You can enable or disable notifications at any time through App settings. You can also configure quiet hours, notification types (sound, vibration, badge), and per-habit notification preferences
• Permission Screen: The App includes a dedicated screen requesting notification permissions with clear explanation

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: You have the right to request access to your personal data
• Right to Rectification: You have the right to request correction of inaccurate or incomplete data
• Right to Erasure: You have the right to request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: You have the right to request restriction of processing of your personal data
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format
• Right to Object: You have the right to object to processing of your personal data
• Right to Withdraw Consent: You have the right to withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@galbit.app. We will respond within one month of receiving your request.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to know what personal information is collected, used, shared, or sold
• Right to Delete: You have the right to request deletion of your personal information
• Right to Opt-Out: You have the right to opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: You have the right to non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us at support@galbit.app. We do not sell your personal information to third parties.

Other Jurisdictions

We strive to comply with applicable data protection laws in all jurisdictions where we operate. If you have questions about your privacy rights in your jurisdiction, please contact us at support@galbit.app.