Privacy Policy

1. Introduction

HabitCove (habitcove.com), operated by Prince Kumar Pankaj, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mindfulness habit tracking service. This policy applies to our web application at habitcove.com, our Android application available on the Google Play Store, and our iOS application available on the Apple App Store (collectively, "the Service").

2. Information We Collect

We collect information that you provide directly to us:

• Account Information: First name, last name, email address, gender, and password when you register.
• Profile Information: Any additional details you add to your profile.
• Usage Data: Habits, dreams, to-do items, weekly/monthly intentions, and other data you create within the Service.
• Payment Information: When you subscribe to a paid plan, payment details are collected and processed securely by our payment processors. On the web (habitcove.com), we use Razorpay. On Android, we use Google Play Billing. On iOS, we use Apple In-App Purchase. We do not store your full credit card, debit card, UPI ID, or bank account details on our servers.
• Device & Log Data: IP address, browser type, operating system, device type, app version, and access timestamps for security and analytics purposes.
• Push Notification Tokens: On mobile (Android/iOS), we collect a Firebase Cloud Messaging (FCM) token or Apple Push Notification token to deliver habit reminders and other transactional notifications. You can disable notifications at any time from your device's settings.
• Crash & Diagnostic Data: Anonymized crash reports and basic diagnostic data via Firebase Crashlytics to help us identify and fix bugs. This data does not include your personal habit content or identifying information beyond what is necessary to diagnose a crash.
• Product Analytics: Anonymized usage events (e.g., feature opened, screen viewed) are recorded to help us improve the Service. These events do not include your habit content. You can opt out from Settings → Privacy within the app.

2a. Mobile Device Permissions

On Android and iOS, the HabitCove app requests the following device permissions:

• Notifications: To send you habit reminders at the times you schedule. Optional — you may decline.
• Biometric Authentication (Face ID / Fingerprint): Used solely on-device to unlock the app when you enable App Lock. No biometric data is ever transmitted to our servers or stored remotely. The app uses your device's native biometric APIs which keep all biometric data within the device's secure hardware enclave.
• Exact Alarm Scheduling (Android): Required to deliver precise habit reminders at scheduled times.
• Wake Lock & Vibration: Used during habit reminders to deliver notifications reliably.
• Boot Completed (Android): Used to re-register your scheduled reminders after device restart.

The HabitCove app does not request access to your camera, microphone, contacts, location, photos, or any other sensitive permissions. The widget feature, when added to your Android home screen, displays your habit names — please be mindful when adding the widget on a shared device.

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Consent: You provide explicit consent when you register for an account and agree to our Terms & Conditions.
• Contract Performance: Processing is necessary to provide the Service you subscribed to.
• Legitimate Interest: We process certain data (usage analytics, security logs) to improve and secure the Service.
• Legal Obligation: We may process data to comply with applicable laws, including the Information Technology Act, 2000.

4. How We Use Your Information

• To provide, maintain, and improve the Service.
• To process transactions and send related billing information.
• To send you transactional emails (account verification, password resets, payment receipts, subscription renewal reminders).
• To respond to your comments, questions, and support requests.
• To monitor and analyze usage patterns to enhance user experience.
• To detect, investigate, and prevent fraudulent or unauthorized activities.

5. Data Sharing & Third Parties

We do not sell your personal information. We may share your data only in these circumstances:

• Payment Processing — Web: Razorpay receives your payment details solely to process transactions on our behalf. Razorpay is a PCI-DSS compliant payment gateway. Please refer to Razorpay's Privacy Policy.
• Payment Processing — Android: Google Play Billing handles all in-app purchases on Android. Refer to Google's Privacy Policy.
• Payment Processing — iOS: Apple In-App Purchase handles all in-app purchases on iOS. Refer to Apple's Privacy Policy.
• Cloud Infrastructure: We use Amazon Web Services (AWS) to host and store data securely.
• Push Notifications: Firebase Cloud Messaging (Google) for Android and Apple Push Notification Service for iOS deliver habit reminders.
• Crash Reporting: Firebase Crashlytics (Google) receives anonymized crash reports to help us fix bugs.
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

6. Cross-Border Data Transfer

Your data is stored on Amazon Web Services (AWS) servers. While we prioritize using AWS regions closest to India (Mumbai region), certain backup or processing services may involve data being transferred to servers located outside India. By using the Service, you consent to such transfers. We ensure that appropriate safeguards are in place, including encryption in transit and at rest, to protect your data regardless of where it is processed.

7. Data Security

We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), hashed passwords (bcrypt), secure cloud infrastructure (AWS), and access controls. Payment data is handled exclusively by Razorpay and is never stored on our servers. While we strive to protect your information, no method of electronic transmission or storage is 100% secure.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., financial transaction records as per Indian tax regulations, which may be retained for up to 7 years).

9. Account Deletion

You have the right to permanently delete your account and all associated personal data. Here is what happens when you request account deletion:

• How to Delete: Go to Settings → Delete Account within the app. Type "DELETE" to confirm.
• Processing Period: Your request enters a 10-day review period.
• Activity-Based Processing: If you continue to log in or use the app after submitting the request, it will be considered withdrawn and your account will remain active. Deletion only proceeds if no further activity is detected during the review period.
• Data Deleted: All personal data is permanently removed, including your profile, habits, dreams, to-do items, weekly/monthly intentions, and usage analytics.
• Payment Records: Transaction records processed through Razorpay may be retained by Razorpay as per their policies and applicable financial regulations. We retain minimal transaction records (amount, date, subscription type) for up to 7 years as required by Indian tax law.
• Active Subscriptions: If you have an active paid subscription at the time of deletion, it will be automatically cancelled. No refund will be issued for the remaining unused portion of your billing cycle. We recommend cancelling your subscription first if you wish to use the service until the end of your billing period.
• Backups: Your data may persist in encrypted backups for up to 30 days after deletion, after which it is permanently purged.
• Irreversibility: Once deletion is complete, your data cannot be recovered. A new account must be created to use HabitCove again.

10. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data (subject to legal obligations).
• Export your data in a portable format.
• Withdraw consent for data processing at any time.
• Lodge a complaint with the appropriate data protection authority.

To exercise any of these rights, please contact us at support@habitcove.com.

11. Cookies, Local Storage & Analytics

On the web, HabitCove uses local storage (not cookies) to maintain your authentication session. We do not use third-party advertising trackers, behavioural retargeting cookies, or any cross-site tracking technology. No data is shared with advertisers.

On mobile, we use Firebase Crashlytics for anonymized crash reporting and a first-party product analytics service that records anonymized usage events (e.g., screen viewed, feature opened) to help us improve the Service. Habit content, journal entries, and to-do items are never sent to analytics services. You can opt out of product analytics from Settings → Privacy within the app.

12. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you discover that a child has provided us with personal data, please contact us so we can take appropriate action to delete the information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date and, for material changes, by sending an email notification to your registered email address. Continued use of the Service after changes are posted constitutes acceptance.

14. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the Grievance Officer for the purpose of this Privacy Policy is:

• Name: Prince Kumar Pankaj
• Email: grievance@habitcove.com
• Response Time: Within 48 hours of receipt

15. Contact Us

For any privacy-related questions or to exercise your rights, please reach out via our contact page or email us at support@habitcove.com.