Privacy Policy

1. Introduction

HabitCove (habitcove.com), operated by Prince Kumar Pankaj, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mindfulness habit tracking service.

2. Information We Collect

We collect information that you provide directly to us:

• Account Information: First name, last name, email address, gender, and password when you register.
• Profile Information: Any additional details you add to your profile.
• Usage Data: Habits, dreams, to-do items, weekly/monthly intentions, and other data you create within the Service.
• Payment Information: When you subscribe to a paid plan, payment details are collected and processed securely by our payment gateway (Razorpay). We do not store your full credit card, debit card, UPI ID, or bank account details on our servers.
• Device & Log Data: IP address, browser type, operating system, device type, and access timestamps for security and analytics purposes.

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Consent: You provide explicit consent when you register for an account and agree to our Terms & Conditions.
• Contract Performance: Processing is necessary to provide the Service you subscribed to.
• Legitimate Interest: We process certain data (usage analytics, security logs) to improve and secure the Service.
• Legal Obligation: We may process data to comply with applicable laws, including the Information Technology Act, 2000.

4. How We Use Your Information

• To provide, maintain, and improve the Service.
• To process transactions and send related billing information.
• To send you transactional emails (account verification, password resets, payment receipts, subscription renewal reminders).
• To respond to your comments, questions, and support requests.
• To monitor and analyze usage patterns to enhance user experience.
• To detect, investigate, and prevent fraudulent or unauthorized activities.

5. Data Sharing & Third Parties

We do not sell your personal information. We may share your data only in these circumstances:

• Payment Processing: Razorpay receives your payment details solely to process transactions on our behalf. Razorpay is a PCI-DSS compliant payment gateway. Please refer to Razorpay's Privacy Policy for details on how they handle your payment data.
• Cloud Infrastructure: We use Amazon Web Services (AWS) to host and store data securely.
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

6. Cross-Border Data Transfer

Your data is stored on Amazon Web Services (AWS) servers. While we prioritize using AWS regions closest to India (Mumbai region), certain backup or processing services may involve data being transferred to servers located outside India. By using the Service, you consent to such transfers. We ensure that appropriate safeguards are in place, including encryption in transit and at rest, to protect your data regardless of where it is processed.

7. Data Security

We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), hashed passwords (bcrypt), secure cloud infrastructure (AWS), and access controls. Payment data is handled exclusively by Razorpay and is never stored on our servers. While we strive to protect your information, no method of electronic transmission or storage is 100% secure.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., financial transaction records as per Indian tax regulations, which may be retained for up to 7 years).

9. Account Deletion

You have the right to permanently delete your account and all associated personal data. Here is what happens when you request account deletion:

• How to Delete: Go to Settings → Delete Account within the app. Type "DELETE" to confirm.
• Processing Period: Your request enters a 10-day review period.
• Activity-Based Processing: If you continue to log in or use the app after submitting the request, it will be considered withdrawn and your account will remain active. Deletion only proceeds if no further activity is detected during the review period.
• Data Deleted: All personal data is permanently removed, including your profile, habits, dreams, to-do items, weekly/monthly intentions, and usage analytics.
• Payment Records: Transaction records processed through Razorpay may be retained by Razorpay as per their policies and applicable financial regulations. We retain minimal transaction records (amount, date, subscription type) for up to 7 years as required by Indian tax law.
• Active Subscriptions: If you have an active paid subscription at the time of deletion, it will be automatically cancelled. No refund will be issued for the remaining unused portion of your billing cycle. We recommend cancelling your subscription first if you wish to use the service until the end of your billing period.
• Backups: Your data may persist in encrypted backups for up to 30 days after deletion, after which it is permanently purged.
• Irreversibility: Once deletion is complete, your data cannot be recovered. A new account must be created to use HabitCove again.

10. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data (subject to legal obligations).
• Export your data in a portable format.
• Withdraw consent for data processing at any time.
• Lodge a complaint with the appropriate data protection authority.

To exercise any of these rights, please contact us at support@habitcove.com.

11. Cookies & Local Storage

HabitCove uses local storage (not cookies) to maintain your authentication session. We do not use third-party tracking cookies, advertising trackers, or any analytics tools that track individual users. No data is shared with advertisers.

12. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you discover that a child has provided us with personal data, please contact us so we can take appropriate action to delete the information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date and, for material changes, by sending an email notification to your registered email address. Continued use of the Service after changes are posted constitutes acceptance.

14. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the Grievance Officer for the purpose of this Privacy Policy is:

• Name: Prince Kumar Pankaj
• Email: grievance@habitcove.com
• Response Time: Within 48 hours of receipt

15. Contact Us

For any privacy-related questions or to exercise your rights, please reach out via our contact page or email us at support@habitcove.com.