HabitUp respects your privacy and is committed to protecting your personal data. This policy explains what we collect, how we use it, and your rights.

1. Data We Collect

• Account Information: Name, profile picture, email address, and password hash.
• Journals & Reflections (Encrypted): Encrypted on your device using a PBKDF2-derived key and AES-GCM; stored on our servers as ciphertext. We cannot read or decrypt this content.
• Tasks & Mood Logs (Clear Text): Stored unencrypted to enable reminders, charts, and related features.
• Metadata: Device information, IP address, timestamps, and technical logs for security and troubleshooting.

2. How We Use Your Data

• To provide, maintain, and improve the Service, including sync across devices.
• To personalize your account using your name and profile picture.
• To support features such as reminders and mood tracking.
• We do not sell your personal data or use your content for advertising.

3. Encryption & Security

• Client-side encryption for journals & reflections (PBKDF2 + AES-GCM). Only you can decrypt this content.
• Transport security via HTTPS; secure server storage and access controls.
• We cannot reset your passphrase or recover encrypted content if the passphrase is lost.

4. Legal Bases & Consent

• We rely on your consent to process personal data, including profile information, tasks, mood logs, and encrypted journals.
• You may withdraw consent at any time by wiping your data or deleting your account (see Sections 7 and 8).

5. Your Rights

Depending on your location (e.g., India’s DPDP Act, EU GDPR), you may:

• Access and update your profile information.
• Export your data (including encrypted journals and reflections).
• Request deletion of your data.
• Withdraw consent and stop using the Service.

You can manage these rights via the in-app Settings or by contacting us.

6. Data Retention

• Encrypted journals, reflections, tasks, and mood logs are deleted immediately when you trigger a data wipe in the app.
• Your account and basic profile information (name, profile picture, email) remain so your account stays active unless you choose full account deletion.
• If you delete your account, all associated data (including profile information) is erased from our servers within [30 days].

7. Cross-Border Data

Servers or processors may be located outside your home country. We implement safeguards to protect your data in accordance with applicable laws.

8. Children

The Service is not intended for children under [16/18]. If we become aware that we have collected such data, we will delete it.

9. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated in-app or by email.

10. Contact

Email: info@habitup.app