Privacy Policy

Last Updated: July 29, 2025

1. Information We Collect

1.1 User-Provided Information

WhatsApp Platform:

• Your phone number (only when you message Luna through WhatsApp)
• Messages and interactions with our chatbot
• Mood tracking data and journal entries
• Survey responses and assessments

Mobile Application:

• Account information (email address, profile data)
• Mood tracking entries and journal content
• Challenge participation and completion data
• Assessment responses and survey data
• Photos uploaded for profile or mood entries (with permission)
• Audio recordings when using voice features
• In-app messages and chat history with Luna

1.2 Automatically Collected Information

WhatsApp Platform:

• Usage patterns and conversation history
• Interaction timestamps
• Technical information about your device and connection

Mobile Application:

• Device information (device type, operating system, unique device identifiers)
• App usage analytics and interaction patterns
• Performance metrics (app launch times, feature usage, crash reports)
• Location data (only if explicitly granted permission)
• Push notification tokens for message delivery
• App version and update information
• Session duration and frequency of use
• Feature engagement metrics
• Error logs and diagnostic information

1.3 Analytics and Performance Data

We collect analytics data through:

• Firebase Analytics: User engagement, app performance, and usage patterns
• Firebase Performance Monitoring: App launch times, screen load times, and technical performance
• Meta Analytics (Facebook): User acquisition, engagement, and advertising effectiveness
• Crashlytics: Error reporting and app stability monitoring

This data helps us improve your experience and includes:

• App navigation patterns
• Feature usage statistics
• Performance benchmarks
• User retention metrics
• Onboarding completion rates
• Challenge and mood tracking engagement

2. How We Use Your Information

Core Services:

• To provide personalized chat responses and support
• To improve our chatbot's understanding and effectiveness
• To analyze usage patterns and enhance user experience
• To maintain conversation context and history
• To deliver push notifications and reminders

App Functionality:

• To synchronize your data across devices
• To provide personalized insights and recommendations
• To track your progress in challenges and mood patterns
• To generate analytics and performance metrics
• To troubleshoot technical issues and improve app stability
• To send you relevant notifications about your wellness journey

Business Operations:

• To process subscription payments and manage billing
• To provide customer support
• To comply with legal obligations
• To prevent fraud and ensure security

3. WhatsApp-Specific Privacy Information

3.1 WhatsApp Integration

• We integrate with WhatsApp through the WhatsApp Business API
• Your conversations within WhatsApp benefit from WhatsApp's end-to-end encryption
• Your phone number is processed and stored according to both our privacy policies and WhatsApp's
• WhatsApp message history storage follows WhatsApp's Business API policies

3.2 Data Shared with WhatsApp

• Your phone number (required for service delivery)
• Message delivery status information
• Service usage metrics (frequency, timing of interactions)

3.3 WhatsApp Message Encryption

• WhatsApp provides end-to-end encryption for all messages within their platform
• Once a message reaches our systems, we apply our own encryption standards
• No one, including WhatsApp, can read the content of messages while in transit
• WhatsApp cannot access the content of your messages with our service

4. Mobile App Privacy Information

4.1 Permissions We Request

• Camera & Photos: To allow you to upload images for your profile and mood entries
• Notifications: To send you wellness reminders and important updates
• Storage: To cache data for offline functionality
• Network Access: To sync your data and communicate with our servers
• Device ID: To provide personalized experiences and prevent fraud

4.2 App Data Storage

• All app data is encrypted both in transit and at rest
• Local device storage uses secure encryption methods
• Cloud synchronization is protected with industry-standard security

4.3 Third-Party App Integrations

• Apple Sign-In: We receive your Apple ID and email (if shared)
• Google Sign-In: We receive your Google account information for authentication
• RevenueCat: For subscription management and billing processing
• Facebook SDK: For analytics and advertising attribution (no personal data shared)

5. Data Storage and Security

Encryption:

• All data is encrypted in transit using TLS 1.3
• Data at rest is encrypted using AES-256 encryption
• WhatsApp messages benefit from end-to-end encryption while in WhatsApp's systems
• App data is stored in secure, encrypted databases

Storage Locations:

• Conversation history and app data: Secure cloud servers (AWS/MongoDB Atlas)
• Analytics data: Firebase and Meta secure servers
• Payment information: RevenueCat secure servers (we don't store payment details)
• Local app cache: Encrypted on your device

Data Retention:

• Chat histories: 90 days
• App usage analytics: 12 months
• User profiles: Until account deletion requested
• Crash logs and performance data: 6 months
• Payment records: As required by law (typically 7 years)

6. Data Sharing and Third-Party Services

We use the following services to provide our app functionality:

Core Services:

• AWS Bedrock for natural language processing
• MongoDB Atlas for secure data storage
• Redis for performance caching
• WhatsApp Business API for message delivery

Mobile App Services:

• Firebase (Google) for analytics, performance monitoring, and crashlytics
• RevenueCat for subscription management
• Expo for app deployment and updates
• Meta (Facebook) for advertising analytics

Authentication Services:

• Google OAuth for Google Sign-In
• Apple Sign-In for Apple authentication
• Firebase Authentication for account management

Important: We never sell your personal data to third parties. Data sharing is limited to essential service providers under strict data processing agreements.

7. Your Rights and Controls

You have the right to:

• Access your personal data and download your information
• Delete your account and all associated data
• Modify your privacy settings and notification preferences
• Opt out of analytics tracking (with limited app functionality)
• Export your conversation history and app data
• Control camera, photo, and notification permissions
• Manage subscription and billing information

To exercise these rights:

• Use in-app settings for most privacy controls
• Contact support@habitize.com for data deletion requests
• Adjust device-level permissions in your phone settings

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your privacy rights according to applicable laws.

9. Data Retention

• Chat histories: 90 days
• User profiles: Until account deletion
• Analytics data: 12 months
• Message metadata: 6 months

10. Changes to This Policy

We reserve the right to update this policy. Users will be notified of any significant changes through:

• In-app notifications
• Email notifications (if email provided)
• WhatsApp messages (for WhatsApp users)
• Updated policy posted on our website

11. Contact Information

For privacy-related queries, data requests, or concerns:

• Email: support@habitize.club
• Website: https://www.habitize.app/