Habitao

Privacy Policy

Effective date: January 28, 2026

Habitao is designed to be privacy-friendly: no accounts, no advertising tracking, and your content stays on your device.

1) Overview

We built Habitao to respect your privacy:

No accounts or logins
No backend servers run by us
No advertising tracking
Your app content is stored locally on your device

This policy explains what data we (and our service providers for subscriptions, payments, and analytics) process.

2) Data we collect

We do not operate our own backend for the App and do not collect or store your habit content on our own servers.

The App stores your content (for example: tasks, notes, lists, preferences) on-device.

We collect limited usage analytics through PostHog to understand how the App is used (see Section 3.3 and Section 5).

If you contact us at support@habitao.app or privacy@habitao.app, we receive your email address and message content so we can respond.

When you visit our website, our hosting and infrastructure providers may process basic request logs (such as IP address and user-agent) to deliver the site and protect it from abuse. We do not run analytics or advertising tracking.

3) Data processed by third parties (subscriptions, payments, analytics)

Even though we do not run a backend, subscriptions and analytics rely on third-party services:

3.1 Apple (In-App Purchase)

Purchases and subscriptions are processed by Apple. Apple may process purchase information (including payment method details) under Apple's own policies. We do not receive your full payment details.

3.2 RevenueCat (subscription management)

We use RevenueCat to manage subscriptions and entitlements (for example, to check whether premium is active and to restore purchases). RevenueCat may process limited information such as:

an anonymous App User ID (generated by the SDK);
purchase/entitlement status and transaction/receipt-related information;
device/technical information (for example, device identifiers, app version);
IP address (commonly used for fraud prevention or region rules).

This information is used to operate subscriptions, prevent fraud, and provide purchase restoration.

3.3 PostHog (product analytics)

We use PostHog to understand how the App is used and to improve it. We configure PostHog to use EU data residency. We do not use session replay, feature flags, experiments, or surveys.

PostHog may process:

event data we send (for example: onboarding completion, habit created, screen viewed, paywall viewed);
a pseudonymous device/app identifier (distinct_id);
device and app metadata (OS version, device model, app version, locale, time zone);
IP address and derived location (such as city/region/country) used for security and analytics.

We do not send your habit content or personal profile information to PostHog.

4) Legal bases (GDPR)

Under GDPR, we rely on the following legal bases for limited processing:

Performance of a contract (to provide the App and purchased features, including restoring purchases).
Legitimate interests (to prevent fraud, maintain security, operate the App and site, and understand how the App is used).
Legitimate interests (to respond to support and privacy requests sent to support@habitao.app or privacy@habitao.app).
Consent (if required by applicable law for certain optional analytics features).

5) Analytics, ads, and tracking

We use PostHog analytics in the App to measure retention and improve features (see Section 3.3).

We do not run ads in the App.

We do not sell personal information.

We do not use third-party ad tracking or cross-app tracking.

If we add additional analytics features (such as session replay) or crash reporting, this policy will be updated first.

6) Device backups (iCloud / computer backups)

If you enable device backups, your operating system may include App data in backups (such as iCloud or computer backups). Those backups are managed by Apple or your OS provider, not by us.

7) Data retention

We do not store your app content on our servers.

Third-party providers (Apple / RevenueCat / PostHog) retain data according to their own retention policies, as needed for purchases, compliance, analytics, and fraud prevention.

8) Security

We take reasonable measures within the App to protect data stored on your device. No system is 100% secure, and we cannot guarantee absolute security.

9) Your choices and rights

Because we do not maintain user accounts or store your content on our servers:

You can typically delete your App data by deleting the App (and/or clearing storage in device settings where available).
Subscription management (cancel/renew) is handled in your Apple ID / App Store subscription settings.
If you have privacy questions, contact us at privacy@habitao.app.

10) Your data protection rights (EU/EEA)

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, and data portability.

Because Habitao does not store your habit content on our servers, we may have limited ability to access or delete app content beyond what you control on your device. For purchase or subscription data, Apple and RevenueCat handle much of this processing; you may need to contact them directly.

11) Complaints

If you are in the EU/EEA, you have the right to lodge a complaint with your local supervisory authority. In Bulgaria, this is the Commission for Personal Data Protection (CPDP).

12) International transfers

RevenueCat and Apple may process data on servers in different countries. They use safeguards as required by applicable laws.

13) Children's privacy

The App is not intended for children under 13, and we do not knowingly collect personal information from children.

14) Changes to this Privacy Policy

We may update this policy from time to time. We will update the effective date and, if changes are material, provide notice in the App.

15) Contact

For privacy questions, contact us at privacy@habitao.app.

Developer: Ivelin Ivanov