Introduction

This privacy policy describes how we handle data within The Habits Company, in which the software is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).

Self-Hosted vs Public Instance

We offer two types of instances: self-hosted and public. The data handling practices for each type are different. For self-hosted instances, you control and manage your own data. For the public instance on habits.co, we may collect additional data to improve the service.

What Data We Collect

We collect minimal personal information necessary to provide our services:

• Account information (first name, last name, email)
• Password (stored securely as a hash)
• Habit tracking data you create while using our service
• Basic usage information (IP address, browser type, etc.)
• Email logs for account-related emails
• Payment information (for paid features)

What Data We Collect

We collect minimal personal information necessary to provide our services:

• Account information (first name, last name, email)
• Password (stored securely as a hash)
• Habit tracking data you create while using our service
• Basic usage information (IP address, browser type, etc.)

How We Use Your Data

We use your data for the following purposes:

• To provide and maintain our service
• To notify you about changes to our service
• To allow you to participate in interactive features of our service when you choose to do so
• To provide customer support
• To gather analysis or valuable information so that we can improve our service
• To monitor the usage of our service
• To detect, prevent and address technical issues

Data Storage

Your data is stored securely in the European Union. We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction or damage.

Cookies and Tracking

We use minimal cookies that are strictly necessary for the functioning of our website. These cookies are used for authentication and session management purposes. We do not use tracking cookies or third-party analytics services.

Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including:

• Request access to your personal data
• Request correction of your personal data
• Request erasure of your personal data
• Object to processing of your personal data
• Request restriction of processing your personal data
• Request transfer of your personal data
• Right to withdraw consent

Third-Party Services

We use a minimal number of third-party services to operate our website:

• Hosting providers (Render)
• DNS and DDoS protection (Cloudflare)
• Emailit (for notifications and account-related emails)

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "last updated" date at the top of this Privacy Policy.