Privacy Policy

1. Introduction

[APP_NAME] is an AI-powered habit tracking application that uses large language models (LLMs) to provide personalized coaching, insights, and recommendations. This policy explains how we collect, use, and protect your data, particularly in the context of AI processing.

Please read this carefully. Questions? Contact us at teitfoens@gmail.com.

2. What Data We Collect

Account & Profile Data

• Email address and username
• Password (encrypted)
• First and last name (optional)
• Age and gender (optional)
• Profile avatar/picture (optional)

Habit & Behavioral Data

• Habit titles and descriptions
• Habit categories (fitness, health, productivity, wellness, etc.)
• Daily check-ins and completion status
• Frequency and schedule of habits
• Notes and reflections on progress
• Streak counts and historical data
• Goal settings and milestones

Health & Wellness Data

• Health-related habit types (exercise, sleep, nutrition, meditation)
• Symptoms or health concerns you choose to track
• Mood and emotional state (if tracked)
• Activity levels and duration

AI Processing & Coaching Data

• Text conversations with AI coach
• Prompts and questions you ask the AI
• Coaching sessions and recommendations generated
• Feedback on AI suggestions

Usage & Technical Data

• IP address and device information
• Device type, OS, and app version
• Browser type and features used
• Time spent in app and feature usage
• Crash reports and error logs
• Analytics on habit completion rates

Payment Information (if applicable)

• Subscription tier and status
• Payment method (processed by Stripe)
• Transaction history and billing address

3. How We Use Your Data

• App Functionality: Tracking habits, recording progress, displaying analytics
• AI Coaching: Feeding habit data to LLM for personalized recommendations, insights, and motivational coaching
• Personalization: Tailoring recommendations based on your habits, preferences, and goals
• Performance Analytics: Analyzing your habit completion rates, trends, and success patterns
• Service Improvement: Using aggregated, anonymized data to improve AI coaching quality
• Bug Fixes & Support: Analyzing crash reports and technical issues
• Notifications: Reminding you about habits, providing encouragement, celebrating milestones
• Marketing: Optional emails about new features, tips, and achievements
• Legal Compliance: Responding to legal requests

4. AI & LLM Processing

How AI is Used

Your habit data is processed by AI language models to generate:

• Personalized coaching and motivation
• Evidence-based habit recommendations
• Progress analysis and insights
• Suggested habit modifications or optimizations
• Encouragement and accountability messages

Data Sent to LLM Providers

To provide AI coaching, your habit data and chat messages may be sent to third-party LLM providers (e.g., OpenAI, Anthropic, or similar). We:

• Use only reputable, GDPR-compliant LLM providers
• Minimize the amount of data sent (habit summaries, not full history)
• Strip identifying information when possible
• Use encrypted connections (TLS)
• Maintain Data Processing Agreements ensuring data protection

Data Retention for AI Training

Important: Your habit data is NOT used to train or improve LLMs unless you explicitly opt-in. By default:

• Data sent to LLM providers is processed for immediate response generation only
• LLM providers may retain logs for compliance, not model improvement
• Your personal data will never be used to train public AI models
• You can opt-out of data retention by disabling AI coaching

5. Legal Basis for Processing

We process your data under these GDPR legal bases:

• Contract Performance: Providing the app and habit tracking service
• Consent: AI coaching, marketing communications, optional data use for service improvement
• Legitimate Interests: Service improvement, analytics, fraud prevention, platform operations
• Legal Obligation: Responding to legal requests, tax compliance

6. Data Retention

• Account Data: Retained until account deletion; deleted within 30 days of account closure
• Habit Data: Retained while account is active; deleted within 90 days of account deletion (or immediately on request)
• AI Coaching History: Retained for 2 years for service improvement and coaching continuity; can be deleted on request
• Chat/Message Logs: Retained for 1 year unless deleted by user
• Health Data: Treated as sensitive; deleted on request; retained max 2 years post-deletion
• Payment Records: Retained for 7 years (legal requirement)
• Analytics Data: Aggregated and anonymized after 12 months

7. Third Parties & Data Sharing

We may share your data with:

• LLM Providers: OpenAI, Anthropic, Google, or similar (for AI coaching)
• Payment Processors: Stripe (payment processing)
• Cloud Infrastructure: AWS, Google Cloud, or Azure (hosting and storage)
• Analytics: Google Analytics and similar services (aggregated data only)
• Customer Support: Support tools and helpdesk systems
• Law Enforcement: If required by law or court order

We do not sell your data to third parties or advertisers.

8. Health Data & Sensitive Information

If you track health habits or share health concerns:

• This data is treated as sensitive personal data under GDPR
• Enhanced encryption and access controls apply
• Only shared with AI providers for coaching purposes
• Never shared with advertisers or third parties without explicit consent
• You can delete health data independently of other habit data

9. User Privacy Controls

• AI Coaching Toggle: Enable/disable AI features at any time
• Data Sharing Preferences: Choose which habits receive AI coaching
• Privacy Mode: Hide sensitive habit names in summaries and analytics
• Export Data: Download all your habit data in a portable format
• Marketing Preferences: Unsubscribe from promotional emails
• Analytics Opt-Out: Disable usage analytics

10. User Rights (GDPR)

You have the following rights:

• Access: Request all data we hold about you, including AI-processed data
• Correction: Update inaccurate habit or profile information
• Deletion: Delete your account and all associated data
• Portability: Export your habits, analytics, and coaching history
• Restriction: Limit how we process your data (e.g., disable AI)
• Objection: Opt-out of AI processing, marketing, or analytics
• Automated Decision-Making: Request human review if your habits are used for automated decisions
• Complaint: File a complaint with your data protection authority

To exercise any right, email teitfoens@gmail.com with "Privacy Request" in the subject line.

11. Cookies & Tracking

We use cookies for:

• Essential: Session management, security, account features (always active)
• Preferences: Remembering your app settings and theme
• Analytics: Understanding usage patterns to improve features

You can manage cookies through your browser settings or our privacy preferences panel.

12. Security

We protect your data with:

• SSL/TLS encryption for data in transit
• AES-256 encryption for sensitive data at rest
• Secure password hashing (bcrypt)
• Two-factor authentication (2FA) support
• Regular security audits and penetration testing
• Limited employee access with role-based controls
• Data Processing Agreements with all third-party vendors

Report security concerns to teitfoens@gmail.com immediately.

13. No Medical Advice Disclaimer

[APP_NAME] is a habit tracking and coaching tool, not medical advice. The AI coach provides general wellness suggestions only. Do not rely on the app for medical diagnosis, treatment, or health decisions. Always consult qualified healthcare professionals for medical concerns.

14. Children & Minors

This app is not intended for users under 13 years old. We do not knowingly collect data from minors. Parents/guardians discovering underage use should contact us immediately at teitfoens@gmail.com.

15. International Data Transfers

Your data is primarily processed within the EU. If transferred outside the EU/EEA (e.g., to LLM providers in the US), we use Standard Contractual Clauses or other legal mechanisms to ensure adequate protection under GDPR.

16. Policy Updates

We may update this policy periodically. For significant changes, we will notify you via email. Your continued use of the app implies acceptance of updated terms.

17. Contact Us

For privacy questions, AI concerns, or to exercise your rights:

• Email: teitfoens@gmail.com
• Subject Line: "Privacy Request" or "AI Data Inquiry"
• Company: Xoens ApS
• Location: Vanløse, Copenhagen, Denmark
• CVR: [Indsæt CVR]

We aim to respond to all privacy inquiries within 30 days.