Global Privacy Standards V2.2

Privacy Policy.

Last Updated: March 14, 2026

Habis ("we", "our", or "us") is committed to protecting your global privacy rights. This policy explains our data practices in compliance with GDPR (EU/UK), CCPA/CPRA (California), LGPD (Brazil), PIPA (Korea), APPI (Japan), and other international standards.

1. Information We Collect

We collect only the minimum data necessary to provide a private productivity experience:

  • Account Identifiers: Name and email from Google/Apple Sign-In.
  • Habit & Task Data: Goals, task lists, and completion patterns.
  • Knowledge Content: Specialized notes across six pillars (Standard, Goal, Idea, Journal, Expense, and Burn).
  • Financial Data: Ledger entries in 'Expense' notes stored only in your private database.
  • Burn Notes: Ephemeral notes automatically purged after 24 hours via "Holographic Masking."
  • Usage Data: Anonymized event-based analytics (e.g., "Note Created") via Firebase. Analytics do not include your private content text.

2. Lawful Basis (GDPR/LGPD)

We process your data under: Consent (for Cloud Backup/Reminders), Performance of a Contract (to provide core tracking), and Legitimate Interests (app security and anonymized analytics).

3. Data Storage & Local Sovereignty

Local-First: Your data is stored in a private SQLite database on your device. We use ChaCha20 + GZIP v4 stream encryption for all backups, ensuring military-grade protection.

Zero-Knowledge: We do not hold decryption keys for your habit notes or cloud backups. Master keys are bound to your device hardware (TEE/Secure Enclave). If you lose access, we cannot recover your data.

4. AI Transparency

Current intelligent features, such as our "Daily Coach" and "Expense NLP," operate using proprietary local algorithms on your device. We do not transmit your habit patterns or note text to external servers for processing. Integration with external LLMs is currently in a "code-only" research state.

5. Sub-processors

We share data ONLY with trusted infrastructure: Google LLC (Auth/Analytics), Apple Inc. (Auth), and our Private Bridge for secure email feedback.

6. Your Global Privacy Rights

You have the Right to Access, Portability, Erasure ("Right to be Forgotten"), Rectification, and the Right to Withdraw Consent at any time in Settings.

7. California (CCPA) & GPC

We do NOT sell or share your personal information. We honor Global Privacy Control (GPC) signals and respect 'Do Not Track' preferences.

8. Regional Disclosures

Brazil (LGPD): You have the right to confirm processing, access data, and request anonymization or deletion.

Japan (APPI): Information manager is Muthu M. (Founder). Data is processed strictly for the purposes outlined in Section 1.

Korea (PIPA): Privacy Officer: Muthu M. Data is destroyed without delay upon account deletion using methods that ensure records cannot be reproduced.

9. Application Permissions

For high-performance tracking, we require: SCHEDULE_EXACT_ALARM (Android) for precise nudges, Notifications for system alerts, and Sync Services to maintain streaks across reboots.

For privacy inquiries, contact our Data Protection representative at habis.helpdesk@gmail.com. Bengaluru, India. Representative: Muthu M.