Privacy Policy

1. Introduction and Scope

Ventryn LLC ("we," "our," or "us") operates the Habit Tracker Mobile application (the "App") and the habittracker.ventryn.com website (the "Website"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App or Website.

We are committed to protecting your privacy and complying with applicable data protection laws, including but not limited to the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA/CPRA), and other regional privacy laws where applicable.

2. Information We Collect

We may collect the following categories of information to provide and improve our services:

2.1 Account Information

When you create an account, we may collect information including but not limited to:

• Email address and authentication credentials
• Display name and profile information
• Phone number (if provided for account recovery)
• Account preferences and settings

2.2 Service Usage Data

To provide our core habit tracking functionality, we may collect:

• Habits you create, including titles, goals, and organizational preferences
• Completion records, streaks, and progress data
• Reminder and notification preferences
• Social features data (if enabled), such as friends, activity sharing preferences, and challenge participation

2.3 Device and Technical Data

We may automatically collect technical information including but not limited to:

• Device type, operating system, and platform
• Device identifiers for push notification delivery
• Timezone and locale settings
• App performance and crash data

2.4 Wellness and Health Data

If you enable health integration, we may access data from Health Connect (Android) or Apple Health (iOS). This is a special category of personal data requiring your explicit consent. Health data categories may include:

• Activity and Fitness: Steps, distance, active energy, workouts, exercise duration
• Body Measurements: Weight, body composition metrics
• Nutrition and Hydration: Water intake, nutrition data
• Sleep: Sleep duration, sleep quality metrics
• Vitals: Heart rate, blood oxygen, and other health metrics

How we use health data: Health data is used solely to automatically mark health-related habits as complete when you meet your targets. Health data is stored locally on your device and synced to your secure account for habit tracking purposes only.

Health data is NOT shared with third parties (including AI services for coaching). We do not sell, rent, or share your health data with advertisers or data brokers.

You can revoke health data access at any time through your device's health settings or by disabling health sync in the App.

2.5 AI-Related Data

To provide personalized coaching and insights, we may collect and generate:

• AI Coach conversation history
• AI-generated insights, recommendations, and personalized content
• User preferences extracted from interactions to improve personalization

For detailed information about our AI features, see our AI Disclosure.

2.6 Payment and Transaction Data

For subscription management, we may collect:

• Subscription tier and status
• Transaction identifiers and purchase dates
• Trial eligibility status

Payment processing is handled by app stores (Google Play, Apple App Store) and our subscription management provider. We do not directly collect or store payment card details.

2.7 Support and Communications

When you contact us or interact with support features, we may collect:

• Support conversation history
• Feedback and survey responses
• Testimonials (with your explicit consent)

2.8 Information from Third Parties

If you sign in using third-party authentication (such as Google or Apple), we may receive your name and email address from those services as permitted by your privacy settings.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

To provide, maintain, and improve our services, including but not limited to creating and managing your account, syncing data across devices, processing subscriptions, and delivering notifications you have enabled.

3.2 Personalization and AI Features

To provide personalized experiences, including AI-powered insights, coaching, recommendations, and content tailored to your habits and progress.

3.3 Security and Fraud Prevention

To protect our services and users, detect and prevent fraud or abuse, and ensure the integrity of our platform.

3.4 Improvement and Development

To analyze usage patterns, fix bugs, and develop new features. We may use aggregated, anonymized data for these purposes.

3.5 Communications

To send transactional emails (such as account verification and password reset), service updates, and re-engagement reminders (which you can disable in Settings).

3.6 Legal Compliance

To comply with applicable laws, regulations, and legal processes.

4. Data Sharing

We do not sell your personal information. We may share information only in these circumstances:

• Service Providers: With trusted third parties who assist in operating our services, subject to confidentiality agreements. These include:
  • Cloud infrastructure and database services (Google Cloud Platform)
  • AI processing services (Google Cloud AI)
  • Subscription management (RevenueCat)
  • Customer support platform (support form)
  • Analytics and crash reporting services (as described in Section 7)
• Legal Requirements: If required by law, court order, or governmental authority.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.
• With Your Consent: For any other purpose with your explicit consent.

5. Data Retention

5.1 Active Account Data

Your data is retained for as long as your account is active. Different data types may have specific retention characteristics based on their purpose and nature.

5.2 Account Deletion

When you request account deletion:

1. 30-day grace period: Your account is disabled but data is preserved. You can contact support to cancel deletion during this period.
2. Permanent deletion: After the grace period, all personal data is permanently deleted, including your profile, habits, AI conversations, and associated records.

Upon deletion, you will receive a confirmation ID (format: GDPR-XXXXX-XXXXXX) as proof of deletion.

5.3 Legally Required Retention

Under applicable law, we may retain certain records after deletion:

• Transaction records (up to 10 years): Anonymized transaction records for tax compliance, containing no personal identifiers.
• Audit records (7 years): Hashed (non-reversible) records of deletion requests for GDPR compliance demonstration.

6. Your Rights and Choices

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data via in-app data export
• Correction: Update or correct inaccurate data through your profile settings
• Deletion: Request deletion of your account and associated data
• Data Export: Export your data through the App (Settings → Account)
• Opt-out of Analytics: Disable optional analytics in App settings
• Manage Notifications: Control notifications and reminders in Settings
• AI Data Control: Clear AI conversations, manage AI memory, or disable AI personalization features
• Health Data Control: Revoke health data access through device settings or the App
• Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, use the in-app settings or contact us via our support form.

7. Analytics and Tracking

7.1 What We Collect

• Essential analytics: Basic app stability and performance data for service provision
• Optional analytics: Detailed usage patterns (collected only with your consent)
• Crash reports: Error logs to help us fix bugs and improve reliability

Health and fitness data is never sent to analytics services.

7.2 What We Do Not Do

• We do not use third-party advertising networks or tracking pixels
• We do not track your activity across other apps or websites
• We never sell your data to third parties

8. International Data Transfers

Your information may be transferred to and processed in the United States where our servers are located. For transfers outside your jurisdiction, we implement appropriate safeguards, including Standard Contractual Clauses where required.

9. Regional Privacy Rights

9.1 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have rights under the General Data Protection Regulation:

Legal Basis for Processing

• Contract (Article 6(1)(b)): To provide the services you requested
• Consent (Article 6(1)(a)): For optional analytics, marketing, and health data processing
• Legitimate Interest (Article 6(1)(f)): For security, fraud prevention, and service improvement
• Legal Obligation (Article 6(1)(c)): For regulatory compliance

Special Categories of Data (Article 9)

If you enable health integration, health and fitness data is classified as a "special category" of personal data. We process this data based on your explicit consent, which you provide when enabling health integration. You may withdraw this consent at any time.

Your GDPR Rights

You have the right to access, rectify, erase, restrict processing, data portability, object to processing, and withdraw consent. You also have the right to lodge a complaint with your local supervisory authority.

Data Controller

Ventryn LLC, Delaware, USA

9.2 California (CCPA/CPRA)

If you are a California resident, you have the following rights:

• Right to Know: Request what personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate information
• Right to Limit: Limit use of sensitive personal information (health data is used solely to auto-complete habits)
• Non-Discrimination: We will not discriminate against you for exercising these rights

We do not sell personal information, so the right to opt-out of sales does not apply.

9.3 Other Jurisdictions

If you are located in other jurisdictions with applicable privacy laws (including but not limited to Brazil's LGPD, Australia's Privacy Act, and Canada's PIPEDA), you may have similar rights to access, correct, and delete your personal information. Contact us to exercise your rights under applicable local law.

10. Data Security

We implement industry-standard security measures to protect your data, including but not limited to:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication mechanisms
• API protection and fraud prevention
• Access controls limited to authorized personnel

11. Children's Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately via our support form and we will delete it promptly.

12. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users and supervisory authorities as required by applicable law, including information about the nature of the breach, potential consequences, and measures taken.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.

• Material changes: For significant changes that affect how we collect, use, or share your personal information, we will provide at least 30 days' notice via the App or email before the changes take effect.
• Non-material changes: Minor clarifications, formatting updates, or changes that do not materially affect your rights may be made at any time. The "Last Updated" date will be revised accordingly.

Continued use of the App after changes constitutes acceptance of the updated policy. If you do not agree to the changes, you should stop using the App.

14. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights:

Ventryn LLC
Support form: Submit a request

We will respond to your request within 30 days (or sooner if required by applicable law).