Privacy Policy - HabitWins

1. Data Controller

CraftTechLabs
ul. Wojska Polskiego
46-380 Dobrodzień, Poland
Email: hello@habitwins.app

2. What Data We Collect

IMPORTANT: DEMO Mode (without registration)

ZERO data on server: in DEMO mode we do NOT collect or store any data on CraftTechLabs servers
localStorage: all DEMO data is stored EXCLUSIVELY locally in the User's browser
No CraftTechLabs access: we have no access to DEMO data, it is exclusively on the User's device
IP address: basic server logs may contain IP addresses from requests (standard web server practice)

Personal Data (only with registered account):

User account: email, username, first name, last name
Age verification: confirmation of legal age (18+) via checkbox
Password: stored in hashed form

Application Data (only with registered account):

Habits and sessions: practice time, habit types, statistics
Contracts: User's own goals, private self-rewards, duration period
Preferences: application settings

Note: "Rewards" in the application are User's private notes - the application does not offer or provide any rewards.

Technical Data:

IP address: automatically collected (server logs)
Device information: browser type, operating system
Cookies: to maintain user session (only with account)

3. Purpose of Data Processing

Service provision: operation of the habit-building application
Age verification: confirmation of legal age (18+)
Communication: sending email notifications
Security: protection against abuse
Application improvement: usage analysis and optimization

4. Legal Basis (GDPR)

Service provision: performance of contract (Art. 6.1.b GDPR)
Age verification: user consent (Art. 6.1.a GDPR)
Marketing: legitimate interest (Art. 6.1.f GDPR)
Consent: for optional features (Art. 6.1.a GDPR)

5. Data Sharing

We do not sell or share your personal data with third parties, except for:

Service providers: hosting (VPS), email (Gmail Workspace)
Legal obligation: upon request by state authorities
Future integrations: payments (Stripe, PayPal) - with consent

6. Data Retention

Active account: throughout the entire period of service use
After account deletion: 30 days (backup and security)
Accounts without consent: immediately deleted if checkboxes not selected (age 18+, terms of service, privacy policy)
Email registration: checkboxes on registration form - not selected = account not created
Google OAuth registration: checkboxes displayed AFTER authorization - not selected = account deletion
Server logs: 12 months (security)

IMPORTANT: Data Integrity Disclaimers

No guarantee: we do not guarantee data integrity, availability, or security 100% of the time
Possible loss: data may be lost due to failures, application errors, cyberattacks, or other events
Backups: we perform daily backups, but do not guarantee their effectiveness in every case
User responsibility: regular data export (JSON) is the User's responsibility
Liability: in accordance with the Terms of Service (section 10) and applicable law
GDPR: the above disclaimers do not violate User rights under GDPR (see section 7)

Account Deletion Process (Soft Delete):

Data anonymization: after account deletion, personal data is irreversibly anonymized (email, password, first name, last name)
Login impossibility: anonymized account cannot be used for re-login
Analytics preservation: anonymized data may be retained for analytical and statistical purposes (in accordance with Art. 89 GDPR)
Data aggregation: detailed session data is aggregated into statistics (space savings without loss of analytical value)
GDPR Art. 17: this process meets "right to be forgotten" requirements through irreversible anonymization

7. User Rights (GDPR)

The User has the right to:

Access: check what data we process
Rectification: correct inaccurate data
Erasure: permanent deletion of account and data
Restriction: temporary suspension of processing
Data portability: export data in JSON format
Object: to marketing processing
Withdraw consent: at any time

Contact: hello@habitwins.app

8. Security

HTTPS encryption: SSL/TLS for all communication
Password hashing: bcrypt with salt
Tokenization: JWT for secure sessions
Monitoring: security logs and audit trail
Backups: encrypted backup copies

9. Cookies and Tracking Technologies

We use cookies for:

User sessions: maintaining login
Preferences: saving settings
Security: CSRF protection
Timers: localStorage for active stopwatches

You can disable cookies in your browser, but this may limit functionality.

10. Age Verification

Minimum age: 18 years (legal age)
Verification: mandatory confirmation via checkbox "I am 18 years or older"
Email registration: checkboxes displayed on form - selection required before account creation
Google OAuth registration: checkboxes displayed AFTER Google authorization - not selected results in account deletion
Required consents: age 18+, acceptance of terms of service, acceptance of privacy policy
User responsibility: for truthfulness of age statement

11. International Transfers

User data is processed in:

European Union: VPS servers in Poland
Google Workspace: USA - Standard Contractual Clauses
Future services: only providers with appropriate safeguards

12. Future Features

We plan to add:

Payments: premium subscriptions (Stripe, PayPal)
Advertising: personalized marketing content
Analytics: Google Analytics or similar
Push notifications: habit reminders

Before implementation, we will inform the User and request consent.

13. Policy Changes

Notifications: email 30 days before changes
Acceptance: continued use = acceptance of changes
History: previous versions available upon request
Current version: always at habitwins.app/privacy-policy

14. Contact and Complaints

Privacy questions:
Email: hello@habitwins.app
We respond within 72 hours.

GDPR complaints:
Personal Data Protection Office (Poland)
uodo.gov.pl

15. Governing Law

This policy is governed by Polish law and European law (GDPR). Court competent for the data controller's headquarters.

🏆 Clasificación

¡Próximamente!

📋 Privacy Policy