Ploreon

Habitorm Privacy Policy

Last updated: Oct 22, 2025 · Version 1.1.0

1. Introduction

Habitorm (“we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile app and website (collectively, the “App”). This Policy is incorporated into our Terms of Service.

2. Controller & Contact

Habitorm is the controller of your personal data. Contact: support@ploreon.com.

3. Data We Collect

Account & Profile

  • Email address (authentication, account)
  • Display name / full name
  • Country and flag selection (optional, for localization and leaderboard display)
  • Settings and preferences (e.g., notifications, onboarding status, language)

Habit & Usage

  • Habit metadata (name, color, emoji, goals)
  • Completion history and progress stats (points, streaks, levels)
  • Leaderboard visibility (display name, level, points, longest streak)

Device & Notifications

  • Push token (if you enable notifications) to deliver reminders
  • Basic technical logs for security and reliability

We do not use third-party advertising, analytics SDKs, or tracking beacons in the mobile app. Our website may use strictly necessary cookies and standard server logs for security and performance.

4. Purposes & Legal Bases (GDPR/UK)

  • Provide the App (account, authentication, habit tracking, reminders): Contract performance.
  • Security & abuse prevention (fraud prevention, integrity): Legitimate interests.
  • Notifications (reminders): Consent when you enable push notifications; you can withdraw any time.
  • Support & communication: Contract performance and/or Legitimate interests.
  • Compliance (legal obligations): Legal obligation.

5. Sharing & Processors

We do not sell or share your personal data for cross-context behavioral advertising. We use processors that act on our instructions:

  • Supabase (hosting, database, authentication)
  • Apple/Expo (push notification delivery)

Where required by law or to protect rights and safety, we may disclose information to authorities.

6. Leaderboard Transparency

If you use the leaderboard, your display name, level, points, and longest streak are visible to other authenticated users. Your email is not displayed.

7. International Transfers

Your data may be processed in countries other than your own. When we transfer data internationally, we rely on appropriate safeguards (e.g., EU Standard Contractual Clauses and, where applicable, the UK Addendum). You can request more information via our contact email.

8. Retention

  • Account & Habit Data: kept while your account is active; deleted or anonymized within 30 days after account deletion.
  • Backups/Logs: may persist for up to 90 days then are purged automatically.
  • Legal Holds: minimal data may be retained where required by law.

9. Security

We use industry-standard protections including encryption in transit (TLS) and at rest by our providers, access controls, and role-based security. No method of transmission or storage is 100% secure. Where required, we will notify you and/or authorities of data incidents in accordance with law.

10. Your Rights

Depending on your location, you may have the right to access, correct, delete, restrict, or port your data, and to object to certain processing. If we rely on consent (e.g., push notifications), you may withdraw it at any time in settings or your device OS settings.

To exercise rights, contact support@ploreon.com. We may need to verify your identity and will respond within applicable deadlines.

California Residents (CPRA)

  • We do not “sell” or “share” personal information as defined by CPRA.
  • You may request access, deletion, or correction of your personal information.
  • We do not offer financial incentives for personal information.
  • Submit requests via support@ploreon.com.

EEA/UK Users

You may lodge a complaint with your local data protection authority. If we appoint an EU/UK representative, their details will be published in this Policy.

11. Children’s Privacy

The App is intended for users aged 13+. For EEA/UK, parental consent may be required where the applicable digital consent age is higher. We do not knowingly collect data from children below these thresholds. If you believe we have such data, contact us to remove it.

12. Account Deletion

You can delete your account in-app. We promptly delete or anonymize active records. Backups may retain limited data for up to 90 days, after which they are purged. We may retain minimal data where required by law (e.g., fraud prevention). Deletion is permanent and cannot be undone.

13. Changes to This Policy

We may update this Policy. We will post updates here and update the “Last updated” date. For material changes, we may provide additional in-app notice.

14. Contact Us

For questions about this Policy or our data practices, contact support@ploreon.com.