Privacy Policy

This Privacy Notice for Refbucks Media LLP ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

• Download and use our mobile application (HabitBook - Habit Tracker), or any other application of ours that links to this Privacy Notice
• Use HabitBook - Habit Tracker. A habit tracker app that helps you build lasting habits with beautiful progress tracking, mood & journal features.
• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

Summary of Key Points

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

Table of Contents

1. What Information Do We Collect?
2. How Do We Process Your Information?
3. What Legal Bases Do We Rely On To Process Your Personal Information?
4. When And With Whom Do We Share Your Personal Information?
5. What Is Our Stance On Third-Party Websites?
6. How Long Do We Keep Your Information?
7. How Do We Keep Your Information Safe?
8. How Do We Handle Your Health Information?
9. What Are Your Privacy Rights?
10. Controls For Do-Not-Track Features
11. Do United States Residents Have Specific Privacy Rights?
12. Do We Make Updates To This Notice?
13. How Can You Contact Us About This Notice?
14. How Can You Review, Update, Or Delete The Data We Collect From You?

1. What Information Do We Collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Health and Sensitive Information. We process the following health-related information:

• Step Count Data: We access your daily step count from your device's health services (Google Health Connect on Android devices and Apple HealthKit on iOS devices) to display progress for step-based habits. This includes both current and historical step data. This data is only accessed to show within the app and is never transmitted off your device.
• Mood Tracking Data: We store mood information that you voluntarily input into the app locally on your device to help you track your emotional well-being over time.
• Health-Related Habits: We store information about health-related habits you create locally on your device, such as exercise routines, meditation practices, water intake, sleep patterns, and other wellness activities.
• Journal Entries: We store journal entries that may contain health-related information locally on your device when you choose to use our journaling feature.

Privacy by Design: All health data is stored locally on your device and never transmitted to our servers. We cannot see, access, or retrieve your health data. The data is only used within the app on your device to display your progress and track your habits. You maintain complete control over this data through your device's system settings.

Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by Google LLC, Apple Payments Inc, and RevenueCat. You may find their privacy notice link(s) here: Google Payments, Apple Payments, and RevenueCat.

Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

• Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server).
• Health and Fitness Data. With your explicit permission, we access step count data from Google Health Connect (Android) or Apple HealthKit (iOS) to automatically track progress for step-based habits. This includes accessing historical step data to backfill your habit completion history. You can revoke this permission at any time through your device's health app settings.
• Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings. We use Onesignal as a third-party service provider to send push notifications. For more information, please review Onesignal's privacy policy.

Contact Information. When you contact us via email, we collect the email addresses and any information you voluntarily submit in your correspondence. This information is used solely to respond to your inquiries and provide customer support.

Feedback and Form Data. We use Tally.so as our form builder for collecting user feedback and other information you may choose to provide through our forms. When you submit information through these forms, the data you enter will be collected and processed according to both our privacy policy and Tally.so's privacy practices. For more information about how Tally.so handles data, please review their Terms and Privacy policy.

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information.

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services.
• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services.

Analytics and Performance Data

We use third-party analytics services to help us understand how our Services are used and to improve user experience:

• PostHog Analytics. We use PostHog to collect information about your use of our application, including screen visits, navigation patterns, errors, and feature usage. PostHog's privacy policy can be found at: https://posthog.com/privacy
• Branch.io for Referral Tracking. We use Branch.io to track and analyze referral details. For more information, please review their privacy policy: https://branch.io/policies/privacy-policy/
• Tally.so for Form Collection. We use Tally.so to create and manage feedback forms and surveys. When you submit information through our forms, Tally.so processes this data on our behalf. For more information about their data practices, please review Tally.so's Terms and Privacy policy.

2. How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To provide habit tracking services: We use your health data (step counts) and mood information to help you track and complete your habits, monitor your progress, and achieve your wellness goals.
• To provide personalized insights: We analyze your habit completion data, mood patterns, and health metrics to provide you with meaningful insights about your progress and well-being.
• To enable app features: We use health data to automatically update step-based habit completions, calculate streaks, and generate progress reports.
• To improve our services: We may use aggregated and anonymized health data to understand usage patterns and improve our app features.
• To save or protect an individual's vital interest

How We Use Health Data:

• Step count data is used exclusively to track completion of step-based habits you create
• Mood data is used to help you track emotional patterns and well-being over time
• Health-related habit data is used to calculate streaks, generate insights, and track your progress
• All health data processing occurs locally on your device - we never receive or have access to this data
• We cannot see your step counts, mood data, or any health information - it exists only on your device
• The only way health data leaves your device is if you explicitly choose to export it yourself

3. What Legal Bases Do We Rely On To Process Your Information?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law.

If you are located in the EU or UK

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on:

• Consent. We may process your information if you have given us permission.
• Legal Obligations. We may process your information where necessary for compliance with our legal obligations.
• Vital Interests. We may process your information where necessary to protect vital interests.

If you are located in Canada

We may process your information if you have given us specific permission (express consent) or in situations where your permission can be inferred (implied consent).

4. When And With Whom Do We Share Your Personal Information?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

• Business Transfers. In connection with any merger, sale of company assets, financing, or acquisition.
• Affiliates. We may share your information with our affiliates.
• Business Partners. We may share your information with our business partners to offer certain products, services, or promotions.
• Offer Wall. Third-party hosted offer walls may share unique identifiers to prevent fraud and credit rewards.

5. What Is Our Stance On Third-Party Websites?

In Short: We are not responsible for the safety of any information that you share with third parties that we may link to.

The Services may link to third-party websites, online services, or mobile applications. We do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party websites, services, or applications.

6. How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law.

7. How Do We Keep Your Information Safe?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

7a. How Do We Handle Your Health Information?

In Short: We take special care to protect your health information and give you full control over how it's accessed and used.

Health Data We Access

• Step Count Data: Daily step counts from Google Health Connect (Android) or Apple HealthKit (iOS)
• Mood Tracking: Mood entries you manually input into the app
• Health Habits: Information about health-related habits like exercise, meditation, water intake, etc.
• Health-Related Journal Entries: Any health information you include in journal entries

How We Protect Your Health Data

• Local Storage Only: All health data is stored exclusively on your device - never on our servers
• No Server Transmission: Health data is never sent to us - we cannot see or access your health information
• On-Device Processing: All health data processing happens locally on your device
• Health data is encrypted using industry-standard encryption methods on your device
• Access to device health services requires your explicit permission
• You can revoke health data permissions at any time through your device settings
• We cannot sell or share your health data because we never have access to it

Your Control Over Health Data

• You can enable or disable health data sync at any time in the app settings
• You can delete all health-related data from the app
• You can export your health data in a portable format
• You can choose which types of health data the app can access

Health Data Retention

Health data is retained only on your device as long as you use the app. Since we never receive or store your health data on our servers, we have no health data to retain. If you delete the app, all locally stored health data is removed from your device. If you delete specific habits or data within the app, the associated health data is immediately removed from your device. We cannot recover this data because we never had access to it.

8. What Are Your Privacy Rights?

In Short: Depending on your location, you may have certain rights regarding your personal information.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right to:

• Request access and obtain a copy of your personal information
• Request rectification or erasure
• Restrict the processing of your personal information
• Data portability
• Not be subject to automated decision-making
• Object to the processing of your personal information

Withdrawing your consent: You can withdraw your consent at any time by contacting us at [email protected].

9. Controls For Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals.

10. Do United States Residents Have Specific Privacy Rights?

In Short: If you are a resident of certain US states, you may have specific privacy rights.

Categories of Personal Information We Collect

We have not collected any categories of personal information in the past twelve (12) months as defined under California privacy law.

Your Rights

You have rights under certain US state data protection laws, including:

• Right to know whether or not we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request the deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to non-discrimination for exercising your rights

How to Exercise Your Rights

To exercise these rights, you can contact us at [email protected].

11. Do We Make Updates To This Notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice.

12. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may email us at [email protected] or contact us by post at:

13. How Can You Review, Update, Or Delete The Data We Collect From You?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. To request to review, update, or delete your personal information, please visit: [email protected].