Introduction
Welcome to HabitQuest ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.
Information We Collect
Personal Information
When you create an account, we collect:
- Email address (for authentication and account recovery)
- Password (encrypted and never stored in plain text)
- Profile information (username, character archetype selection)
Quest and Activity Data
To provide our gamified productivity service, we collect:
- Quest titles and descriptions you create
- Completion status and timestamps
- Experience points (XP) and level progression
- Streaks, achievements, and badges earned
- Journal entries and reflections
- Equipment purchases and skill tree selections
Payment Information
For premium subscriptions, we use Stripe for payment processing. We do not store your full credit card information. Stripe securely handles all payment data in compliance with PCI DSS standards. We only store:
- Transaction IDs
- Subscription status
- Last 4 digits of card (for reference)
Automatically Collected Information
- Device information (browser type, operating system, device model)
- IP address and general location (city/country level)
- Usage statistics (features used, session duration)
- Error logs and crash reports
How We Use Your Information
We use your information to:
- Provide our service: Create your personalized RPG experience, track progress, and generate AI-powered quest narratives
- Process payments: Handle subscription purchases and verify payment status
- Improve our app: Analyze usage patterns to enhance features and fix bugs
- Send notifications: Quest reminders, achievement unlocks, and streak alerts (if you enable them)
- Customer support: Respond to your inquiries and troubleshoot issues
- Security: Detect and prevent fraud, abuse, and security incidents
- Legal compliance: Comply with legal obligations and enforce our Terms of Service
AI Processing with Anthropic Claude
We use Anthropic's Claude AI to enhance your quests with narrative elements. When you create a quest, we send:
- Your quest title and description
- Your selected archetype
- Context about your current progress
Anthropic processes this data to generate RPG-style narratives. According to Anthropic's privacy policy, they do not train their models on user data sent through their API. Data is processed solely to provide the service and is not retained longer than necessary.
Learn more: Anthropic Privacy Policy
Data Storage and Security
Your data is stored using Supabase (PostgreSQL database) with:
- Encryption at rest and in transit (TLS/SSL)
- Row-level security (RLS) policies ensuring users only access their own data
- Regular automated backups
- SOC 2 Type II compliance
We implement industry-standard security measures including:
- Password hashing with bcrypt
- Rate limiting on API endpoints
- HTTPS-only connections
- Input validation and sanitization
- Regular security audits
Data Sharing and Third Parties
We do not sell your personal information. We share data only with:
Service Providers
- Supabase: Database hosting and authentication
- Stripe: Payment processing
- Anthropic: AI narrative generation
- Vercel: Application hosting and CDN
Legal Requirements
We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.
Your Rights and Choices
Access and Export
You can access and export all your data through your account dashboard.
Correction and Deletion
You can update or delete your quests, journal entries, and profile information at any time. To delete your entire account and all associated data, contact us at support@habitquest.app
Opt-Out
You can opt out of:
- Push notifications (in app settings or device settings)
- Email communications (unsubscribe link in emails)
- AI-generated narratives (use manual quest mode)
GDPR Rights (EU Users)
If you're in the EU, you have additional rights:
- Right to access your data
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
Children's Privacy
HabitQuest is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
Cookies and Tracking
We use essential cookies for:
- Authentication (keeping you logged in)
- Session management
- Security (CSRF protection)
We do not use third-party advertising cookies or tracking pixels.
Data Retention
We retain your data:
- Account data: Until you delete your account, plus 30 days
- Quest and progress data: Until you delete it or your account
- Payment records: 7 years (legal requirement for financial records)
- Analytics data: Aggregated and anonymized, indefinitely
- Backup data: 90 days after deletion from primary database
International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs) with service providers
- Adherence to GDPR and CCPA requirements
- Encryption during transfer and storage
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new policy on this page
- Updating the "Last updated" date
- Sending you an email notification (for significant changes)
Your continued use of HabitQuest after changes indicates acceptance of the updated policy.
Contact Us
For privacy-related questions, concerns, or requests, contact us:
- Email: privacy@habitquest.app
- Support: support@habitquest.app
- Response time: Within 48 hours for privacy requests
Jurisdiction
This Privacy Policy is governed by the laws of [Your Jurisdiction]. If you have concerns about our privacy practices, you may file a complaint with your local data protection authority.