ProHabit — Privacy Policy

Effective date: 10 August 2025

Legal entity (data controller): ProHabit Inc., 8 The Green, Ste R, Dover, DE 19901, USA

Contact: [email protected]+1 978 650‑6171

This Privacy Policy explains how we collect, use, share, and protect your information when you use ProHabit (the “Service”), including our mobile apps and website prohabit.ai. ProHabit is a wellness application — not a medical device and not a substitute for professional medical advice.

1) Information we collect

We collect only what we need to provide and improve the Service.

1.1 Account and profile

  • Email address
  • Password (hashed; we never store plain-text passwords)
  • Basic profile (name/alias, language, time zone)

1.2 App activity and usage

  • App events (onboarding steps, plans, check-ins, SOS usage, streaks)
  • Log data and diagnostic information (crash reports, performance metrics)

1.3 Device and technical data

  • Device model, OS version, app version, approximate location (country/region)
  • Advertising or install identifiers (if attribution/MMP is enabled)

1.4 Health/fitness data (optional, with consent)

  • Steps, sleep, heart rate/HRV and related metrics via Google Fit or Apple HealthKit
  • Manually entered wellness notes (e.g., water intake, cravings)

We access health/fitness data only with your explicit consent. Such data is used solely to deliver wellness features (e.g., progress visualization, habit tracking) and is not used for advertising or sold.

1.5 Communications

  • Support requests and emails
  • In-app feedback and survey responses

2) How we use your information

  • To provide and maintain the Service (plans, check-ins, SOS tools, avatar updates)
  • To personalize content and recommendations (including the “Max” assistant)
  • To measure performance and improve product quality and safety
  • To send transactional communications (service alerts, changes)
  • To comply with legal obligations and enforce Terms

Legal bases (GDPR): contract performance; legitimate interests (product security, analytics); consent (health/fitness data, push notifications, marketing); legal obligation.

3) Sharing and processors

We do not sell your personal information. We share it only with: - Service providers (processors): hosting, analytics, crash reporting, customer support, attribution (if enabled), and similar vendors bound by data processing agreements - App stores and payments: Google Play and Apple App Store for subscriptions, billing, and fraud prevention - Legal/Compliance: if required by law or to protect rights and safety

A current list of processor categories is available on request at [email protected]. If we materially change processors, we will update this Policy.

4) HealthKit & Google Fit specifics

  • Health/fitness data is accessed only with your explicit consent and used strictly for wellness features.
  • We do not use HealthKit or Google Fit data for targeted advertising or market research.
  • We do not share HealthKit/Google Fit data with third parties for advertising; any sharing with processors is solely to provide the Service under strict confidentiality and security obligations.

5) Data retention

  • Account and profile: retained while your account is active. Upon deletion, we delete or irreversibly anonymize within 30 days (some backups may persist up to 90 days).
  • Usage/analytics: typically up to 26 months (or shorter where required by law or platform policies).
  • Health/fitness data: retained only as long as needed to provide the feature; deleted with your account or when you revoke consent.

6) Your privacy controls & rights

In-app controls: - Toggle analytics/telemetry (where supported) - Connect/disconnect Google Fit / Apple Health - Export Data and Delete Data actions

Rights (EEA/UK/California and others): access, correction, deletion, restriction, portability, objection; California: no selling or sharing of personal information; request information and deletion. To exercise rights, email [email protected] or use in-app tools.

We may verify your request to protect your account. We aim to respond within 30 days.

7) International transfers

We may process data in the United States and other countries. Where required, we use appropriate safeguards (e.g., standard contractual clauses). Details available on request.

8) Security

We apply industry-standard measures: encryption in transit, access controls, audit logging, and leastprivilege principles. No system is 100% secure; please protect your credentials.

9) Children

The Service is not intended for children under 16. If you believe a child provided personal data, contact us to delete it.

10) AI assistant (“Max”) disclaimer

AI-generated content may be inaccurate or incomplete. It is provided for wellness and habit support only and must not be relied upon for medical advice, diagnosis, or treatment. In emergencies, call local emergency services.

11) Changes

We may update this Policy. We will post the “Effective date” and, for material changes, provide in-app or email notice.

12) Contact