Privacy Policy

Introduction

Welcome to Selfbit ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

Your privacy is important to us. We are committed to protecting your personal information and your right to privacy. This policy describes our practices regarding the collection and use of your information and tells you about your privacy rights.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

1. Account Information

When you create an account, we collect:

• Email address (for account authentication and communication)
• Password (encrypted and securely stored)
• Display name (optional, for personalization)
• Profile preferences (habits, goals, notification settings)
• Account creation date and last login

2. Health Information

Detailed in our Health Data Privacy Notice

When you grant permission, we collect health data from Apple HealthKit including:

• Fitness Data: Steps, calories, distance, exercise minutes, heart rate, VO2 Max
• Sleep Data: Sleep duration, quality, and patterns
• Body Measurements: Weight, BMI, body composition
• Vital Signs: Heart rate variability, blood pressure, respiratory rate, blood glucose, blood oxygen
• Mindfulness Data: Meditation minutes, mood tracking
• Activity Data (Google Fit): Activity recognition, speed/power metrics, workout routes

Purpose: Health data is used exclusively for habit correlation analysis and personalized recommendations.

Protection: All health data is encrypted with military-grade AES-256-GCM encryption and handled according to HIPAA compliance standards.

3. Calendar Information

When you connect Google Calendar, we collect:

• Event Information: Titles, descriptions, times, locations
• Meeting Details: Attendee counts, organizer information, recurring patterns
• Schedule Patterns: Meeting density, free time blocks, context switching frequency

Purpose: Calendar data is used to analyze meeting patterns and provide context-aware habit recommendations.

Control: You can revoke calendar access anytime through your Google account settings.

4. Habit and Goal Data

We collect information about your habits and goals:

• Habit Definitions: Habit names, descriptions, categories, difficulty levels
• Completion Records: Habit completion status, timestamps, success rates
• Streak Information: Current streaks, longest streaks, habit consistency
• Goal Settings: Personal goals, target frequencies, habit objectives
• Progress Analytics: Performance trends, correlation insights, achievements

5. App Usage Information

We automatically collect certain information when you use our app:

• Device Information: Device type, operating system version, app version
• Usage Analytics: Feature usage, session duration, screen interactions
• Performance Data: App crashes, loading times, error reports
• Location Data: Only if explicitly granted, for location-based habit reminders

6. Payment Information

For subscription management:

• Payment Method: Credit card information (processed by Apple/Google, not stored by us)
• Billing Information: Billing address, transaction history
• Subscription Details: Plan type, billing cycle, subscription status

Security: Payment data is processed by PCI DSS compliant payment processors (Apple Pay, Google Pay). We never store complete payment card information.

How We Use Your Information

1. Provide and Improve Our Service

• Core Functionality: Enable habit tracking, goal setting, and progress monitoring
• Personalization: Customize app experience based on your preferences and usage patterns
• Analytics: Generate insights about your habit performance and health correlations
• Service Improvement: Analyze usage patterns to enhance app features and performance

2. Health and Habit Correlation Analysis

• Pattern Recognition: Identify relationships between health metrics and habit success
• Predictive Analytics: Generate recommendations for optimal habit timing and intensity
• Behavioral Insights: Provide personalized insights to improve habit formation
• Health Integration: Correlate habit performance with health metrics for optimization

3. Communication and Support

• Account Management: Send account-related notifications and updates
• Customer Support: Respond to your questions, requests, and provide assistance
• Product Updates: Notify you about new features, improvements, and important changes
• Marketing: Send promotional emails (only with your consent, easily unsubscribed)

4. Security and Legal Compliance

• Fraud Prevention: Monitor for suspicious activity and prevent unauthorized access
• Legal Obligations: Comply with applicable laws, regulations, and legal requests
• Terms Enforcement: Enforce our Terms of Service and investigate violations
• Data Protection: Implement and maintain security measures to protect your information

Information Sharing and Disclosure

Limited Sharing for Service Provision

Service Providers

We may share information with trusted third-party service providers who assist us in operating our app:

• Cloud Infrastructure (AWS, Supabase): Encrypted data storage and processing
• Payment Processing (Apple, Google): Subscription billing and payment processing
• Analytics Services (anonymized data only): App performance and usage analytics
• Customer Support Tools: To provide customer service and technical support

All service providers are contractually bound to protect your information and use it only for specified purposes.

Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

Data Security

We implement comprehensive security measures to protect your information:

Encryption

• AES-256-GCM Encryption: All sensitive data encrypted at rest
• TLS 1.2+: All data encrypted in transit
• End-to-End Encryption: For highly sensitive health data
• Key Rotation: Regular encryption key rotation for enhanced security

Access Controls

• Role-Based Access: Employees have access only to data necessary for their job function
• Multi-Factor Authentication: Required for all system access
• Regular Access Reviews: Quarterly review and audit of data access permissions
• Principle of Least Privilege: Minimal necessary access granted

Infrastructure Security

• SOC 2 Type II Compliance: Our infrastructure providers maintain enterprise security standards
• Regular Security Audits: Security code reviews and vulnerability assessments; penetration testing scheduled prior to major releases
• Incident Response Plan: Comprehensive data breach response and notification procedures
• Backup Security: All backups encrypted with separate keys

Your Privacy Rights

Access and Control

You have the following rights regarding your personal information:

Account Management

• View Your Data: Access all personal information we have collected about you
• Update Information: Modify your account information, preferences, and settings
• Export Data: Download your data in portable formats (JSON, CSV, Markdown)
• Delete Account: Permanently delete your account and associated data

Consent Management

• Withdraw Consent: Revoke permissions for health data, calendar access, or marketing communications
• Granular Control: Choose exactly which data types you want to share
• Notification Preferences: Control what communications you receive and how

GDPR Rights (EU Users)

If you are located in the European Union, you have additional rights under GDPR:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data ("Right to be Forgotten")
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Restrict Processing: Limit how we use your data in certain circumstances

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to Know: Categories of personal information collected, sources, and purposes
• Right to Delete: Request deletion of personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

How to Exercise Your Rights

1. In-App: Use Settings > Privacy & Data Management
2. Email: Contact privacy@mitikasha.com
3. Response Time: We respond within 30 days (7 days for urgent requests)

Data Retention

We retain your information for different periods based on data type and legal requirements:

• Active Accounts: Retained while your account is active
• Deleted Accounts: Personal data deleted within 30 days of account deletion
• Health Data: Deleted within 30 days of account deletion or permission revocation
• HIPAA Compliance: Audit logs retained for 7 years as required by healthcare regulations
• Payment Records: Transaction records retained for 7 years for tax and accounting purposes
• Inactive Accounts: Accounts inactive for 24 months are flagged for deletion

Secure Deletion

When data is deleted, we use secure deletion with platform-native security controls, encryption key destruction where applicable, and verify deletion through security audits.

Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are between 13 and 18 years old, you may only use our Service with the consent and supervision of a parent or guardian. If we discover that we have collected personal information from a child under 13 without parental consent, we will delete the information immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we update this policy:

• Material Changes: We will notify you at least 30 days before changes take effect
• Email Notification: Sent to your registered email address
• In-App Notification: Prominent notice displayed in the app
• Continued Use: Continued use after changes indicates acceptance