Back
Privacy Policy for HabitChart
Last Updated: November 24, 2025
Thank you for using HabitChart ("we," "us," or "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our web application at https://habitchart.top (the "Service").
By using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Service.
1. Information We Collect
1.1 Personal Information (Authenticated Users)
When you create an account using email magic links or Google OAuth, we collect:
- Name: To personalize your experience and identify your account
- Email Address: For authentication, account recovery, and communication
- Authentication Data: OAuth tokens (Google) or magic link tokens for secure login
- Payment Information: Processed securely through Stripe. We store only your Stripe customer ID and subscription status. We never store credit card details on our servers.
1.2 Habit and Usage Data (Authenticated Users)
When you use HabitChart as an authenticated user, we store:
- Habit Information: Habit titles, emojis, units, daily amounts, frequencies, and creation dates
- Habit Logs: Daily completion records, streak data, and plateau detection metrics
- Preferences: Time budget settings, notification preferences
- Account Status: Free or paid tier, access permissions
1.3 Guest Mode Data
When using HabitChart in guest mode (without an account):
- All habit data is stored locally in your browser's localStorage
- No personal information is transmitted to or stored on our servers
- Guest data is automatically migrated to your account if you sign up
1.4 Automatically Collected Information
We collect minimal technical information to operate the Service:
- Browser Type and Version: To ensure compatibility
- Device Information: For responsive design optimization
- IP Address: For security and abuse prevention
- Usage Analytics: We use Plausible Analytics (privacy-focused, no cookies, no personal data tracking)
We do NOT use Google Analytics, Facebook Pixel, or any third-party tracking services.
2. How We Use Your Information
We use your information solely to:
- Provide and maintain the Service (habit tracking, projections, logging)
- Authenticate your account securely
- Process payments through Stripe for lifetime access upgrades
- Send transactional emails (magic links, payment confirmations)
- Send weekly digest emails with habit statistics and AI-generated motivation (for paid users)
- Send re-engagement emails if you haven't logged activity for 4+ days (authenticated users only)
- Detect plateaus and provide personalized habit suggestions
- Generate AI-powered habit recommendations and time budget optimizations (optional feature)
- Provide customer support
3. Data Storage and Security
3.1 Data Storage
- Database: All authenticated user data is stored in MongoDB Atlas with encryption at rest
- Location: User data is stored in user-scoped MongoDB documents with access controls
- Backups: Regular automated backups are performed for data recovery
3.2 Third-Party Services
We use the following trusted third-party services:
- Stripe: Payment processing (PCI-DSS compliant)
- MongoDB Atlas: Database hosting with enterprise-grade security
- Resend: Transactional email delivery for magic links and digests
- OpenAI: Optional AI features (habit recommendations, tweak wizard, plateau suggestions). Your habit data is sent to OpenAI only when you use AI features. OpenAI does not store your data per their API policies.
- Vercel: Application hosting with HTTPS encryption
We do not sell, rent, or trade your personal information to third parties.
3.3 Security Measures
- All data transmission uses HTTPS/TLS encryption
- Authentication uses secure JWT tokens with NextAuth.js
- Payment processing is handled entirely by Stripe (PCI-DSS Level 1)
- MongoDB connections use encrypted connections
- No passwords are stored (magic links and OAuth only)
4. Data Retention and Deletion
4.1 Active Accounts
We retain your data as long as your account is active or as needed to provide the Service.
4.2 Account Deletion
You may request account deletion at any time by contacting bartzalewskidev@gmail.com. Upon deletion:
- All habit data, logs, and personal information are permanently deleted within 30 days
- Stripe customer records are retained for legal and accounting purposes only
- Email addresses may be retained in a suppression list to honor unsubscribe requests
4.3 Guest Mode Data
Guest mode data is stored only in your browser's localStorage. You can clear it anytime by clearing your browser data.
5. Your Rights and Choices
You have the following rights regarding your data:
- Access: Request a copy of your data in CSV format (available via export feature)
- Correction: Update your name and preferences in your account settings
- Deletion: Request complete account and data deletion
- Portability: Export your habit data as CSV or PNG
- Opt-Out: Unsubscribe from weekly digest emails via the link in any email
- AI Features: Choose not to use AI-powered features to prevent data from being sent to OpenAI
6. Cookies and Local Storage
6.1 Cookies
We use minimal essential cookies:
- Authentication cookies (JWT tokens) to keep you logged in
- Session cookies for security and CSRF protection
We do NOT use advertising cookies or third-party tracking cookies.
6.2 Local Storage
- Guest mode uses localStorage to store habit data locally
- PWA uses service workers for offline caching of the app interface
- You can clear localStorage and service workers in your browser settings
7. Progressive Web App (PWA) and Offline Mode
HabitChart can be installed as a PWA for offline use:
- Service workers cache the app interface and calculation logic
- Guest mode data remains in localStorage and syncs when online
- Authenticated user data syncs automatically when you reconnect
8. Children's Privacy
HabitChart is not intended for children under 13. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us immediately at bartzalewskidev@gmail.com.
9. International Users
HabitChart is hosted on Vercel's global CDN. Your data may be processed in the United States or other countries where our service providers operate. By using the Service, you consent to this transfer.
10. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:
- Post the updated policy on this page with a new "Last Updated" date
- Notify authenticated users via email for significant changes
- Continue to protect your data in accordance with the updated policy
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (note: we do not sell personal information)
To exercise these rights, contact bartzalewskidev@gmail.com.
12. GDPR Compliance (EU Users)
If you are in the European Union, you have rights under the General Data Protection Regulation:
- Right to access, rectify, or erase your personal data
- Right to restrict or object to processing
- Right to data portability
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
To exercise these rights, contact bartzalewskidev@gmail.com.
13. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or your data:
Email: bartzalewskidev@gmail.com
Website: https://habitchart.top
We will respond to your inquiry within 30 days.
By using HabitChart, you acknowledge that you have read and understood this Privacy Policy.