Privacy Policy
Last updated: July 2026
Protecting your data matters to us. This policy explains, in plain and simple language, which personal data we process in the “Healthy Habit Reset” app and on this website, for what purpose and on what legal basis – and the rights you have under the EU General Data Protection Regulation (GDPR).
1. Controller
The controller for data processing in the app and on this website is:
Smart Activity Software GmbHBundesstraße 10
8833 Teufenbach-Katsch
Austria
Email: support@habitreset.app
2. Principle: anonymous use
You can use Healthy Habit Reset without registering. On first launch, an anonymous, pseudonymous user account is created (through our service provider Supabase). We ask for neither your name nor your email address to do so. Your app data is linked to this pseudonymous identifier. The legal basis is the performance of the usage contract (Art. 6(1)(b) GDPR).
3. Data you create in the app
To provide the core features, we store the content that results from your use:
- the pre-made and custom challenges you choose, and their tasks,
- daily check-ins, completed tasks, streaks and statistics,
- your settings (e.g. language, reminder times),
- friend codes and friendships, if you use the friends feature (so that you and your friends can see each other’s progress).
This data is stored in our database at Supabase, in a data centre within the EU (Ireland). The legal basis is Art. 6(1)(b) GDPR.
4. Push notifications
If you allow notifications, we send you daily reminders and streak alerts. To do so, we process a push token for your device via Firebase Cloud Messaging (Google). You can disable notifications at any time in the app’s or your device’s settings. The legal basis is your consent (Art. 6(1)(a) GDPR), which you give through the system prompt.
5. Subscriptions and purchases
Subscriptions are purchased through the Apple App Store or Google Play. To manage purchase and subscription status, we use RevenueCat, Inc. (USA). This involves processing your pseudonymous user identifier and your purchase/subscription status. Your payment data (credit card or similar) is processed neither by us nor by RevenueCat – it stays exclusively with Apple or Google. The legal basis is Art. 6(1)(b) GDPR.
6. Product analytics
To improve the app, we use PostHog (USA) to record pseudonymous usage events (e.g. which screens are opened and which features are used). These events are linked to your pseudonymous identifier but contain no real names. The legal basis is our legitimate interest in needs-oriented product development (Art. 6(1)(f) GDPR).
7. Error and crash reports
To keep the app stable, we use Sentry to record technical error and crash data (e.g. error message, device and app version). Processing takes place via an endpoint within the EU (Germany). The legal basis is our legitimate interest in a stable, secure app (Art. 6(1)(f) GDPR).
8. Website (habitreset.app)
This website is hosted by Vercel Inc. (USA). When you access it, technical access data is processed automatically (server log files: including IP address, timestamp, page accessed, referrer, browser and operating-system information), which is necessary for delivery as well as for stability and security (Art. 6(1)(f) GDPR). For audience measurement we use Vercel Web Analytics without cookies and without persistent or cross-site profiles (Art. 6(1)(f) GDPR). If you sign up for the waitlist, we process your email address and, where provided, your name, language setting and signup time on the basis of your consent (Art. 6(1)(a) GDPR), in order to inform you about the launch. This website sets no marketing or tracking cookies.
9. Processors and international transfers
We use the following service providers as processors (Art. 28 GDPR):
- Supabase, Inc. (USA) – account, database and storage; data centre within the EU (Ireland).
- RevenueCat, Inc. (USA) – management of subscription and purchase status.
- Google Ireland Ltd. / Google LLC (Firebase Cloud Messaging, USA) – push notifications.
- PostHog, Inc. (USA) – pseudonymous product analytics.
- Functional Software, Inc. (Sentry) – error and crash reports; processing within the EU (Germany).
- Vercel Inc. (USA) – hosting and analytics for the website.
- Apple Inc. / Google LLC – handling of purchases via the App Store or Google Play (as independent controllers).
Where data is transferred to or made accessible from the USA, we base such transfers on the European Commission’s Standard Contractual Clauses (Art. 46(2)(c) GDPR) or – where certified – on the EU-US Data Privacy Framework (Art. 45 GDPR).
10. Retention
We store personal data only for as long as necessary for the stated purposes. We keep your app data for as long as your (anonymous) account exists; you can request deletion at any time. Technical log data is kept only briefly, and waitlist data is deleted at the latest once the launch process is complete or after you withdraw.
11. Your rights
Under the GDPR you have, in particular, the following rights:
- Access to the data processed (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing based on legitimate interests (Art. 21 GDPR)
- Withdrawal of a given consent with effect for the future (Art. 7(3) GDPR)
To exercise your rights, an informal message to support@habitreset.app is sufficient.
12. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority. In Austria, the competent authority is the Austrian Data Protection Authority (Barichgasse 40-42, 1030 Vienna); you can also contact the authority in your place of residence (Art. 77 GDPR).
13. Data security
Transmission is encrypted via TLS. We take appropriate technical and organisational measures to protect your data against loss, misuse and unauthorised access.
14. Changes to this privacy policy
We update this policy when the legal situation or our processing changes. The current version published here applies.