Your privacy is important. Effective as of September 20, 2025.
This policy explains how LetsHabit handles personal data, or what we collect, why we collect it, how we use, share, and store it, and the choices you have. It applies to the LetsHabit mobile application and any related websites/services (the "Services"). For questions or to exercise your privacy rights, see Section 16 – Contact us. For EU/UK residents: the data controller for your personal data is the entity listed in Section 16.
We collect the categories of information below. Exact items depend on which features you use.
Name, display name, email address
Authentication identifiers (e.g., from our auth provider), user ID
Profile photo/avatar (if you add one)
Timezone/locale
Habit names, schedules, reminders, streaks, achievements, and progress data
Photos you upload for reference and verification (see Section 5 for retention)
Timestamps of check‑ins and completion history
Product identifiers, transaction receipts, subscription status, trial status
Limited purchase metadata received via our payments partner (e.g., RevenueCat)
Device model/OS, app version, language, device advertising settings (for consent‑gated analytics/ads if used)
IP address (for security and fraud prevention)
Push token and notification settings
Camera/notification permission status (boolean flags to tailor features)
Event telemetry (which screens/features are used), performance metrics
Crash logs and error reports (e.g., via Crashlytics)
Messages you send to support, email address, and related metadata
Special note on images & similarity: For photo verification, images you provide may be processed by our own service and/or third‑party processors to generate similarity scores. We do not create or store biometric identifiers. See Sections 4–6 for processing and retention.
We collect information directly from you (when you sign up, upload images, complete habits, contact support) and automatically from your device (diagnostics, push token). We also receive limited purchase and analytics data from our service providers/SDKs.
Provide the Services: account creation, habit management, photo verification, streaks/achievements
Reminders & notifications: send scheduled or contextual push notifications you opt into
Purchases & subscriptions: process and validate in‑app purchases, manage entitlements
Safety & integrity: prevent spam/abuse, protect accounts, detect fraud
Analytics & improvement: understand feature usage and app performance (aggregate reporting)
Support & communication: respond to questions, send service messages (e.g., changes to terms)
Legal compliance: tax/accounting records, lawful requests, and regulatory obligations
EU/UK legal bases (where applicable): performance of a contract (to deliver the app), consent (e.g., camera/notifications/optional analytics), and legitimate interests (e.g., service security, basic analytics consistent with your choices). You may withdraw consent at any time in OS/app settings.
We use vetted providers to operate the Services. Depending on your platform and features, these may include:
Cloud hosting & storage: Google Cloud Platform, Firebase (Firestore/Storage)
Authentication: {Firebase Auth or other}
Crash reporting & diagnostics: Firebase Crashlytics
Analytics (optional/consent‑based): {Firebase Analytics or other}
In‑app purchases & subscription management: RevenueCat (validates receipts and entitlements)
Image processing (verification): {Our Cloud Run API and, if used, Google Cloud Vision or equivalent}
Email/support: {email provider/helpdesk}
We require processors to handle data under contract and only for our instructions. We do not permit providers to sell your data.
What: Reference and verification photos you choose to upload for a habit; computed similarity scores.
Where stored: Reference and the most recent successful verification photo may be stored in our cloud storage to show history and prevent abuse.
Transient processing: Additional verification attempts and intermediate similarity data may be processed transiently by our service and/or processors.
No biometrics: We do not create, infer, or store biometric identifiers. Similarity scoring is used only to confirm that the verification photo matches the habit’s reference context.
Your choices: You can delete a specific photo (where supported) or delete your account to remove stored images (see Section 10). You can also revoke camera permissions in your device settings, which disables photo‑based verification features.
We keep personal data only as long as needed for the purposes above, then delete or de‑identify it.
Account & habit data: kept while your account is active; deleted upon account deletion
Reference photo + most recent success image: kept while the related habit is active; removed on habit/app account deletion
Failed/extra attempt images & intermediate similarity data: retained ≤72 hours for troubleshooting/abuse prevention, then deleted
Purchases/receipts: retained as required for accounting/tax (up to 7 years in some jurisdictions)
Push tokens & permission flags: retained while you use notifications; removed when you disable notifications or delete account
Crash logs/diagnostics: typically ≤90 days unless needed longer for security or debugging
Support tickets: typically ≤24 months after closure
Actual periods may vary to meet legal obligations (e.g., disputes, fraud prevention).
We do not sell personal information.
We do not share personal information for cross‑context behavioral advertising.
We may disclose data to service providers (Section 4) or when required by law, or to protect rights, safety, and the integrity of the Service.
The Services are not directed to children under 13 and we do not knowingly collect personal information from them. If you believe a child under 13 has provided data, contact us so we can delete it. If you target teens, obtain any consents required by local law.
We may process and store data in the United States and other countries where we or our providers operate. When transferring personal data from the EEA/UK to countries without an adequacy decision, we use appropriate safeguards (e.g., Standard Contractual Clauses) and technical measures.
Permissions: Control camera/photos and notifications in your device settings.
In‑app controls: {Settings → Privacy} to manage reminders, analytics (if offered), and account deletion.
Email preferences: Unsubscribe links for non‑transactional emails.
Access/correction/deletion: See Section 11 to exercise your rights or request a copy/deletion of your data.
Your rights depend on where you live. Wherever you are, you can request access, correction, or deletion of your personal data.
Residents can request: access/portability, correction, deletion, and to opt‑out of sale/share (we don’t sell/share). If we use sensitive personal information (we generally do not), you may request limits on its use. We will not discriminate for exercising your rights.
Residents can request: access, correction, deletion, portability, and opt‑out of targeted advertising, sale, and certain profiling (we don’t sell/share or use targeted ads). You may appeal our decision if we decline a request.
Data subjects can request: access, correction, deletion, portability, restriction/objection, and to withdraw consent. You may lodge a complaint with your local supervisory authority.
How to submit a request: Email us at {letsdoitdev@letsdoitapp.org} from the email associated with your account (or use the in‑app flow where available). We may need to verify your identity and will respond within the timelines required by law. Authorized agents: include proof of authorization.
We use administrative, technical, and physical safeguards to protect personal data, including encryption in transit, access controls, and least‑privilege practices. No method of transmission or storage is 100% secure, but we continuously work to improve our defenses.
We do not make decisions with legal or similarly significant effects based solely on automated processing. Similarity scoring is used to assist habit verification and reduce fraud and does not produce consequential decisions about you outside the Service.
Some browsers offer "Do Not Track" (DNT). The Services presently do not respond to DNT signals. Where required, we honor consent choices surfaced by your platform (e.g., iOS/Android settings) for analytics/ads if offered.
We may update this policy to reflect changes to our practices or legal requirements. We’ll post updates here with a new effective date and, if changes are material, we’ll notify you in‑app or by email.
Questions or requests about this policy? Contact {letsdoitdev@letsdoitapp.org} or write to { VISVA FINANCIALS LLC, 21020 Glendower Ct}.
Below is how typical data we process maps to CPRA categories (examples only). We do not sell or share personal info for cross‑context behavioral advertising.