Privacy Policy

Last updated: December 10, 2025

1. Information We Collect

We collect information that you provide directly as well as data that is generated through your use of the App.

1.1. Account Information

  • Email address
  • Password (stored only in hashed form)
  • Profile information (e.g., name, profile picture if provided)

1.2. Habit & App Usage Data

  • Created habits
  • Daily check-ins and completion history
  • Streaks, scores, and progress analytics
  • Settings and preferences

1.3. AI Verification Content

When performing Snap Verification, you may upload or capture:

  • Photos
  • Text descriptions (if applicable)

These are transmitted to our backend and processed by the Google Gemini API for AI-powered verification.

1.4. Device Information

  • Device model
  • Operating system version
  • App version
  • Log data for diagnostics and security

We do not collect precise location data.

2. How We Use Your Information

We use your information to:

  • Create and manage your account
  • Provide habit tracking and verification features
  • Analyze photos or text with AI (Gemini API) to determine habit completion
  • Sync and store your data across devices
  • Improve the App's performance, reliability, and user experience
  • Communicate updates or important notifications related to the App

We do not sell or rent your personal data.

3. Artificial Intelligence Processing (Google Gemini API)

SnapHabit uses the Google Gemini API to analyze user-provided photos or texts in order to verify whether a habit has been completed.

What data is shared with Google

  • Photos submitted for verification
  • Any accompanying text input
  • Technical metadata included in the API request

Purpose

  • To perform AI analysis and determine the likelihood that the habit was completed
  • To provide accuracy feedback and verification scores inside the App

Data protection

  • Data sent to Gemini is processed by Google LLC.
  • Processing may occur on servers in the United States or other locations.
  • Transfers are protected through Standard Contractual Clauses (SCCs) under GDPR.
  • Google states that user-provided API data is not used to train its models.

By using AI verification, you consent to this processing.

4. Data Storage & Backend Services (Supabase)

We use Supabase to store and manage user data securely. Supabase provides:

  • Authentication
  • PostgreSQL database storage
  • File storage (for user-uploaded images, if stored)
  • Server logs
  • API infrastructure

Data stored in Supabase

  • Account information (email, user ID)
  • Habits and progress logs
  • Verification history
  • Optional uploaded images
  • App settings and preferences

Location of storage

Data is hosted in the region selected during project creation (typically the European Union).

Legal basis

Processing is based on Art. 6(1)(b) GDPR (performance of a contract).

Data processing agreement

We maintain a Data Processing Agreement (DPA) with Supabase pursuant to Art. 28 GDPR.

5. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR)
    To provide the core functionality of the App.
  • Legitimate interests (Art. 6(1)(f) GDPR)
    For improving the App, ensuring security, preventing abuse.
  • Consent (Art. 6(1)(a) GDPR)
    For AI-based processing of user-submitted photos or text.

6. Data Retention

We keep your data only as long as necessary:

  • Account and habit data: retained while your account is active
  • AI verification photos: stored only if required for app functionality; otherwise deleted after processing
  • Backups: retained for security and disaster recovery

You may delete your account at any time from within the App. Upon deletion, your personal data will be permanently removed from our systems.

7. Sharing of Data

We do not sell your data.

We share data only with:

Service Providers

  • Supabase (database, authentication, hosting)
  • Google Gemini API (AI analysis)
  • Logging and analytics providers (if used)

Legal obligations

We may disclose data if required by law.

8. International Data Transfers

Some processing (e.g., Gemini API calls) may occur in countries outside the EU/EEA.

We ensure adequate safeguards through:

  • Standard Contractual Clauses (SCCs)
  • Technical and organizational measures implemented by our providers

9. Your Rights (GDPR)

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Delete your account and associated data
  • Withdraw consent for AI processing
  • Request restriction or objection to processing
  • Data portability

To exercise your rights, please contact us at: privacy@snap-habit.com

10. Security

We use industry-standard security measures including:

  • HTTPS encryption
  • Hashed and salted passwords
  • Access controls
  • Secure storage via Supabase
  • Limited retention of AI verification content

No method of transmission is 100% secure, but we take all reasonable steps to protect your data.

11. Children's Privacy

SnapHabit is not intended for children under 13. We do not knowingly collect data from children below this age.

12. Changes to This Policy

We may update this Privacy Policy as needed. Updates will be posted on this page with a revised "Last updated" date.

13. Contact Us

If you have questions or concerns, please contact us:

SnapHabit

Email: privacy@snap-habit.com

Website: https://snap-habit.com