Privacy Policy for HabitSet
Effective Date: January 2026
Last Updated: January 2026
1. Introduction
BlueSparrow Labs ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you use the HabitSet mobile application ("App").
This policy applies to all users worldwide, including those in the European Union (EU/EEA), United Kingdom (UK), United States (USA), India, Canada, Australia, and all other jurisdictions.
2. Contact Information
- General inquiries: info@bluesparrow.dev
- Privacy inquiries: privacy@bluesparrow.dev
- Website: https://bluesparrow.dev
3. Our Privacy Commitment
HabitSet is designed with a privacy-first philosophy:
- Your data stays on YOUR device - All habits, completions, story cards, notes, moods, and analytics are stored locally in an encrypted database on your device.
- Optional encrypted backup - If you choose, your data can be backed up to YOUR Google Drive in an encrypted format. We never have access to this data.
- Minimal data collection - We only collect what is absolutely necessary for the App to function.
- No behavioral tracking - We do not track your in-app behavior for advertising or marketing purposes.
- No sale of data - We never sell, rent, trade, or share your personal information with third parties for marketing purposes.
- No advertising - HabitSet contains no advertisements and no ad-tracking technology.
4. Information We Collect
4.1 Account Information (Optional)
If you choose to sign in with your Google account, we receive:
- Your email address
- Your display name
- Your Google account profile photo URL
This information is used solely for account identification and is stored in our secure Firebase Authentication system.
4.2 Subscription Information
If you purchase a premium subscription, the following is processed:
- Transaction IDs
- Subscription status (active, expired, cancelled)
- Purchase timestamps
All payment processing is handled securely by Google Play. We never receive, store, or have access to your payment card details, bank account information, or billing address.
4.3 App Usage Permissions
The App may request the following device permissions:
| Permission | Purpose |
|---|---|
| Notifications | Required for habit reminders and streak-at-risk warnings |
| Biometric / Device Lock | Optional for app lock via fingerprint or face unlock |
| Microphone | Optional for voice note input via speech-to-text |
| Internet Access | Required for authentication, subscription verification, and optional backup |
| Storage | Required for data export and file sharing |
You can revoke any permission at any time through your device's Settings.
4.4 User-Generated Content
All user-generated content is stored locally on your device:
- Habits, completions, and streaks
- Story cards and progress
- Notes, moods, and voice notes
- Analytics and heatmap data
- Preferences and settings
We do not have access to this information unless you enable Cloud Sync, in which case it is stored securely in Cloud Firestore.
4.5 Backup Data (Optional)
If you enable Google Drive backup:
- Data is encrypted before upload
- Data is stored in your personal Google Drive
- Only you can access this data
4.6 Analytics and Crash Reporting
We use Firebase Analytics and Firebase Crashlytics to collect anonymized usage statistics and crash reports. This helps us improve app stability and understand general usage patterns. No personally identifiable habit data is included in these reports.
5. How We Use Your Information
We use the limited information we collect solely for:
- Account Management - To identify you and manage your account
- Subscription Validation - To verify premium subscription status via RevenueCat
- App Functionality - To provide core habit tracking features
- Customer Support - To respond to your support requests
- Service Improvement - To fix bugs and improve the App (using anonymized crash reports only)
We do NOT use your information for:
- Advertising or ad targeting
- Selling or sharing with data brokers
- Behavioral profiling
- Marketing to you without consent
6. Data Storage and Security
6.1 Local Storage
All your habits, completions, story cards, notes, moods, and analytics are stored locally on your device using a secure Drift (SQLite) database.
6.2 Cloud Services
We use the following cloud services:
| Service | Purpose | Data Stored |
|---|---|---|
| Firebase Authentication | Account sign-in | Email, name, photo URL |
| Cloud Firestore | Optional cloud sync | Habit data (if sync enabled) |
| RevenueCat | Subscription management | Transaction IDs, subscription status |
| Google Drive (optional) | User-initiated backup | Encrypted backup files (your Drive only) |
| Firebase Analytics | Anonymized usage stats | Non-identifiable usage patterns |
| Firebase Crashlytics | Crash reporting | Anonymized crash logs |
6.3 Security Measures
We implement industry-standard security measures:
- Encrypted data transmission (TLS 1.3)
- Secure token storage on device
- Encrypted local database (Drift / SQLite)
- Encrypted backup files for Google Drive
- Regular security updates
7. Data Retention
- Account Data: Retained until you delete your account or request deletion
- Local Data: Stored on your device until you clear app data or uninstall
- Cloud Data: Retained in Firestore until you delete your account; removed within 30 days of account deletion
- Backup Data: Stored in your Google Drive until you delete it
- Support Communications: Retained for up to 2 years for quality assurance
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
8.1 Universal Rights
All users have the right to:
- Access - Request a copy of your personal data
- Correction - Request correction of inaccurate data
- Deletion - Delete your account and all associated data
- Portability - Export your data in a standard format
8.2 EU/EEA/UK Residents (GDPR)
In addition to the above, you have the right to:
- Restrict Processing - Limit how we use your data
- Object to Processing - Object to certain uses of your data
- Withdraw Consent - Withdraw any previously given consent
- Lodge a Complaint - File a complaint with your local data protection authority
Legal Basis for Processing (GDPR Article 6):
- Consent: For optional features like Google Drive backup and analytics
- Contract Performance: For providing the App and subscription services
- Legitimate Interests: For security, fraud prevention, and service improvement
8.3 California Residents (CCPA/CPRA)
You have the right to:
- Know - Request disclosure of data collected about you
- Delete - Request deletion of your personal information
- Opt-Out - We do not sell personal information
- Non-Discrimination - We will not discriminate against you for exercising your rights
Categories of Personal Information Collected: Identifiers (email, name)
Categories Sold: None
Categories Shared for Business Purposes: Subscription data with RevenueCat
8.4 Brazil Residents (LGPD)
You have similar rights to access, correct, delete, and port your data. Contact us to exercise these rights.
8.5 Indian Residents (DPDP Act)
You have the right to access, correct, and erase your personal data. You may nominate a person to exercise these rights on your behalf.
8.6 Exercising Your Rights
To exercise any of these rights, contact us at privacy@bluesparrow.dev. We will respond within 30 days (or sooner if required by applicable regulations).
You can also delete your account at any time through Settings > Account > Delete Account within the App.
9. Children's Privacy
HabitSet is not intended for children under 13 years of age (or 16 in the EU/EEA). We do not knowingly collect personal information from children.
If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@bluesparrow.dev and we will promptly delete such information.
10. Third-Party Services
The App integrates with the following third-party services:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Play | App distribution, payments | Google Privacy Policy |
| Firebase (Google) | Authentication, Firestore, Analytics, Crashlytics | Firebase Privacy |
| RevenueCat | Subscription management | RevenueCat Privacy Policy |
| Google Drive | Optional backup | Google Privacy Policy |
We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.
11. International Data Transfers
If you are located outside India, your information may be transferred to and processed in India where our development operations are based. We ensure appropriate safeguards are in place:
- For EU/UK transfers: Standard Contractual Clauses where applicable
- All data is encrypted in transit
- We minimize the data transferred internationally
12. Offline Functionality
HabitSet is designed to work offline. Core features including habit tracking, completions, streaks, story cards, and analytics work without an internet connection. Your data remains on your device and is never uploaded without your explicit action.
13. Do Not Track
HabitSet honors Do Not Track (DNT) signals. We use Firebase Analytics only for anonymized, aggregate usage statistics and do not track users across websites or apps for advertising purposes.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- The "Last Updated" date will be revised
- For significant changes, we will notify you via the App or email
- Continued use of the App after changes constitutes acceptance
We recommend reviewing this policy periodically.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy:
- General inquiries: info@bluesparrow.dev
- Privacy inquiries: privacy@bluesparrow.dev
- Website: https://bluesparrow.dev
We aim to respond to all inquiries within 7 business days.
© 2026 BlueSparrow Labs. All rights reserved.