Privacy Policy

Last updated: May 8, 2026

This privacy policy describes how FirstHabit ("we", "our application") collects, uses, and protects your personal data when you use our mobile application.

1. Information We Collect

1.1 Information You Provide

• Account: email address, password (encrypted), name (if provided)
• Google Sign-In: name, email, profile picture (only if you choose this method)
• Habit data: habits you create, daily check-ins, notes, statistics
• Coach mode: emails of invited clients, exchanged messages, private notes
• Communications: messages you send us via support

1.2 Automatically Collected Information

• Usage data: app open frequency, features used
• Technical data: device type, Android OS, language, time zone
• Advertising identifiers: Google Advertising ID for ad personalization (you can reset it in Android settings)

2. How We Use Your Data

• Provide and maintain the service (cloud sync, reminders, statistics)
• Personalize your experience (suggested templates, badges, reminders)
• Enable coach-client interactions (chat, tracking)
• Improve the application by analyzing usage anonymously
• Display relevant ads via Google AdMob
• Contact you in case of issues or major changes
• Comply with legal obligations

3. Sharing Your Data

We do not sell your personal data. We share it only with:

• Supabase (database hosting and authentication) — servers based in Europe, GDPR compliant. See their policy: supabase.com/privacy
• Google (AdMob) for ad serving and Google authentication. See their policy: policies.google.com/privacy
• Google Play for app distribution and delivery
• Coaches/clients you invite: users to whom you explicitly grant access to your data within Coach Mode
• Legal authorities if required by law

4. Advertising

FirstHabit uses Google AdMob to display ads. AdMob may collect:

• Your Android advertising ID (resettable)
• Usage data to personalize ads
• IP address (anonymized)

You can disable ad personalization in Android settings: Settings → Google → Ads → Opt out of Ads Personalization.

5. Data Security

• Encrypted connections (HTTPS / TLS 1.3)
• Passwords stored with bcrypt hashing
• OAuth 2.0 authentication for Google Sign-In
• Restricted access to your data by our team

While no system is foolproof, we implement industry best practices to protect your information.

6. Data Retention

We keep your data as long as your account is active. If you delete your account, your data is permanently erased from our servers within 30 days, unless legal retention requirements apply.

7. Your Rights (GDPR)

If you are a resident of the EU or a country with similar rules:

• Access: get a copy of your data
• Rectification: correct inaccurate data
• Erasure: request deletion of your data ("right to be forgotten")
• Portability: retrieve your data in a machine-readable format
• Objection: oppose processing for marketing purposes
• Restriction: request to limit processing

To exercise these rights, contact us at addizineb89@gmail.com. We respond within 30 days.

8. Children

FirstHabit is not intended for children under 13. We do not knowingly collect data from minors. If you are a parent and believe your child has provided data to us, contact us for immediate deletion.

9. International Transfers

Your data may be stored and processed in countries different from yours (notably the EU for Supabase, and the United States for Google services). We ensure these transfers comply with appropriate protection standards.

10. Policy Changes

We may update this policy. The "Last updated" date at the top of this page indicates the last revision. Major changes will be notified in the application.

11. Contact

For any questions regarding this privacy policy or your data:

• 📧 Email: addizineb89@gmail.com
• 🌐 Site: firsthabit.app
• 📍 Address: ADDI ZINEB, Hay Artisanat rue 5 n7, Casablanca 12390, Morocco