The following information provides a simple overview of what happens to your personal data when you use our app or website. Personal data is any data that can be used to personally identify you.
Data processing is carried out by the app operator. You can find their contact details in the "Responsible Party" section of this privacy policy.
You have the right to receive free information about the origin, recipient, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
We host our website with Netlify, Inc., 512 2nd Street, Suite 200, San Francisco, CA 94107, USA. When you visit our website, server logs are automatically created containing your IP address, the requested path, timestamps, and browser information. Netlify privacy policy:
https://www.netlify.com/privacy/
Netlify is a US-based company. Data transfer to the USA is based on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. The use of Netlify is based on Art. 6(1)(f) GDPR. We have a legitimate interest in a reliable and fast presentation of our website.
The operators take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
We would like to point out that data transmission over the Internet (e.g., when communicating by email) may have security gaps. Complete protection of data against access by third parties is not possible.
Marcel Simmendinger
Stöffelbergweg 24
72793 Pfullingen
Germany
Email: marcel.simmendinger@kamacit.studio
Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data.
Many data processing operations are only possible with your express consent. You can revoke consent already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing pursuant to Art. 21 GDPR, provided there are grounds relating to your particular situation. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds. To exercise your right to object, please send an email to marcel.simmendinger@kamacit.studio.
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for us is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart, Germany
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format.
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, a right to correction or deletion of this data.
Our website uses only technically necessary cookies. No analytics, advertising, or tracking cookies are used. Technically necessary cookies are stored on the basis of Art. 6(1)(f) GDPR. You can set your browser to inform you about the setting of cookies and only allow cookies on a case-by-case basis.
If you contact us by email or contact form, your inquiry including all resulting personal data will be stored by us for the purpose of processing. We will not share this data without your consent. Processing is based on Art. 6(1)(b) GDPR (contract fulfillment) or Art. 6(1)(f) GDPR (legitimate interest).
Our email communication is operated via Fastmail (Fastmail Pty Ltd, Melbourne, Australia). Fastmail acts as a data processor. Data processing takes place on servers in the USA. The transfer is secured by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. Fastmail privacy policy: https://www.fastmail.com/about/privacy/
Habjour stores your data (habits, completions, settings, statistics, stories) locally on your device using AsyncStorage. This data does not leave your device unless you activate the optional cloud backup feature. Local storage is based on Art. 6(1)(b) GDPR (contract fulfillment/app functionality).
You can delete all locally stored data at any time via Settings > Reset All Data.
If you activate the self-assessment feature, you can rate difficulty, energy level, mood, and social context (alone, with someone, in a group) after each completed habit. These ratings are stored exclusively on your device and are not transmitted to external servers. The feature is disabled by default and can be toggled on or off at any time in the settings.
Habjour offers an optional cycle tracking feature. This constitutes health data within the meaning of Art. 9 GDPR (special categories of personal data). This data (cycle start date, cycle length, daily markers) is stored exclusively on your device and is not transmitted to any servers.
When using the cloud backup feature, cycle data is included as part of your backup on Google Drive. When generating reports, you can choose via a toggle whether cycle data is included. Exported reports only leave your device through your own action (sharing/saving).
Processing is based on your explicit consent (Art. 9(2)(a) in conjunction with Art. 6(1)(a) GDPR), which you grant by activating the feature in the app settings. You can deactivate the feature at any time.
If you use the AI analysis feature and have cycle tracking enabled, you can optionally include your current cycle phase in the AI analysis. This requires a separate consent within the app (Art. 9(2)(a) GDPR), which can be granted and revoked independently of cycle tracking itself. The cycle phase is sent to Mistral AI only as a generic label (e.g., "menstrual", "luteal") in pseudonymized form.
The app can generate a PDF progress report containing aggregated data such as completion rates, weekday patterns, self-assessment distributions, social context analysis, and functional stability. The report is generated entirely on your device. No data is sent to external servers for report generation. The generated report can be voluntarily shared by you (e.g., with therapists).
In therapist mode, imported progress reports can be translated into the current app language. Only free-text fields (alias, notes, habit titles, key findings) are sent to our server and forwarded to Mistral AI (Mistral AI SAS, Paris, France) for translation. Structured data (KPIs, rates, dates) is not transmitted.
Translation is limited to a maximum of 3 calls per report per day. Translated texts are stored locally on your device. Processing is based on your consent (Art. 6(1)(a) GDPR). Mistral AI privacy policy: https://mistral.ai/terms/#privacy-policy
If you activate the cloud backup feature, your app data (habits, statistics, settings) is stored in a hidden, app-only folder on your personal Google Drive (appDataFolder). We have no access to this data — it is stored exclusively in your Google account.
Google Sign-In is used for authentication. Only access to the app-specific folder is granted (scope: drive.appdata). Your name, email address, and profile picture are not stored or transmitted to us.
Processing is based on your consent (Art. 6(1)(a) GDPR). You can deactivate the cloud backup feature at any time and delete your data in Google Drive via your Google account.
On iOS devices, your app data can alternatively be backed up to your personal iCloud account. Data is stored in an app-specific area (CloudKit) that only Habjour can access. We have no access to this data.
Processing is based on your consent (Art. 6(1)(a) GDPR). You can deactivate the iCloud backup feature at any time. Apple's privacy policy applies: https://www.apple.com/legal/privacy/
Premium features and subscriptions (Premium Plus) are processed through the respective app store (Google Play Store / Apple App Store). Payment processing is handled entirely by the store operator. We only receive information about whether a valid purchase exists (product ID, purchase status), but no payment data (credit card numbers, bank information, etc.).
Processing is based on Art. 6(1)(b) GDPR (contract fulfillment). Details about data processing can be found at:
https://policies.google.com/privacy (Google)
https://www.apple.com/legal/privacy/ (Apple)
When you purchase a Therapist Subscription, a randomly generated identification key (64-character hexadecimal value, "Subscription Secret") is created and stored locally on your device. This key is used to associate your subscription and is transmitted to our server (Supabase, hosted in the EU) when making requests. No device IDs, names, or other personal data is collected.
The following is stored on our server: the Subscription Secret (hashed), the selected product ID, the platform (Android/iOS), the purchase status, and generated license codes (format: HJ-XXXX-XXXX) with their status (unused, active, revoked). Client aliases are stored exclusively on the therapist's local device and are not transmitted to the server.
Clients who activate a license code only send the code to the server for validation. No device IDs or other identifying data of clients is collected. The activated code is cached locally on the client's device and periodically verified with the server. If no internet connection is available, an offline grace period of 30 days applies.
Processing is based on Art. 6(1)(b) GDPR (contract fulfillment). Server operator: Supabase Inc. (data processing in the EU). A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place with Supabase. Privacy policy: https://supabase.com/privacy
When you use the AI analysis feature (Premium Plus only), your skip reasons are pseudonymized and sent to our server, which forwards them to Mistral AI (Mistral AI SAS, Paris, France) for analysis. Mistral AI is an EU-based company and processes data in compliance with GDPR. A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place with Mistral AI.
Only pseudonymized data is transmitted: weekday, skip reason, optional notes, and date. No directly identifying data such as names, habit titles, or device IDs is sent. Please note that optional free-text notes should not contain personal information. Analysis results are stored locally on your device.
Optionally, your current cycle phase can be included in the analysis, provided you have both cycle tracking and the separate cycle data AI consent enabled in the app. This constitutes health data within the meaning of Art. 9 GDPR, which requires a separate explicit consent. This consent can be revoked at any time in the settings or in the analysis section of the app, without deactivating cycle tracking itself.
Processing is based on your explicit consent (Art. 6(1)(a) GDPR), which you grant within the app. You can revoke this consent at any time in the app settings. Mistral AI privacy policy: https://mistral.ai/terms/#privacy-policy
When you activate the AI story feature (Premium Plus only), the following data is sent to our server and forwarded to Mistral AI (Mistral AI SAS, Paris, France) for text generation upon each habit completion: habit name, streak count, time of day, number of missed days, story theme, and language. No personal data such as notes, mood data, or device IDs is sent.
The generated story texts are stored locally on your device. The feature can be disabled at any time in the settings. Processing is based on your consent (Art. 6(1)(a) GDPR).
When you use the AI tips feature (Premium Plus only), the following data is sent to our server and forwarded to Mistral AI (Mistral AI SAS, Paris, France) for tip generation: habit name, habit category, and language. No directly identifying data such as names, notes, or device IDs is sent.
For content moderation, the habit name is additionally checked in a separate, parallel call to Mistral AI. Likewise, the generated tip text is checked for inappropriate content before being displayed. These moderation checks serve to protect users and use the same level of data protection as the tip generation itself.
Generated tips are cached locally on your device. Personal notes you add to habits are stored exclusively on your device and are not transmitted to any servers. A maximum of 3 regenerations per day are available.
Processing is based on your consent (Art. 6(1)(a) GDPR). Mistral AI privacy policy: https://mistral.ai/terms/#privacy-policy
Habjour can send local push notifications to remind you of your habits. These notifications are generated and scheduled entirely on your device — no data is sent to external servers. You can disable notifications at any time in the app settings or in your device's system settings.
When you use the feedback feature (Settings > Send Feedback), your message is transmitted anonymously to our server (Supabase, hosted in the EU). No device IDs, names, or other identifying data is collected. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in improving the app).
Habjour does not use any analytics tools, ad trackers, or other services that record your usage behavior. No data is transmitted to third parties for analytics or advertising purposes. Exception: When voluntarily using the AI analysis or AI story narration (Premium Plus), data is sent to Mistral AI (see above).
No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place. The AI analysis only provides general tips and insights that do not produce legal or similarly significant effects.
As of: March 2026