Effective date: July 1, 2026
This Privacy Policy explains how Habitgram LLC ("Habitgram," "we," "us," or "our") collects, uses, and shares information when you use the Habitgram mobile app and related services (the "Service"). It describes the features available at launch.
By using the Service, you agree to this Privacy Policy.
When you create an account we collect your email address and name, and either a password (stored only as a one-way bcrypt hash — we never store your plain-text password) or an identifier from your chosen sign-in provider (Google or Apple). We also store your authentication method, email-verification status, and, if you enable it, settings for emailed multi-factor (one-time code) login. We never store the raw login codes, only a hashed form.
Your profile (display name, bio, profile/banner images, optional profile audio/video), appearance and privacy settings, notification preferences, and, if you enable it, an app-lock PIN (stored only as a hash).
During onboarding and the Vision Wizard you may provide personal reflections used to personalize the Service, including your preferred name, focus areas and goals, mood, life-stage, belief/values alignment, free-text dreams, challenges and reflections, the beliefs you want to work on, people who are important to you, your longer-term vision statements, and aesthetic/personalization preferences (theme, font, tone, quiet hours). Providing these is optional and you can skip them.
Information you create in the Service, including habits, goals and completion logs (with any notes you add); your progress, streaks, and achievements; timer sessions; journal pages; vision-board images and topics; manifestation intentions and narratives; affirmations; routines; journeys (photos, video clips, and captions); white-noise/sleep mixes and sleep sessions (including optional sleep-quality ratings and notes); and uploaded or submitted mindset audio.
If you use Tribes or the social feed, we collect the content you post: tribe and channel messages, direct messages, posts, comments, reactions, shared media, follows, and tribe memberships.
If you report content or another user, or block a user, we store those reports and blocks — including who or what was reported, the reason you select, and the resulting moderation decisions — so we can operate our safety features and enforce our rules. As described in Section 7, we may retain a limited set of these records even after you delete your account.
Your subscription tier, status, billing cycle, trial dates, renewal period, and the payment source. In-app purchases on iOS are processed by Apple through Apple's In-App Purchase system (managed via RevenueCat); we receive your subscription status and a transaction identifier, not your full payment-card details. (A separate web-billing path using Stripe applies only if you subscribe on the web; card details there are handled by Stripe, not by us.)
If you enable notifications, we store your device's push token and platform (iOS/Android/web) so we can deliver reminders and notifications.
We keep a per-day count of how many AI exchanges you use, to enforce plan limits.
If you submit in-app feedback, we collect the feedback text, your username, and the screen/context it came from.
Session data and basic technical information needed to operate and secure the Service.
The app requests device permissions only for specific features, and only when you use them:
We use your information to:
We do not sell your personal information.
We share information with third-party processors only as needed to run the Service:
| Provider | Purpose | What is shared |
|---|---|---|
| Anthropic (Claude) | AI generation and content moderation | The text you submit to AI features (e.g. manifestation intentions, onboarding answers) and the text of posts, comments, and tribe/channel messages (for automated moderation). See Section 5. |
| Google Cloud Text-to-Speech | Convert AI-generated narratives/affirmations to audio | The generated narration text. |
| Cloudflare R2 | Media/file storage | Images, audio, and video you upload or that the app generates for you. |
| Apple | In-app purchases & Sign in with Apple | Subscription/transaction data; sign-in identifier, email, and name. |
| RevenueCat | Manage iOS subscriptions | Your in-app user identifier and Apple subscription status. |
| Sign in with Google | Sign-in identifier, email, name, and profile picture. | |
| Resend | Transactional email (verification, login codes, password reset) | Your email address, first name, and the relevant token/code. |
| Railway (PostgreSQL host) | Primary data storage | All account and content data described above. |
| Discord (webhook) | Routing in-app feedback to our team | Your username and the feedback you submit. |
| Stripe | Web billing only (not used for iOS purchases) | Your email and account identifier; card details handled by Stripe. Applies only if you subscribe through our website. |
We may also disclose information to comply with law, enforce our Terms, or protect the rights, safety, and security of our users and the Service. If we undergo a merger, acquisition, or asset sale, information may be transferred as part of that transaction.
Community content you post (e.g. in Tribes or the public feed) is shared with other users according to your visibility settings.
Several features use artificial intelligence. When you use an AI feature, the text you provide is transmitted to Anthropic (Claude) for processing, and any resulting narration text is transmitted to Google Cloud Text-to-Speech to generate audio. This applies to manifestation narratives, AI-generated affirmations and onboarding content, and habit personalization.
In addition, we use automated content moderation to help keep the community safe. Posts, comments, and tribe/channel messages may be screened by an automated AI moderation step (also via Anthropic), and all community content — including direct messages — is checked against an automated keyword filter. These AI features cannot function without sending the relevant text to these providers; if you do not want your text processed this way, do not use the AI features or post content.
Content you share in Tribes, the feed, or direct messages may be visible to other users based on your settings. To keep the community safe:
See the Terms of Service for the rules governing acceptable content.
We retain your information for as long as your account is active or as needed to provide the Service.
You can permanently delete your account from within the app (Settings → account deletion). This permanently deletes your profile and your personal content across the Service, including your habits and logs, progress and achievements, journals, vision boards, manifestations, affirmations, routines, journeys, sleep data, onboarding and personalization answers, posts, comments, reactions, follows, tribe memberships, the tribe/channel messages and direct messages you sent, push notification tokens, your subscription records in our database, and the media files (images, audio, and video) you uploaded to our storage. Account deletion runs as a single operation: if it cannot complete, it does not partially delete your data, and your session is ended.
Tribes and channels you created. If you created a tribe or channel, deleting your account also removes that tribe or channel and the content within it, which may include messages other members posted in that space.
Records we retain. To keep the community safe, enforce our rules, and meet legal obligations, we retain a limited set of safety and moderation records — such as reports made about content or users, and the related moderation decisions — even after an account is deleted. We also retain information as required by law and limited-duration backups (described below).
You can deactivate your account instead, which disables it without deleting it.
You can request a copy of your core account data through the in-app export.
Backups: residual copies of data may persist in our encrypted backups for a limited period after deletion before being overwritten. Subscription and transaction records held by Apple, RevenueCat, or Stripe are retained according to those providers' policies and applicable financial-record requirements.
Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. You can delete your account and export your core data directly in the app, or contact us at the email below for other requests. We will respond consistent with applicable law. You can also control notifications and most privacy/visibility settings within the app.
The Service is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. The Service includes community and messaging features and is intended for users 13 and older. If you believe a child under 13 has provided us personal information, contact us at the email below and we will delete it.
We use industry-standard measures to protect your information, including hashing of passwords, login codes, and PINs, encrypted transport, and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
We operate the Service from the United States and store data with U.S.-based providers. If you use the Service from outside the United States, you understand your information will be processed in the United States.
We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and, where appropriate, notify you in the app. Your continued use of the Service after changes take effect constitutes acceptance.
Questions about this Privacy Policy or your data:
Habitgram LLC
Email: [email protected]