Privacy Policy

2. Information We Collect

2.1 Information You Provide Directly

Account Information

• Email address
• Username and display name
• Password (encrypted)
• Profile picture/avatar
• Discord account information (if connecting via Discord)

Habit and Progress Data

• Habit names, descriptions, and categories
• Daily check-ins and completion records
• Streak data and achievement history
• Goals and milestones
• Notes and reflections

Community Content

• Shared "dailies" and progress updates
• Comments and interactions with other users
• Reactions and encouragement to others
• Profile bio and public information

Habit Tracks (Creator Content)

• Habit Track titles, descriptions, and structure
• Daily tasks and milestones you create
• Pricing information for paid tracks
• Instructional content and guidance

Payment Information (for paid features)

• Billing address
• Payment method details (processed by third-party payment processors)
• Purchase history and transaction records

2.2 Automatically Collected Information

Usage Data

• Pages visited and features used
• Time spent on the Platform
• Click patterns and navigation flow
• Feature engagement metrics
• Search queries within the Platform

Device and Technical Information

• IP address and geolocation (city/country level)
• Browser type and version
• Device type and operating system
• Screen resolution
• Referral source

Discord Integration Data (if applicable)

• Discord user ID, username, and discriminator
• Server (guild) IDs where you use our features
• Server membership information
• Discord avatar and profile data

Cookies and Similar Technologies

• Session cookies for login and authentication
• Preference cookies for settings
• Analytics cookies for usage insights
• Performance cookies for optimization

2.3 Information from Third Parties

Discord Platform

• Profile information from Discord OAuth
• Server membership and roles
• User permissions and settings

Payment Processors

• Transaction confirmation
• Payment status
• Fraud detection signals

2.4 Information We Do NOT Collect

We do not collect:

• Private Discord messages between users
• Voice or video data unless you provide them through an app feature
• Precise geolocation (GPS coordinates)
• Sensitive personal data (health conditions, biometric data, etc.)
• Financial account credentials (handled by payment processors)
• Content of private habits (unless you choose to share them)

3. How We Use Your Information

3.1 Core Service Functionality

• Create and manage your account
• Store and sync your habit data across devices
• Track your progress, streaks, and achievements
• Generate personalized statistics and insights
• Send reminders and notifications
• Display your shared dailies to your community
• Facilitate enrollment in Habit Tracks

3.2 Community Features

• Display your profile to other community members
• Show your shared progress updates
• Enable interactions with other users
• Connect you with relevant communities
• Recommend Habit Tracks based on your interests

3.3 Creator Features

• Enable creation and management of Habit Tracks
• Process payments for paid tracks
• Display your creator profile and content
• Calculate and distribute creator earnings
• Provide analytics on track performance

3.4 Platform Improvement

• Analyze usage patterns to enhance features
• Identify and fix bugs and technical issues
• Develop new features and functionality
• Optimize performance and user experience
• Conduct research and analytics

3.5 Communication

• Send important service announcements
• Respond to support requests
• Provide updates about new features
• Send marketing communications (with your consent)
• Deliver transactional emails (receipts, confirmations)
• Send community engagement notifications

3.6 Safety and Security

• Prevent fraud and abuse
• Enforce our Terms of Service
• Protect user safety and platform integrity
• Detect and prevent unauthorized access
• Comply with legal obligations

3.7 Payment Processing

• Process purchases of paid Habit Tracks
• Calculate platform fees and creator earnings
• Issue refunds when appropriate
• Prevent payment fraud

4. Legal Basis for Processing (GDPR)

For users in the EU/UK, we process your data based on:

• Contract Performance: To provide services you've requested
• Legitimate Interests: To improve our service and prevent fraud
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5.2 Public Information and Community Sharing

When you share content on the Platform:

• Your shared dailies are visible to your server/community members
• Your public profile information is visible to other users
• Your Habit Tracks (if you're a creator) are publicly listed
• Other users can see your progress on shared habits

You control what information you share publicly through your privacy settings.

5.3 Service Providers

We share data with trusted third-party service providers who assist us:

Hosting and Infrastructure

• Cloud hosting providers (e.g., AWS, Google Cloud)
• Database services
• Content delivery networks (CDN)

Payment Processing

• Payment processors (e.g., Stripe, PayPal)
• Fraud detection services

Communication Services

• Email service providers
• Push notification services
• SMS providers (if applicable)

Analytics and Monitoring

• Analytics platforms (e.g., Google Analytics)
• Error tracking services
• Performance monitoring tools

Customer Support

• Support ticket systems
• Live chat services

These providers are contractually obligated to protect your data and use it only for specified purposes.

5.4 Discord Platform

When you use our Discord integration:

• Discord receives information according to their API requirements
• Discord&apo;s Privacy Policy governs their data practices
• We share only necessary data for integration functionality

5.5 Other Users

Within the community features:

• Other users see information you choose to share
• Creators see aggregated data about their Habit Track enrollments
• Community members see your public profile and shared progress

5.6 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations or court orders
• Respond to valid government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud, illegal activities, or harm to users
• Investigate violations of our policies

5.7 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5.8 With Your Consent

We may share your information for other purposes with your explicit consent.

5.9 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify individual users for:

• Research and analytics
• Marketing and promotional purposes
• Public reports and statistics

6. Data Storage and Security

6.1 Where We Store Data

Your data is stored on secure servers located in the SEA region. We use reputable cloud hosting providers with industry-standard security certifications.

6.2 Security Measures

We implement appropriate technical and organizational measures:

Technical Safeguards

• Encryption in transit (TLS/HTTPS)
• Encryption at rest for sensitive data
• Secure password hashing (bcrypt/Argon2)
• Regular security audits and penetration testing
• Intrusion detection systems
• Automated threat monitoring

Access Controls

• Role-based access for staff
• Multi-factor authentication for admin accounts
• Audit logs for data access
• Principle of least privilege

Operational Safeguards

• Staff training on data protection
• Incident response procedures
• Regular backups and disaster recovery
• Vendor security assessments

6.3 Data Retention

We retain your data for as long as:

• You have an active account
• Necessary to provide services
• Required by law or to resolve disputes
• Needed for legitimate business purposes

Specific Retention Periods:

• Account data: Until account deletion
• Habit and progress data: Until account deletion or user-requested removal
• Payment records: 7 years (for tax/legal compliance)
• Support tickets: 3 years
• Analytics data: 2 years (aggregated)
• Deleted account data: 30 days in backup systems

6.4 Security Limitations

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. You use the Platform at your own risk and should use strong passwords and protect your account credentials.

7. Your Rights and Choices

7.1 Account Settings and Privacy Controls

You can control your privacy through:

• Privacy settings for shared dailies
• Profile visibility options
• Notification preferences
• Community sharing controls
• Who can see your progress

7.2 Access and Data Portability

You have the right to:

• Access your personal data through your account settings
• Request a complete copy of your data
• Export your habit data in machine-readable format (JSON/CSV)
• Use our data export feature at any time (if the feature isn't available then send us a request by contacting us)

7.3 Correction and Updates

You can:

• Update your profile and account information
• Edit your habits and progress data
• Correct inaccurate information through the app
• Contact us for assistance with corrections

7.4 Deletion Rights

You have the right to:

• Delete your account and all associated data
• Use the account deletion feature in settings
• Request deletion of specific data
• Have your data removed within 30 days

Note: Some data may be retained for legal compliance, dispute resolution, or legitimate business purposes (e.g., payment records).

7.5 Marketing and Communication Preferences

You can:

• Opt out of marketing emails via unsubscribe links
• Manage email preferences in account settings
• Disable push notifications in your device settings
• Control Discord notification preferences

You cannot opt out of essential service communications (security alerts, legal notices, transaction confirmations).

7.6 Cookie Management

You can control cookies through:

• Browser settings and preferences
• Cookie consent banner on first visit
• Privacy settings in your account

Note that disabling certain cookies may limit Platform functionality.

7.7 Additional Rights (GDPR/UK/CCPA)

For EU/UK Users (GDPR):

• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to object to processing
• Right to lodge a complaint with supervisory authority
• Right to withdraw consent
• Right to not be subject to automated decision-making

For California Users (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or shared
• Right to opt-out of the sale of personal information (we don't sell)
• Right to deletion of personal information
• Right to non-discrimination for exercising rights

For Other Jurisdictions:

We respect privacy rights under applicable local laws. Contact us to exercise your rights.

8. Children's Privacy

The Platform is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately. We will delete such information promptly upon verification.

If we learn that we have collected information from a child under 13 without parental consent, we will delete it as quickly as possible.

9. International Data Transfers

If you access the Platform from outside SEA region, your information may be transferred to, stored, and processed in SEA region or other countries where our service providers operate.

We ensure appropriate safeguards for international transfers:

• Standard Contractual Clauses (SCCs) for EU data
• Adequacy decisions where applicable
• Appropriate legal mechanisms under local law

By using the Platform, you consent to these international transfers.

10. Third-Party Services and Links

10.1 Discord

The Platform integrates with Discord. Discord's Privacy Policy (https://discord.com/privacy) governs their collection and use of data. We are not responsible for Discord's data practices.

10.2 Payment Processors

We use third-party payment processors (e.g., Stripe, PayPal) to handle transactions. Their privacy policies govern the payment information they collect. We do not store complete payment card details.

10.3 External Links

The Platform may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies before providing information.

10.4 Third-Party Integrations

If we offer integrations with other services (e.g., calendar apps, productivity tools), those services' privacy policies will apply to data shared with them.

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

Essential Cookies (required for functionality)

• Authentication and session management
• Security features
• Platform functionality

Analytics Cookies (with your consent)

• Usage statistics
• Feature engagement
• Performance monitoring

Preference Cookies (with your consent)

• Settings and preferences
• Language and region preferences
• Display customization

11.2 Third-Party Cookies

We may use third-party analytics services (e.g., Google Analytics) that set their own cookies. You can opt out through browser settings or third-party opt-out tools.

11.3 Managing Cookies

You can control cookies through:

• Browser settings
• Cookie consent preferences
• Third-party opt-out tools
• Do Not Track signals (we honor these where feasible)

12. Data Breach Notification

In the unlikely event of a data breach affecting your personal information:

• We will investigate promptly
• Notify affected users within 72 hours (where required by law)
• Report to relevant authorities as required
• Take immediate steps to mitigate harm
• Provide guidance on protective measures

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

• Changes in our data practices
• New features or services
• Legal or regulatory requirements
• User feedback

We will notify you of material changes through:

• Email notification
• Platform announcements
• Updates to this page with a new "Last Updated" date

Continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy. If you do not agree, please stop using the Platform and delete your account.

14. Contact Us

14.1 General Inquiries

For questions, concerns, or requests regarding this Privacy Policy:

• Email: privacy@hodos.today
• Web: https://hodos.today/privacy-policy

14.3 Exercising Your Rights

To exercise your privacy rights:

1. Log into your account and use privacy settings
2. Use the data export/deletion features
3. Contact us directly using the information above
4. Provide sufficient information to verify your identity

We will respond to requests within 30 days (or as required by applicable law).

15. Supervisory Authority

If you are located in the EU/UK and believe we have not addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

16. California Residents - Additional Information

16.1 Information We Collect (CCPA Categories)

• Identifiers (email, username, IP address)
• Commercial information (purchase history)
• Internet activity (usage data)
• Profile inferences (preferences, interests)

16.2 Business Purpose for Collection

As described in Section 3 of this Privacy Policy.

16.3 We Do Not Sell Personal Information

We do not sell personal information as defined by CCPA. We do not share personal information for cross-context behavioral advertising.

16.4 Your CCPA Rights

Contact us to exercise your rights under CCPA. We will not discriminate against you for exercising these rights.