Protecting your privacy is important to us.
HabitHeat is a calm habit tracking web app.
We process personal data only to the extent necessary to provide the app and its core functionality.
We do not use tracking or marketing cookies.
We do not sell personal data or share it with unauthorized third parties.
1. Data Controller
The controller responsible for data processing in this web app is:
Philip K.
Fehmarn, Germany
Email: support@habitheat.com
2. What Data We Process in the App
We process only data that is required to provide habit tracking functionality.
2.1 Account Data
When you create and use a HabitHeat account, we process:
- email address (for authentication and account access)
- authentication identifiers (via Firebase)
This data is required to provide secure access to the app.
Legal basis: Article 6(1)(b) GDPR (performance of a contract)
2.2 Habit & Usage Data
All habit-related data is created and controlled by you. This may include:
- habit names and descriptions
- habit type (e.g. checkbox, numeric tracking)
- tracking entries and timestamps
- journal entries or notes you voluntarily add
- habit configuration and preferences
This data exists solely to provide the habit tracking features of the app.
HabitHeat may analyze habit data in a fully anonymized and aggregated form to better understand general usage patterns and to share high-level insights (such as commonly tracked habit types or general drop-off behavior).
These insights:
- contain no personal data
- cannot be traced back to individual users
- are used solely for product improvement and educational content
Legal basis: Article 6(1)(b) GDPR (performance of a contract)
3. Firebase (Google LLC)
HabitHeat uses Firebase for the following purposes only:
- user authentication (Firebase Authentication)
- data storage (Firestore database)
Firebase may technically involve data transfers outside the EU (e.g. to the United States).
A data processing agreement in accordance with Article 28 GDPR has been concluded with Google.
More information:
https://firebase.google.com/support/privacy
Legal basis:
- Article 6(1)(b) GDPR (user management and core functionality)
- Article 6(1)(f) GDPR (legitimate interest in secure and reliable operation)
4. Hosting
The web app frontend and backend are hosted on servers operated by:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Hetzner acts as a data processor under Article 28 GDPR.
Server locations: Germany.
When accessing the app, technical server log data may be processed, including:
- anonymized or shortened IP address
- date and time of access
- requested URL
- browser type and operating system
This data is used exclusively for security, error analysis, and system stability.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in secure operation)
5. Cookies
The web app uses only technically necessary cookies, such as:
- session cookies
- authentication tokens (Firebase)
No tracking, analytics, or advertising cookies are used.
Legal basis: Article 6(1)(f) GDPR
6. No Contact Forms in the App
The HabitHeat web app does not include contact forms.
Communication with users takes place exclusively via email if initiated by the user.
7. Data Storage and Deletion
We store personal data only for as long as necessary to provide the app.
You can delete your account at any time.
Upon deletion, your habit data and associated account data are permanently removed, unless legal retention obligations apply.
8. Your Rights
Under the GDPR, you have the following rights:
- right of access (Art. 15)
- right to rectification (Art. 16)
- right to erasure (Art. 17)
- right to restriction of processing (Art. 18)
- right to object (Art. 21)
- right to data portability (Art. 20)
You can exercise these rights by contacting:
support@habitheat.com
9. Right to Lodge a Complaint
If you believe that your data protection rights have been violated, you may lodge a complaint with a supervisory authority, for example:
Independent State Centre for Data Protection Schleswig-Holstein (ULD)
Holstenstraße 98
24103 Kiel
Germany
Phone: +49 431 988 1200
www.datenschutzzentrum.de
10. Changes to This Privacy Policy
This privacy policy may be updated if technical changes or new features require it.
The current version published in the app always applies.
Last updated: January 2026