Last Updated: November 1, 2025
Effective Date: November 1, 2025
A8I ("we", "us", or "our"), a French company operating from France, provides the Habits mobile application (the "App"). We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Company Information:
Company Name: A8I
Website: https://a8i.org
Jurisdiction: France
This Privacy Policy explains how we collect, use, share, and protect your information when you use our App.
For the purposes of GDPR, A8I is the data controller responsible for your personal data. Our registered address and contact details are available at https://a8i.org.
When you use the App, we collect the following information you provide:
Habit Information: Habit names, check-in dates, streaks, creation dates, and activated triggers
AI Coaching Conversations: Messages you send to the AI coach, including your questions, responses to coaching prompts, and related habit context
Coaching Preferences: Your selected coach type and personality preferences
We automatically collect certain information when you use the App:
Usage Analytics: Detailed usage statistics through Amplitude Analytics, including:
App opens and session data
Onboarding flow interactions and completed steps
Habit check-in events (timestamps, streaks, habit names)
AI coaching interactions (message content, response times, conversation length)
Widget usage and tutorial interactions
Coach selection and preferences
Feature usage patterns and user flows
Device Information: Anonymous device identifier generated by Amplitude
Technical Data: App version, iOS version, device model, and crash reports
Security Tokens: App Attest/DeviceCheck tokens for API authentication (not personally identifiable)
For transparency, we do not collect:
❌ Your name, email address, or contact information
❌ Location data or GPS coordinates
❌ Contacts, calendar, or other device data
❌ Photos or media files (unless you explicitly share them with AI)
❌ Financial or payment information (the App is free)
❌ Biometric data
❌ Social media profiles or identities
We use the collected information for the following purposes:
Provide habit tracking functionality
Enable AI coaching features through OpenAI's API
Sync your data across your Apple devices (if you enable iCloud)
Display widgets and live activities
Analyze usage patterns to improve the App experience
Identify and fix bugs and technical issues
Develop new features based on user behavior
Optimize AI coaching responses and interactions
Authenticate API requests using App Attest/DeviceCheck
Protect against abuse and fraudulent activity
Ensure secure communications with backend services
Track anonymous usage metrics through Amplitude Analytics
Understand feature adoption and user engagement
Measure app performance and stability
Legal Basis (GDPR): We process your data based on:
Legitimate Interest: To improve our services and ensure app functionality
Consent: For analytics tracking (which you can opt out of)
Contractual Necessity: To provide the services you request
Primary Storage: All your habit data is stored locally on your iOS device using SwiftData
Control: You have full control over your local data
Security: Data is encrypted by iOS at the device level
Optional Feature: You can optionally enable iCloud sync to backup and sync your habit data across your Apple devices
Provider: Apple Inc. (subject to Apple's Privacy Policy)
Location: Apple data centers based on your iCloud region
Control: You can disable iCloud sync at any time in the App settings
Your data may be processed in the following locations:
Amplitude Analytics: European Union data centers (EU server zone enabled)
OpenAI API: United States (for AI coaching responses)
Firebase/Google Cloud: Global infrastructure with data residency primarily in the United States
Apple iCloud: Varies by your Apple ID region
By using the App, you acknowledge and consent to this international data transfer. We ensure appropriate safeguards are in place through:
Standard Contractual Clauses (SCCs) with third-party processors
Compliance with EU-US Data Privacy Framework principles
Encryption of data in transit and at rest
We use the following third-party services that may process your data:
Purpose: Generate AI coaching responses
Data Shared: Your chat messages, habit context (names, streaks, check-in data), and coaching preferences
Method: Secure Firebase Cloud Functions proxy (no API keys in app)
Retention: OpenAI retains data for 30 days for abuse monitoring, then deletes it (per OpenAI's policy)
Privacy Policy: https://openai.com/privacy
Purpose: Anonymous usage analytics and app performance monitoring
Data Shared: Usage events with properties including habit names, message content excerpts, interaction patterns, device identifiers
Retention: 24 months, then automatically deleted
Privacy Policy: https://amplitude.com/privacy
Data Residency: EU servers (GDPR compliant)
Purpose: Backend infrastructure and secure API proxy to OpenAI
Data Shared: API requests, App Attest tokens, anonymous session data
Privacy Policy: https://firebase.google.com/support/privacy
Purpose: Data synchronization across your Apple devices
Data Shared: All your habit data (if you enable iCloud sync)
Privacy Policy: https://www.apple.com/legal/privacy/
Data Type
Retention Period
Deletion Method
Local Habit Data
Until you delete the app or clear data
Automatic upon app deletion
iCloud Data
According to your iCloud settings
Disable iCloud sync or delete app data
AI Chat Messages
Not stored by us; processed in real-time
Messages sent to OpenAI retained for 30 days by OpenAI
Amplitude Analytics
24 months
Automatic deletion after retention period
Firebase Logs
30 days
Automatic deletion
We implement industry-standard security measures to protect your data:
Encryption in Transit: All network communications use HTTPS/TLS encryption
Encryption at Rest: Local data encrypted by iOS secure enclave; iCloud data encrypted by Apple
API Security: App Attest (production) and DeviceCheck (development) for request authentication
No Stored Credentials: No API keys or secrets stored in the app binary
Secure Architecture: Firebase Cloud Functions act as secure proxy to OpenAI API
Regular Updates: We regularly update dependencies and address security vulnerabilities
However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:
You have the right to request access to the personal data we hold about you.
You can correct inaccurate data directly in the App by editing your habits.
You can delete all your data by:
Deleting individual habits in the App
Uninstalling the App (deletes local data)
Disabling iCloud sync and deleting iCloud data from your Apple ID settings
You can export your habit data (feature in development). Currently, habit data is stored in standard formats on your device.
You can object to analytics tracking by:
Disabling analytics in App settings (feature in development)
Contacting us to opt out manually
You can request that we restrict processing of your data by contacting us.
You can withdraw your consent to data processing at any time by:
Uninstalling the App
Disabling specific features (iCloud sync, analytics)
You have the right to lodge a complaint with your local data protection authority:
France (CNIL): https://www.cnil.fr/
EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
You can request information about:
Categories of personal information collected
Sources of personal information
Business purpose for collecting data
Categories of third parties with whom we share data
You can request deletion of your personal data. See Section 9.3 for deletion methods.
We do NOT sell your personal information. We do not and will not sell your data to third parties.
We will not discriminate against you for exercising your CCPA rights.
You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.
The App is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.
If you believe we have collected information from a child, please contact us immediately at the contact details below.
We use Amplitude to collect detailed usage analytics, including:
Event tracking (app opens, check-ins, AI interactions)
Event properties (habit names, message content, timestamps)
User properties (device type, app version)
Anonymous device identifiers
Data Residency: Amplitude data is stored on EU servers to comply with GDPR.
Opt-Out: You can opt out of analytics (feature in development). Contact us to manually opt out.
We do not use advertising trackers or share your data with advertising networks.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:
We will update the "Last Updated" date at the top of this policy
For material changes, we will notify you via:
In-app notification
Prominent notice on app launch
Email (if we have your contact information)
We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes are posted constitutes your acceptance of the updated Privacy Policy.
As a French company, we primarily serve users in the European Union. However, some of our third-party service providers are located in countries outside the EEA that may not offer the same level of data protection.
When we transfer data internationally, we ensure appropriate safeguards through:
Standard Contractual Clauses (SCCs): EU-approved model contracts for data transfers
Adequacy Decisions: Relying on EU Commission adequacy decisions where available
Additional Safeguards: Technical and organizational measures to protect your data
For specific questions about data transfers, please contact us.
We do not and will never sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.
We share data with service providers only to the extent necessary for them to provide services to us:
OpenAI: AI coaching functionality
Amplitude: Analytics services
Google/Firebase: Backend infrastructure
Apple: iCloud sync (if enabled)
All service providers are contractually obligated to protect your data and use it only for specified purposes.
We may disclose your information if required to do so by law or in response to:
Valid legal processes (subpoenas, court orders)
Requests from government authorities
Protection of our rights, property, or safety
Emergency situations involving danger to persons
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change and your rights regarding your data.
The App does not use cookies as it is a native iOS application. However, our third-party service providers (Amplitude, Firebase) may use similar technologies to collect information. These technologies are governed by the respective third-party privacy policies.
Our App does not respond to Do Not Track (DNT) signals from browsers, as it is a native mobile application. However, you can control analytics tracking as described in Section 12.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
A8I
Website: https://a8i.org
Email: [contat@a8i.org]
For GDPR-related inquiries or to exercise your rights, please include:
Your name (if you wish to provide it)
A description of your request
Sufficient information to identify your data (e.g., device identifier from app settings)
Response Time: We will respond to your request within:
30 days (GDPR)
45 days (CCPA)
To exercise any of your rights described in this Privacy Policy:
In-App Actions: Delete habits, disable iCloud sync, or uninstall the app
Contact Us: Send a request to our contact email above
Provide Verification: We may ask for verification to ensure we're responding to the correct person
We will process your request free of charge, except in cases of manifestly unfounded or excessive requests.
By downloading, installing, or using the Habits App, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.
If you do not agree with this Privacy Policy, please do not use the App.
What We Collect:
Habits you create and track (stored on your device)
Messages you send to the AI coach
Anonymous usage statistics to improve the app
What We DON'T Collect:
Your name, email, or personal identity
Your location
Your contacts or photos
Where Your Data Goes:
Stays on your device (and optionally in your iCloud)
AI messages sent to OpenAI for coaching responses
Anonymous analytics sent to Amplitude (EU servers)
Your Control:
Delete everything by removing the app
Disable iCloud sync anytime
Export your data (coming soon)
Opt out of analytics (coming soon)
We Never:
Sell your data
Share your data for advertising
Track you across other apps or websites
Your Privacy Matters: We built Habits with privacy as a core principle. Your data is yours, and we respect that.
Questions or Concerns?
Contact us at https://a8i.org or [contact@a8i.org]
Last Updated: November 1, 2025
Version: 1.0.0