Privacy Policy
Effective date: 2 June 2026
Controller: Christen Blom-Dahl, operating Hibika (contact: christen.bc@gmail.com)
This Privacy Policy explains how Hibika ("we", "our", or "us") collects, uses, stores, and shares personal data when you use our mobile and related services (the "Service"). By using the Service, you acknowledge that you have read this notice. Where the law requires separate consent (for example, for certain marketing emails), we will obtain it in the appropriate way.
If you do not agree with this Policy, please do not use the Service.
1. Scope
This Policy applies to personal data processed in connection with the Hibika app, our websites (including hibika.app), customer support, and related infrastructure. It does not apply to third-party sites or services that we do not control.
2. Information we collect
Depending on how you use Hibika, we may process:
2.1 Account and profile data
- Identifiers: email address, user ID, and authentication data processed by our identity provider (Google Firebase Authentication).
- Profile: display name, profile photo or avatar URL (if you provide them), language and app settings you choose.
2.2 Habit and productivity data
- Habits you create or follow (titles, schedules, reminders, categories, notes, completion history, streak-related data, rewards, and similar product data).
- Collaboration data when you use social features (for example, connections, invites, shared or joint habits, nudges, and activity that other participants are intended to see).
2.3 Device, diagnostics, and usage data
- Push notifications: device tokens and notification preferences needed to deliver in-app reminders and social notifications.
- Analytics (app): aggregated or pseudonymous usage information (for example, screen views and feature usage) via Google Analytics for Firebase (or similar tools we configure) to understand product performance and improve the Service.
- Analytics (websites): with your consent where required, pseudonymous usage information (for example, pages viewed and general device or browser information) via Google Analytics 4 on our marketing sites (hibika-website.web.app, hibika.app, and related domains).
- Diagnostics: crash and error reports (for example via Firebase Crashlytics) to improve stability.
2.4 Purchases and entitlements
- Purchase events and subscription status are processed by the applicable app store (Apple App Store / Google Play) and our subscription partner (RevenueCat) to validate entitlements. We do not receive your full payment card number from those platforms.
2.5 Marketing and lifecycle email (optional programme)
If you participate in our email programme (where available and permitted), we may process additional data to tailor messages, including for example:
- Contact attributes synced to our email platform (such as alignment profile family, coarse engagement flags, habit or completion counts, paywall or limit-related flags, last activity timestamps, and premium status), and
- Email interaction data such as opens and clicks recorded by our email provider when you interact with messages (depending on your mail client and settings).
We use Brevo (Sendinblue SAS, France) as our processor to store contacts, send email, and measure basic engagement for those messages.
3. Purposes and legal bases (summary)
We process personal data to:
| Purpose | Examples |
|---|---|
| Provide the Service | sync habits, collaboration, reminders, customer support |
| Secure the Service | authentication, abuse prevention, fraud signals |
| Improve the Service | analytics, crash reporting, product research |
| Communicate with you | transactional messages, important notices, optional marketing and lifecycle email |
| Comply with law | responding to lawful requests, tax/accounting where applicable |
Depending on where you live, the legal bases we rely on may include performance of a contract, legitimate interests (balanced against your rights), consent (where required, for example for certain marketing cookies or marketing email), or legal obligation. Where consent is required and obtained, you may withdraw it without affecting the lawfulness of processing before withdrawal.
4. How we use personal data (details)
- Operate accounts and cloud sync via Google Firebase (Firestore, Cloud Functions, Authentication, and related components).
- Deliver in-product and push notifications you configure.
- Run analytics and diagnostics as described in section 2.3.
- Process purchases via stores and RevenueCat.
- Send email through Brevo, including lifecycle, educational, engagement, and promotional messages about Hibika when permitted. You can opt out of marketing email as described in section 8.
We do not sell your personal data as commonly understood ("sale" for money).
5. Cookies and similar technologies (web)
If you use our websites (including hibika-website.web.app and hibika.app):
- Strictly necessary cookies or similar storage may be used for security and basic functionality.
- Analytics (optional): with your consent where required (for example in the EU/EEA and UK), we use Google Analytics 4 on our marketing site. This may set cookies or similar identifiers (for example
_ga,_ga_*) and collect pseudonymous usage data such as pages viewed and general device or browser information. You can accept or decline analytics when prompted, or change your choice later via Cookie settings in the site footer. We do not use advertising cookies on our websites.
If you decline analytics, we keep analytics storage disabled (including via Google Consent Mode). Marketing cookies, if ever introduced, would only be used with separate consent where required.
6. Sharing and processors
We share personal data with service providers (processors) who assist us under contract and only on our instructions, including:
| Provider (role) | Typical processing |
|---|---|
| Google (Firebase, Analytics, Crashlytics, etc.) | hosting, authentication, database, analytics, diagnostics |
| RevenueCat | subscription status and purchase validation |
| Brevo (Sendinblue SAS) | marketing and lifecycle email, contact storage, email engagement metrics |
| Apple / Google | app distribution and in-app purchases under their policies |
We may also disclose information if required by law, to protect rights and safety, or as part of a merger or acquisition subject to safeguards.
Other Hibika users: when you connect or collaborate, you direct us to share certain habit-related information with those users as described in our Terms of Service.
7. International transfers
Our providers may process data in the European Economic Area, the United Kingdom, the United States, and other countries. Where transfers from the EEA/UK/Switzerland require safeguards, we rely on appropriate mechanisms such as the EU Standard Contractual Clauses and providers' compliance programmes, as offered by our vendors.
8. Marketing preferences and your choices
- Push notifications: can be controlled in your device and in-app settings.
- Marketing email: where we send optional marketing or product-update email, we will include a way to unsubscribe (for example, an unsubscribe link) or you may contact us at christen.bc@gmail.com with your request. Transactional or service-critical email (for example, security notices) may continue where permitted by law even if you opt out of marketing.
9. Retention
We retain personal data only as long as needed for the purposes above, unless a longer period is required by law. When you delete your account (where the app provides this), we delete or anonymise associated personal data within a reasonable period, except where limited retention is necessary for legal, security, or accounting reasons.
Marketing contact records at Brevo are updated or removed as part of the same overall lifecycle, subject to technical propagation delays.
10. Security
We implement appropriate technical and organisational measures designed to protect personal data. No method of transmission or storage is 100% secure; we encourage you to use a strong password and protect your device.
11. Your rights
Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, object, or port your personal data, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.
To exercise rights, contact christen.bc@gmail.com. We may need to verify your identity before fulfilling certain requests.
12. Children
Hibika is not directed to children under the age where parental consent is required in your country (for example, 16 in many EU contexts, or 13 in the U.S. under COPPA). We do not knowingly collect personal data from children. If you believe we have done so, contact us and we will take appropriate steps to delete the information.
13. Automated decision-making
We do not use personal data for solely automated decisions that produce legal or similarly significant effects about you.
14. Changes to this Policy
We may update this Policy from time to time. We will post the new version in the app and on our site and update the Effective date above. Where changes are material and the law requires, we will provide additional notice.
15. Contact
Questions or requests regarding this Policy:
Hibika / Christen Blom-Dahl
Email: christen.bc@gmail.com