Legal

GDPR Compliance

Our Commitment

HabitDNA is fully committed to compliance with the General Data Protection Regulation (GDPR) and the India Digital Personal Data Protection Act (DPDP Act). Your data rights are not just legal obligations for us — they're core to how we build our product.

Your Rights Under GDPR

📋

Right to Access

Request a complete copy of all personal data we hold about you. Use the in-app data export feature or contact us.

✏️

Right to Rectification

Update or correct any inaccurate personal data through your profile settings or by contacting us.

🗑️

Right to Erasure

Delete your account and all associated data. This triggers a complete data purge within 30 days.

📦

Right to Portability

Export your data in a machine-readable JSON format. See our Data Export page for details.

🚫

Right to Restrict Processing

Request that we limit how we process your data while a complaint or correction is being resolved.

🔕

Right to Withdraw Consent

Withdraw consent for optional data processing (like AI features) at any time without affecting core functionality.

Data Processing Basis

We process your data under the following legal bases:

  • Contract Performance: Habit tracking, timer sessions, streaks, and gamification (necessary to provide the service)
  • Consent: AI features (you explicitly choose to use them and spend credits)
  • Legitimate Interest: Service improvement through anonymized, aggregated analytics

Data Protection Measures

  • Encryption at rest (DynamoDB) and in transit (TLS 1.2+)
  • JWT-based authentication via AWS Cognito
  • Object-level authorization — users can only access their own data
  • No hardcoded credentials — secrets managed via AWS Secrets Manager
  • API rate limiting and input validation on all endpoints
  • Regular security audits and monitoring via CloudWatch

India DPDP Act Compliance

In addition to GDPR, we comply with the India Digital Personal Data Protection Act (2023):

  • Clear consent mechanisms before data collection
  • Purpose limitation — data used only for stated purposes
  • Data localization awareness for Indian users
  • Right to grievance redressal

How to Exercise Your Rights

  1. Open HabitDNA → Settings → Privacy & Data
  2. Choose: Export Data, Delete Account, or Manage Consent
  3. Or contact us directly at privacy@habitdna.app

We respond to all data requests within 30 days.