Privacy Policy

Privacy Policy

Last Updated: August 30, 2025

1. Introduction

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our habit tracking application (the "Service"), which allows you to record health and nutrition information and share selected data with coaches to support your goals. Please read it carefully. If you do not agree, do not use the Service.

2. Scope

This Policy applies to personal data we process through the Service, our websites, and related communications. It does not cover third-party services you access via links or integrations (see Third-Party Links).

3. Key Definitions

  • "Personal Data": Information that identifies or can reasonably relate to an individual.
  • "Health / Nutrition Data": Habit entries, nutrition logs, body metrics, sleep, movement, mood indicators, and related wellness information you choose to record.
  • "Coach": A person you explicitly authorize to view portions of your data for guidance.
  • "Processing": Any operation performed on Personal Data.

4. Data We Collect

  • Account Data: Name/alias, email, password (hashed), timezone, preferred units.
  • Profile & Habit / Health Data: Nutrition entries (foods, macros, hydration), habit completions, goals, progress notes, body stats you enter (e.g., weight), sleep duration/quality, activity summaries you input, subjective mood or energy logs.
  • Coach Sharing Data: Permissions, access logs (who viewed what and when), notes/comments exchanged with coaches.
  • Device & Usage Data: IP address, device type, OS/browser metadata, app version, crash logs, feature interaction events, approximate region (derived from IP).
  • Cookies & Similar Technologies: Session cookies, authentication tokens, analytics identifiers, preference cookies. (See Cookies section.)
  • Communications: Support requests, feedback, survey responses, in-app messages.
  • Optional Integrations: If you connect external services (e.g., fitness trackers), we may receive authorized data (steps, calories, duration) per your consent.
  • De-Identified / Aggregated Data: We create statistical data sets that no longer reasonably identify a user.

5. Sensitive / Health-Related Data

Health and nutrition data you record may be considered sensitive in certain jurisdictions. You choose what to enter. By submitting such data, you explicitly consent to its processing for the purposes described here. You can modify or delete entries at any time (see Managing Your Data).

6. How We Use Personal Data

  • Provide, secure, and maintain the Service (authentication, account management).
  • Track habits, compute progress metrics, visualize trends, and support coaching interactions.
  • Facilitate coach access you authorize and display coach feedback.
  • Customize user experience (units, reminders, interface preferences).
  • Analytics and performance (usage patterns, feature optimization, crash diagnostics).
  • Communications (service notices, updates, support responses, consent-based tips).
  • Security (fraud detection, abuse prevention, audit logs).
  • Research & improvement (aggregated/de-identified insights to refine features).
  • Legal compliance (respond to lawful requests, enforce agreements).

7. Legal Bases (EEA / UK / Similar Jurisdictions)

  • Contract: To provide the Service you requested.
  • Consent: Health/nutrition data entry, coach sharing, certain analytics, marketing messages.
  • Legitimate Interests: Service improvement, security, fraud prevention (balanced against your rights).
  • Legal Obligations: Compliance with lawful process and regulatory requirements.

You may withdraw consent at any time without affecting prior lawful processing.

8. Sharing & Disclosure

  • Coaches: Only data you choose to share via granular permissions (e.g., nutrition logs, progress charts). You can revoke access.
  • Service Providers / Processors: Hosting (cloud infrastructure), analytics, email delivery, error monitoring, authentication. They act on our instructions and are bound by confidentiality and data protection commitments.
  • Integrations You Enable: If you connect third-party platforms, data flows per your authorization and their policies.
  • Legal & Safety: To competent authorities if required by law or necessary to protect rights, safety, or integrity of the Service.
  • Business Transfers: In a merger, acquisition, restructuring; your data may transfer subject to continued protection.
  • Aggregated / De-Identified: Analytics and insights that do not reasonably identify you.

We do not sell Personal Data for monetary consideration. If local law defines "sale" to include certain sharing, see Supplemental Notices.

9. Coach Access & Responsibilities

You explicitly control which coaches can view designated data sets. Coaches are independent parties responsible for their own handling once data is displayed to them. Revoke a coach's access to prevent new data retrieval; historical data already viewed may remain in their possession (e.g., notes they exported). Choose coaches you trust.

10. Data Retention

We retain Personal Data for as long as: (a) your account is active; (b) needed to provide the Service; (c) required for legitimate business purposes (audit, security, dispute resolution); or (d) required by law. On deletion request or account closure we schedule removal or anonymization, typically within 30-60 days unless legal retention applies. Backup media purge on rolling cycles (up to 90 days).

11. Security

We implement administrative, technical, and organizational safeguards (encryption in transit (TLS), hashed passwords, access controls, monitoring). No system is perfectly secure. You are responsible for strong passwords and safeguarding credentials.

12. International Transfers

Data may be processed in jurisdictions different from your own. Where required, we use lawful transfer mechanisms (e.g., Standard Contractual Clauses / equivalent). By using the Service, you understand your data may be transferred to countries with different data protection standards.

13. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access and obtain a copy of your Personal Data.
  • Correct inaccurate or incomplete data.
  • Delete data (subject to retention exceptions).
  • Restrict or object to certain processing.
  • Data portability (structured, commonly used format).
  • Withdraw consent (affects future processing only).
  • Opt-out of certain disclosures deemed "sales" or "sharing" under local law.
  • Lodge a complaint with a supervisory authority.

Submit requests via the contact methods below. We will verify identity before fulfilling.

14. Managing Your Data

  • Edit / Delete Entries: Use in-app controls to update or remove logs.
  • Export: Provide a data export (e.g., JSON / CSV) upon request or via provided export feature.
  • Revoke Coach Access: Adjust sharing settings; revocation applies prospectively.
  • Account Deletion: Initiate deletion in settings or request via support; we confirm and process per Retention.

15. Children

The Service is not directed to children under 13 (or higher age threshold where required). We do not knowingly collect data from such children. If you believe a child has provided data, contact us for removal.

16. Cookies & Tracking Technologies

  • Strictly Necessary: Authentication, session continuity.
  • Preferences: Units, theme, locale.
  • Analytics: Usage metrics (aggregated). Where required, analytics load only after consent.

Browser settings may block or delete cookies; core functionality may be limited if disabled.

17. Automated Decision-Making

We do not engage in automated decision-making producing legal or similarly significant effects. Habit insights are descriptive and user-controlled.

18. Third-Party Links & External Services

Links or integrations may lead to external sites or tools. Their privacy practices are governed by their own policies; review them separately.

19. Changes to This Policy

We may update this Policy. A new "Last Updated" date will appear above. Material changes may be announced in-app or by email where required. Continued use after the effective date constitutes acceptance.

20. Contact

Questions or requests may be sent to: support@asyouwishsoftware.com. (Replace with your actual contact email or postal address.)

21. Supplemental California Notice (If Applicable)

Categories collected (per last 12 months): Identifiers (email), Internet/usage data, Geolocation (approx.), Professional (coach relationship), Inferences (aggregated trends), Health data (user-entered). We do not sell Personal Information as defined by the CCPA. You may exercise access, deletion, and correction rights via the Contact section. We do not process sensitive Personal Information for purposes requiring an opt-out under CPRA beyond providing the Service you request.

22. Not Medical or HIPAA-Covered Service

The Service provides tracking and coaching facilitation only. It is not a medical device and not intended for diagnosis or treatment. We are not a covered entity or business associate under HIPAA unless separately agreed in writing. Consult qualified healthcare professionals for medical advice.