habitlume.app

Privacy Policy

We treat your data the way we want our own treated. This policy explains what we collect, why, and the choices you have.

Last updated: May 27, 2026

1. Introduction and Scope

This Privacy Policy describes how Meltian Advertising Solutions ("we", "us", "our") collects, uses, and protects personal information when you use habitlume (the "Service"). It applies to all visitors and registered users of habitlume.app.

2. Who We Are

habitlume is operated by Meltian Advertising Solutions, located at 10316 Sepulveda Blvd, #377, Mission Hills, CA 91345, United States. Meltian Advertising Solutions is the data controller for personal information processed through the Service. For any privacy question, email support@habitlume.app or call +1 (833) 364-3410.

3. Information We Collect

Account information

When you create an account we collect your email address, an optional display name, and a password that is hashed by our authentication provider. We never store passwords in plain text.

Journal content

The habits, daily entries (mood and notes), and habit completions you create in habitlume are encrypted at rest. They are not read by our staff and are never used to train artificial intelligence models of any kind.

Technical data

When you use the Service we automatically collect technical information including IP address, browser and device information, session identifiers, and request logs. This data is used for security, abuse prevention, and debugging.

Payment information

Payments are handled by a third-party PCI DSS Level 1 certified processor. Meltian does NOT store payment card numbers. We receive only a payment token, the last four digits of your card, and the brand (e.g. Visa). We do not see, store, or transmit your full card number, CVV, or expiration date.

Usage data

We collect anonymous, aggregated analytics (such as page views and feature usage) to improve the product. This data does not identify individual users.

3a. How We Collect It

We collect personal information directly from you (when you register, journal, or contact support), automatically through cookies and server logs as you use the Service, and from third-party service providers such as our payment processor (who share limited transaction metadata with us). Our use of cookies is described in our Cookie Policy.

4. How We Use Information

  • To provide and maintain the Service
  • To process payments and issue refunds
  • To respond to support requests
  • To communicate important service updates
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area, the United Kingdom, and Switzerland, we process personal data on the following legal bases: performance of a contract (to deliver the Service you purchased), legitimate interests (to improve the Service and prevent fraud), legal obligation (tax, accounting), and consent (for optional communications).

6. Sub-Processors and Data Sharing

We do not sell personal data. We do not share personal data with advertisers. We share data only with the following categories of trusted sub-processors, each bound by a data processing agreement, strictly to operate the Service:

  • Hosting and database (Supabase) - to host the application and store your data
  • Payment processing (our PCI DSS Level 1 certified payment processor disclosed at checkout) - to process payments
  • Transactional email delivery - to send receipts and account emails

We may also disclose information if required by law, court order, or to protect the rights, property, or safety of our users or the public.

7. International Transfers

habitlume is hosted in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States. Where required for transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses.

8. Data Retention

We retain account and journal data for as long as your account is active. When you delete your account from Settings, Data and Privacy, our delete-user-account backend function removes your account and associated User Content from our active production database immediately via cascade deletion. Encrypted database backups are retained for up to 90 days and then purged on rotation. Some records (such as billing records) are retained longer where required by law.

9. Your Rights

We make it easy to exercise the most common rights yourself. In Settings, Data and Privacy you can:

  • Download your data as JSON, Markdown, or PDF (right to access and portability)
  • Delete your account and all associated journal content (right to erasure)

Under GDPR (EU, UK, EEA, Switzerland)

  • Right of access (Article 15) - request a copy of your personal data
  • Right to rectification (Article 16) - correct inaccurate data
  • Right to erasure (Article 17) - request deletion of your data
  • Right to data portability (Article 20) - receive your data in a portable format
  • Right to restrict processing (Article 18)
  • Right to object (Article 21)
  • Right to withdraw consent at any time where processing is based on consent
  • Right to lodge a complaint with a supervisory authority

California residents (CCPA / CPRA)

  • Right to know what personal information we collect and use
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising)
  • Right to non-discrimination for exercising these rights

To exercise rights that are not self-service, email support@habitlume.app or call +1 (833) 364-3410. We respond within 30 days.

10. Security Measures

We protect your data with industry-standard measures: TLS 1.3 for data in transit, AES-256 encryption for journal content at rest, Postgres Row Level Security policies scoping every row to its owning user, password hashing performed by our authentication provider using modern algorithms, regular security reviews, and tightly scoped access controls limiting which employees can access production infrastructure.

11. Cookies

We use a small set of strictly necessary and functional cookies to operate the Service. Full details, categories, and your choices are described in our Cookie Policy.

12. Children's Privacy

habitlume is not directed at children under 16 and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, contact support@habitlume.app and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy as the Service evolves. Material changes will be announced by email or in-app notice and reflected here with a new "Last updated" date. See also our Terms of Service and Refund Policy.

14. Contact

For privacy questions or to exercise your rights:

Meltian Advertising Solutions
10316 Sepulveda Blvd, #377
Mission Hills, CA 91345
United States
support@habitlume.app
+1 (833) 364-3410