Privacy Policy
Kacci Lab Inc. (“Kacci Lab”, “we”, “us”, or “our”) operates the HoiiiBits: Habits mobile applications and related services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use HoiiiBits.
Effective date: January 4, 2026 · Last updated: January 4, 2026
Developer of record: Kacci Lab Inc. (Apple App Store & Google Play). Product brand: HoiiiBits: Habits.
1. Who We Are (Controller)
Kacci Lab Inc. is the data controller for personal data processed via HoiiiBits.
Registered address: 298 Jarvis Street, Toronto, ON M5B 2M4, Canada
Websites in scope: hoiiibits.com (product pages) and kaccilab.com (corporate pages referencing this Policy), as well as our mobile apps.
If you are in the EEA/UK/Switzerland, you may have the right to lodge a complaint with your local data protection authority.
2. Scope
By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.
This Policy does not apply to third-party sites/services you access via links from our Services.
3. Information We Collect
- Account & Profile: name (optional), email, authentication identifiers (e.g., Apple/Google sign-in token identifiers), profile image (optional), and app settings (e.g., theme preference, time zone).
- Habit & Routine Data: habits you create, categories, goals (minimum/target), schedules/windows, recurrence settings, reminder preferences, and habit colors.
- Progress & Logs: daily/weekly completion logs, streaks, notes (if you add notes), and derived analytics (e.g., consistency rate, trendlines).
- Weekly Recap Content: generated summaries of your progress, patterns, and suggestions (including AI-generated recap text if enabled).
- AI Inputs & Outputs: onboarding answers (typically multiple-choice) and context used to generate suggested starter habits, plus AI recap prompts/outputs when you request them or when the recap feature runs.
- Subscription & Purchase Data: app store purchase/subscription metadata (status, product IDs, renewal/expiration dates, and receipt/transaction identifiers). We do not receive full payment card details.
- Device & Usage Data: device model, OS version, app version, language/locale, time zone, and diagnostic data such as crash logs and performance metrics.
- Notifications: your notification preferences and (where supported) interaction events (e.g., you tapped “Done” from a reminder). We do not read other notifications on your device.
4. Sources of Information
We collect data from: you; your device; app stores for purchase verification; and our service providers (e.g., cloud hosting, authentication, analytics/telemetry, and AI processing) acting on our instructions.
5. How We Use Data (Legal Bases)
- Provide & operate the Services (accounts, habit creation, reminders, logging, charts, cloud sync, and restore). Contract; legitimate interests.
- Progress insights (advanced analytics charts, trend analysis, and coaching-style insights). Contract; legitimate interests.
- AI features (Hoiii) (habit setup suggestions; weekly recap insights). Contract; legitimate interests; consent where required.
- Subscription management (free trial eligibility, paywall access, receipt validation, and entitlement enforcement). Contract; legal obligations; legitimate interests.
- Safety & integrity (security, fraud/abuse prevention, troubleshooting, rate limiting, and monitoring). Legitimate interests; legal obligations.
- Communications (service notices, policy updates, support responses). Contract; legitimate interests.
- Improve Services (analytics, bug fixes, performance optimization). Legitimate interests; consent where required.
- Compliance with laws and regulations. Legal obligations.
Automated decision-making: AI assists with recommendations and summarization. We do not make decisions that produce legal or similarly significant effects solely by automated means.
6. AI Processing Disclosure (Hoiii)
Hoiii is our AI buddy that can help you start with realistic habits and provide weekly recaps. AI features are designed to be gentle and focused on motivation without guilt or pressure.
- When AI is used: (a) when you choose AI-assisted habit setup, and (b) when the weekly recap feature runs (if enabled/available to your plan).
- What we may send: onboarding answers, selected habit categories, and limited progress/summary statistics needed to generate suggestions and recaps (for example: completion rates, streak counts, and high-level trends).
- What we do not need: sensitive personal details. Please do not enter sensitive personal information into habit titles or notes.
- Outputs are suggestions: AI outputs are not medical, psychological, nutritional, or professional advice.
Where controls are available, we configure AI providers to process data only to deliver the requested features.
8. International Transfers
We and our providers may process data in countries outside your own (e.g., Canada, United States, EU/UK regions). Where required, we use appropriate safeguards (such as Standard Contractual Clauses). Your data may be accessible to foreign courts, law enforcement, and national security authorities.
9. Security
We employ administrative, technical, and physical safeguards appropriate to the data (e.g., encryption in transit, restricted Firestore access, least-privilege credentials, and monitoring). No system is 100% secure. If we learn of a data incident affecting you, we will notify you and/or regulators as required.
10. Retention
- Account & habit data: retained while your account remains active and until you delete it or request deletion, subject to backups/legal retention.
- Progress logs & analytics: retained to provide long-term insights and restore your history, including after reinstalling the app.
- Weekly recaps: retained to display your historical recaps unless you delete them or delete your account.
- Diagnostics/logs: retained for a reasonable period for security and troubleshooting.
- Aggregated/de-identified data: may be kept indefinitely (cannot reasonably identify you).
Deleted items may remain in backups for a limited time before being overwritten.
11. Your Controls & Choices
- Account management: you can view/edit basic profile settings in the app.
- Delete habits/logs: you can edit or delete habits and past logs (subject to how analytics snapshots/recaps are generated).
- AI controls: you can choose whether to use AI-assisted setup and whether to use AI weekly recaps (if included in your plan).
- Notifications: you can enable/disable reminders and adjust them in the app and in device settings.
- Subscription controls: you can manage subscription/trial settings via your Apple/Google account settings, subject to store policies.
- Data deletion: you can request deletion of your cloud-stored account data (see Contact Us).
12. Your Rights (GDPR/UK, CPRA, PIPEDA & Others)
Depending on your location, you may have rights to access, rectify, delete, restrict, port, object, and withdraw consent (e.g., for optional processing).
California (CPRA): rights to know/access, delete, correct, opt-out of sale/share (we do not sell/share), and limit use of sensitive personal information (we do not use SPI for cross-context advertising).
Canada (PIPEDA): rights to access and correct personal information; withdraw consent subject to legal/contractual restrictions.
How to exercise: use in-app controls where available or contact our privacy inbox below. We may verify your identity (and, in California, requests by an authorized agent). We will not discriminate for exercising your rights.
13. Children’s Privacy
The Services are not intended for children under 13 (or higher local age, e.g., 16 in some regions). We do not knowingly collect data from children. If you believe a child provided data, contact us and we will delete it.
14. Third-Party Services
- Google Cloud / Firebase / Firestore: hosting, databases, authentication, and cloud functions.
- OpenAI (or similar AI provider): AI habit suggestions and AI weekly recap generation (see AI Processing Disclosure).
- Apple App Store & Google Play: in-app purchases/subscriptions and receipt validation metadata (we do not receive full payment card data).
- Analytics/Telemetry: app performance, crash reporting, and product analytics as configured.
We use these providers under their terms and, where required, provide attributions within the app/site.
16. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will notify you (e.g., via in-app notice or email). Your continued use of the Services after the effective date constitutes acceptance.
17. Contact Us
Primary privacy inbox (DSAR requests): privacy@hoiiibits.com
General support: support@hoiiibits.com
Corporate contact: contact.us@kaccilab.com
Postal address: 298 Jarvis Street, Toronto, ON M5B 2M4, Canada
If you are in the EEA/UK/Switzerland, you may also contact your local data protection authority.
CPRA Notice at Collection (California)
Categories collected: identifiers (name/email, account identifiers), habit/routine data, progress logs and derived analytics, weekly recaps, AI inputs/outputs, device/usage data, diagnostics, and purchase/subscription metadata.
Purposes: provide Services; cloud sync & restore; reminders; advanced analytics; AI setup and weekly recap; security; communications; analytics; compliance.
Retention: see Retention (retained while account is active and until deletion/request, subject to backups/legal requirements).
Sale/Share: we do not sell personal information and do not share it for cross-context behavioral advertising.
Sensitive Personal Information: we do not require sensitive personal information to use HoiiiBits. If you enter sensitive information in custom fields, you do so at your discretion.