Privacy Policy

Quantum Habits OS ("we", "our", or "us") operates the web application at app.quantumhabits.online and the marketing site at quantumhabits.online. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding it.

1. Data we collect

1.1 Account data

When you create an account we collect:

• Email address
• Password (hashed, not stored in plain text)
• Account creation timestamp

1.2 Usage data you enter

Data you actively input into the app:

• Daily NS state check-in responses (energy level, mission, identity checkboxes)
• Habit entries (names, completion status, zone assignments)
• Task entries (titles, priorities, completion status)
• Identity Lab notes and Smart Hub content you write
• Weekly Review responses

This data is stored in our Supabase database and is private to your account. We do not sell, share, or use your personal usage data for advertising or profiling.

1.3 Technical / log data

• IP address (for security and fraud prevention)
• Browser type and operating system
• Pages visited and timestamps (via PostHog; see Section 3)
• Error logs

1.4 Payment data

Payments are processed by LemonSqueezy. We never see or store your full credit card number. We receive only: subscription status, plan type, and anonymized transaction reference. Refer to LemonSqueezy's privacy policy for their data handling.

2. Google services and user data

The Google services we use on this site are limited to the following:

2.1 Google Search Console (site verification only)

Google Search Console is a webmaster tool used by the site owner to monitor the site's visibility in Google Search. We use it for ownership verification and to check aggregate search performance metrics (e.g., how often the site appears in results). This data belongs to the site owner, not to site visitors.

No visitor personal data is sent to or accessible through Google Search Console. The verification meta tag on our site confirms site ownership. It does not collect, transmit, or share visitor data.

2.2 Google Fonts

We use Google Fonts to load typefaces (Syne, Outfit, DM Mono). When you visit our site, your browser requests font files from Google's servers. Google may log your IP address as part of that request. We do not receive or process that data. No Google user account data is involved. See Google's Privacy Policy for details.

We do not use Google Sign-In, Google Analytics, Google Ads, Google Drive API, Gmail API, Google Calendar API, YouTube API, Google People API, or any other Google API that accesses user account data.

3. Third-party services

3.1 Supabase (database and authentication)

We use Supabase (hosted in the EU or US depending on your region) to store your account and app data. Supabase is GDPR-compliant. Your data is encrypted in transit (TLS) and at rest.

3.2 PostHog (product analytics)

We use PostHog to understand how users interact with the app (e.g., which features are used, where users drop off). PostHog collects:

• Page views and feature interaction events
• Session metadata (browser, device type, approximate location by country)
• PostHog does not record keystrokes, form inputs, or personal data you enter into the app.

You can opt out of analytics tracking by contacting us or using a browser-level ad blocker.

3.3 LemonSqueezy (payments)

Payment processing and subscription management. They are the Merchant of Record; their privacy policy governs payment data handling.

4. How we use your data

• To provide and operate the Quantum Habits OS application
• To authenticate your account and maintain session security
• To process subscription payments via LemonSqueezy
• To improve the product using anonymized, aggregate analytics
• To send transactional emails (account confirmation, password reset, receipts)
• To respond to support requests you initiate

We do not sell your personal data, use it for advertising, share it with data brokers, or use it for any purpose not listed above.

5. Data retention

• Active accounts: We retain data for as long as your account is active.
• Deleted accounts: We delete all personal data within 30 days of receiving an account deletion request.
• Payment records: We retain payment records as required by law (typically 7 years) for financial and tax compliance, in anonymized form.

6. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data (right to be forgotten)
• Export your data in a portable format
• Object to certain processing activities
• Withdraw consent at any time

To exercise any of these rights, email us at [email protected]. We respond within 30 days.

7. Data security

Security measures we apply:

• All data is transmitted over HTTPS (TLS 1.2+)
• Passwords are hashed using bcrypt and never stored in plain text
• Database access is restricted to authenticated services only
• Row-level security (RLS) in Supabase ensures users can only access their own data
• We conduct periodic security reviews

8. Cookies

We use cookies and local storage for:

• Authentication session tokens (required for login)
• User preferences (e.g., theme)
• PostHog analytics session tracking (can be blocked)

We do not use advertising cookies or third-party tracking pixels.

9. Children's privacy

Quantum Habits OS is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us immediately.

10. International data transfers

Your data may be processed in the United States or European Union (depending on Supabase region settings). We cover all transfers under standard contractual clauses or equivalent safeguards in compliance with GDPR.

11. Changes to this policy

We may update this Privacy Policy. When we do, we update the "Last Updated" date at the top. For material changes, we notify you by email or in-app notification before they take effect.