Privacy Policy

1. Introduction

Welcome to Haven. This Privacy Policy explains how Limit Waste Sp. z o.o. ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use the Haven mobile application ("App") and related services.

We are committed to protecting your privacy and handling your data with transparency and care. Given the deeply personal nature of spiritual reflection and journaling, we take our responsibility to safeguard your information seriously.

By using Haven, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use our App.

2. Data Controller Information

The data controller responsible for your personal data is:

For any privacy-related inquiries or to exercise your data rights, please contact us at the email address above.

3. Age Requirements

Haven is intended for users aged 16 years and older. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use this App or provide any personal information to us.

If we learn that we have collected personal information from a child under 16, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child under 16, please contact us immediately at contact@try-haven.app.

4. Information We Collect

4.1 Account Information

When you create an account, we collect:

• Email address (required) - Used for account authentication, communication, and account recovery
• Password (required) - Securely hashed and stored; we never have access to your plaintext password
• Display name (optional) - Used to personalize your experience within the App
• Avatar/Profile picture URL (optional) - Used to personalize your profile
• Account creation date - Automatically recorded for account management purposes

4.2 Usage Data

To provide and improve our services, we collect information about how you use the App:

• Verse viewing history - Which Bible verses you have viewed, when you viewed them, and completion status
• Streak and engagement data - Days active, completion rates, and your "Gentle Rhythm" progress
• Collection data - User-created collections, saved verses, and personal notes you add
• Journey progress - Which spiritual journeys you have started or completed, and your current progress
• Preferences - Your selected language, Bible translation preference, and onboarding completion status

4.3 AI Reflection Data

When you use our AI-powered spiritual reflection feature, we collect:

• Conversation messages - The messages you exchange with the AI reflection feature
• Verse context - The Bible verses associated with your reflections

4.4 Subscription Information

If you subscribe to Haven Premium, we collect:

• Subscription status - Whether you have an active subscription and which plan you are on
• Subscription dates - Start date, renewal date, and expiration date
• Transaction identifiers - Anonymous identifiers provided by Apple or Google to verify your purchase

We do not receive or store your payment card details, billing address, or other financial information. All payments are processed directly by Apple App Store or Google Play Store through their secure payment systems.

4.5 Device Information

We collect limited device information necessary for App functionality:

• Language and locale settings - To display content in your preferred language
• Device type - To ensure proper App functionality and display

4.6 Local Storage

Certain preferences are stored locally on your device using SharedPreferences:

• Locale/language code
• Bible translation preference
• Onboarding completion status

This locally stored data is not encrypted on your device and remains under your control.

5. Information We Do Not Collect

We are committed to collecting only the data necessary to provide our services. We do not collect:

• Location data or GPS information
• Contact lists or address books
• Camera or microphone data
• Health or fitness data
• Biometric data
• Third-party analytics data (we do not use Firebase Analytics, Mixpanel, or similar tracking services)

Note on Payments: We do not directly collect or store your payment card details. All subscription payments are processed securely through Apple App Store or Google Play Store.

6. How We Use Your Information

We use the information we collect for the following purposes:

6.1 Providing Our Services

• Authenticate your account and maintain your session
• Deliver personalized daily Bible verses based on your preferences
• Enable AI-powered spiritual reflection and journaling
• Track your progress through spiritual journeys
• Maintain your verse collections and personal notes
• Display your engagement metrics and "Gentle Rhythm" streaks
• Provide content in your preferred language and Bible translation

6.2 Improving Our Services

• Understand how users interact with the App
• Identify and fix technical issues
• Develop new features based on usage patterns
• Optimize App performance

6.3 Communication

• Send essential account-related notifications
• Respond to your inquiries and support requests
• Notify you of important changes to our services or policies

6.4 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and prevent harm
• Enforce our Terms of Service

7. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions that require a legal basis for processing personal data, we rely on the following:

• Contract Performance: Processing necessary to provide you with the Haven services you requested when creating an account
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, provided these interests do not override your rights
• Consent: Where you have given explicit consent for specific processing activities
• Legal Obligation: Processing necessary to comply with legal requirements

8. Data Sharing and Third-Party Services

We do not sell your personal information. We share your data only with the following third-party service providers who help us operate the App:

8.1 Supabase

We use Supabase as our backend infrastructure provider for:

• User authentication (email and password)
• Database storage (PostgreSQL)
• Edge Functions for AI features and semantic search

Supabase processes your data on cloud infrastructure. For more information, see Supabase Privacy Policy.

8.2 RevenueCat

We use RevenueCat to manage in-app subscriptions across platforms. RevenueCat helps us:

• Verify and manage subscription status
• Process subscription events (purchases, renewals, cancellations)
• Synchronize subscription state across your devices

RevenueCat receives anonymous user identifiers and subscription data from Apple and Google. For more information, see RevenueCat Privacy Policy.

8.3 Apple App Store & Google Play Store

Subscription payments are processed directly by Apple (for iOS) or Google (for Android). These platforms handle all payment processing and we do not receive your payment card details. For more information, see:

• Apple Privacy Policy
• Google Privacy Policy

8.4 Google Fonts

We use Google Fonts for typography styling in our App and website. For more information, see Google Privacy Policy.

8.5 Other Disclosures

We may also disclose your information:

• When required by law, court order, or governmental authority
• To protect our rights, privacy, safety, or property, or that of our users or others
• In connection with a merger, acquisition, or sale of assets (with notice to you)

9. International Data Transfers

Haven is available globally, and your data may be transferred to and processed in countries other than your country of residence, including the United States and countries within the European Union where our service providers operate.

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries with adequate data protection laws as determined by the European Commission
• Other legally approved transfer mechanisms

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in Transit: All data transmitted between your device and our servers uses HTTPS encryption
• Password Security: Passwords are cryptographically hashed and never stored in plaintext
• Secure Authentication: We use secure authentication tokens for API access
• Infrastructure Security: Your data is stored in Supabase's secure cloud infrastructure with industry-standard security measures

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to implementing reasonable safeguards.

11. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy:

• Account data: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations
• Usage data: Retained while your account is active to provide service features
• AI conversation history: Retained until you choose to delete it or delete your account
• Collections and notes: Retained until you choose to delete them or delete your account

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain information for legal or legitimate business purposes.

12. Your Rights and Choices

12.1 Rights for All Users

Regardless of your location, you have the following rights:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Delete your account and associated data through the App settings or by contacting us
• Data Portability: Request your data in a portable format

12.2 Additional Rights for EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you also have the right to:

• Object: Object to processing of your personal data for certain purposes
• Restrict Processing: Request that we limit how we use your data
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Lodge a Complaint: File a complaint with your local data protection authority

12.3 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising purposes
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, please contact us at contact@try-haven.app. We will respond to your request within the timeframes required by applicable law.

13. How to Exercise Your Rights

To exercise any of your data rights, you may:

• Delete your account: Use the account deletion feature within the App settings
• Contact us directly: Email us at contact@try-haven.app with your request

We may need to verify your identity before processing certain requests. We will respond to your request within 30 days (or sooner if required by applicable law). If we need additional time, we will inform you of the reason and extension period.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For significant changes, we will provide notice through the App or via email
• Your continued use of Haven after the effective date of changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving any complaints about our collection or use of your personal data. We will respond to all inquiries within a reasonable timeframe.