Privacy Policy

1. Data Controller

2. What Data We Collect

• Account data: Email address and encrypted password, collected when you register.
• Habit data: Habit names, colors, targets, and types you create.
• Log data: Dates and counts when you log a habit.
• Notification settings: Your preferred notification time and type, if you enable notifications.

We do not collect payment data, location data, or any data beyond what is listed above.

3. Purpose and Legal Basis

• Providing the habit tracking service (Art. 6(1)(b) GDPR — performance of a contract)
• Sending you notifications you have opted into (Art. 6(1)(a) GDPR — consent)
• Maintaining security and preventing abuse (Art. 6(1)(f) GDPR — legitimate interest)

4. Data Processors

We use the following third-party services to operate Looma:

5. Data Retention

Your data is retained as long as your account exists. When you delete your account, all associated data is permanently deleted within 30 days.

6. Your Rights (GDPR)

Under the GDPR, you have the following rights:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw notification consent at any time in Settings.

To exercise these rights, contact us at [YOUR EMAIL].

7. Supervisory Authority

You have the right to lodge a complaint with the Austrian Data Protection Authority:

8. Cookies

We only use essential cookies required for authentication. See our Cookie Policy for details.