1. Introduction
ReHabit ("App," "Service," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the ReHabit mobile application.
ReHabit is a wellness support tool designed to help individuals in substance abuse recovery. Given the sensitive nature of recovery data, we take your privacy extremely seriously.
Our Core Promise: We will never sell your personal data. Your recovery journey is private, and your data belongs to you.
2. Information We Collect
We collect information in the following categories:
2.1 Information You Provide
| Data Type |
Examples |
Purpose |
| Account Information |
Email address, password, nickname, date of birth |
Account creation, age verification, identification |
| Recovery Profile |
Substance type, recovery start date, focus areas |
Personalized recovery support and milestone tracking |
| Check-in Data |
Mood ratings, craving levels, sleep quality, trigger selections |
Daily wellness tracking, risk assessment, trend analysis |
| Journal Entries |
Free-text reflections, mood tags |
Personal reflection (always private, never shared) |
| Safety Plan |
Warning signs, coping strategies, emergency contacts |
Crisis prevention and emergency support |
| Trigger & Coping Logs |
Trigger occurrences, coping tool usage, craving levels |
Pattern identification and coping effectiveness analysis |
| Supporter Messages |
Encouragement messages between users and supporters |
Support network communication |
2.2 Information Collected Automatically
| Data Type |
Details |
Purpose |
| Device Information |
Device type, operating system, app version |
App compatibility and troubleshooting |
| FCM Token |
Firebase Cloud Messaging device token |
Push notification delivery |
| Usage Data |
Feature usage patterns, session timestamps |
Service improvement and analytics |
2.3 Location Data
ReHabit does not continuously track your location. The only location-related feature is the one-time emergency location sharing:
- When you use the emergency location sharing feature, a single GPS snapshot is captured and sent via SMS to your designated emergency contact.
- This location data is not stored on our servers.
- Location access is requested only at the moment of use and is not retained afterward.
- You can choose not to use this feature without affecting other App functionality.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Provide the Service: Deliver personalized recovery support, including check-ins, coping tools, insights, and milestone tracking.
- Risk Assessment: Calculate wellness risk levels based on your self-reported check-in data to provide appropriate support recommendations.
- Push Notifications: Send check-in reminders, milestone celebrations, supporter messages, and (in high-risk situations) safety plan prompts.
- Supporter Wellness Signals: Share limited, permission-controlled wellness signals with your designated supporters. You control exactly what supporters can see through granular permission settings.
- Insights & Analytics: Generate personal trend reports (mood, craving, trigger patterns) visible only to you.
- Service Improvement: Analyze aggregate, de-identified usage patterns to improve the App.
- Account Management: Manage your account, process support requests, and communicate service-related information.
4. How We Share Your Information
We do not sell your personal information. We do not share your personal data with third parties for marketing or advertising purposes. Period.
We may share information in the following limited circumstances:
4.1 With Your Supporters (Your Control)
- If you invite supporters, they may see limited wellness signals based on permissions you explicitly set.
- Supporters never see your journal entries, specific trigger details, or full check-in data.
- You can modify permissions or remove supporters at any time, immediately revoking their access.
4.2 Service Providers
- Firebase (Google Cloud): We use Firebase for authentication, database storage, push notifications, and hosting. Data is processed in accordance with Google's Privacy Policy.
- We do not use third-party analytics SDKs that track individual users.
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal process, such as a court order, subpoena, or government request.
5. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- All data in transit is encrypted using TLS/SSL.
- Data at rest is stored in Firebase with Google Cloud's security infrastructure.
- Authentication is handled through Firebase Authentication with secure password hashing.
- Firestore Security Rules enforce data access controls, ensuring users can only access their own data.
- Journal entries are private by design and are never exposed to supporters, admins, or any third party.
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods:
- Account Data: Retained until you delete your account.
- Check-in & Recovery Data: Retained until you delete your account.
- Journal Entries: Retained until you delete your account or individual entries.
- Messages: Retained until you delete your account or remove the supporter relationship.
- Location Data: Not retained. Emergency location sharing sends a one-time SMS and is not stored.
7. Your Rights and Choices
You have the following rights regarding your personal information:
7.1 Access and Portability
- You can view all your personal data within the App at any time (check-ins, journal entries, milestones, etc.).
- You may request a copy of your data by contacting us at the email address below.
7.2 Correction
- You can update your profile information directly within the App.
- For corrections to other data, contact us at the email address below.
7.3 Deletion
- You can delete your account at any time through the App's profile settings.
- Upon account deletion, all your personal data is permanently deleted, including check-ins, journal entries, triggers, milestones, safety plan, coping logs, and messages.
- Supporter links are removed from both sides.
- Pending invitations are marked as expired.
- This action is irreversible.
7.4 Push Notification Controls
- You can manage notification preferences within the App's settings.
- You can disable push notifications entirely through your device settings.
8. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of your personal information. You can do this directly through the App's account deletion feature, or by contacting us.
- Right to Opt-Out of Sale: We do not sell your personal information. There is no need to opt out because we never engage in the sale of personal data.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To exercise your CCPA rights, you may contact us at the email address provided in Section 12 below, or use the in-app account deletion feature. We will respond to verifiable consumer requests within 45 days.
9. Children's Privacy
ReHabit requires users to be at least 13 years of age. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).
If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us immediately.
Users between 13 and 17 years of age must acknowledge that they have reviewed this Privacy Policy and affirm their eligibility to use the App.
10. Third-Party Services
The App may contain links to third-party services, including:
- Crisis Hotlines: Phone numbers for services such as the 988 Suicide & Crisis Lifeline and the SAMHSA National Helpline. These are independently operated services with their own privacy policies.
- External Resources: Links to educational articles or resources that are governed by their own privacy policies.
We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify you through the App for material changes.
Your continued use of the App after changes are posted constitutes your acceptance of the updated Privacy Policy.
12. Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how your data is handled, please contact us at:
ReHabit Support
Email: support@rehabit.app
For CCPA-specific requests, please include "CCPA Request" in the subject line of your email.
Effective Date: February 13, 2026
ReHabit — An Application to Overcome Substance Abuse with Habits