Introduction

Welcome to 2k26newyearnewme ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our daily habit tracking application.

By using our service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

1. Information We Collect

1.1 Personal Information

When you create an account, we collect:

Name: Your full name as provided during registration
Email Address: Used for account login and communications
Password: Stored securely using industry-standard hashing (bcrypt)
Profile Picture: Optional profile image (via Google OAuth or upload)
Account Creation Date: Timestamp of when your account was created

1.2 Habit Tracking Data

As you use our service, we collect:

Habit Names: The names of habits you create and track
Habit Logs: Daily completion status for each habit (true/false)
Monthly Data: The month and year associated with your habit tracking
Timestamps: Date and time of habit log entries

1.3 Authentication Data

When you log in using third-party services:

Google OAuth: We receive your name, email address, and profile picture from Google
Authentication Provider: We store which method you use to sign in (password or Google)

1.4 Usage and Analytics Data

We use Google Analytics to understand how users interact with our service:

Page Views: Pages you visit and time spent on each page
Button Clicks: Interactions with CTAs, buttons, and navigation elements
Section Views: Which sections of our landing page you view
Device Information: Browser type, device type, operating system
IP Address: Anonymized by Google Analytics for privacy
Geographic Location: Approximate location based on IP address (city/country level)

1.5 Technical and Security Data

Session Data: Encrypted session tokens for authentication
Rate Limiting Data: Temporary logs of request counts per IP address
Security Logs: Suspicious activity detection (SQL injection, XSS attempts)

2. How We Use Your Information

We use your information for the following purposes:

Provide Services: To create and manage your account, store your habit data, and deliver the core functionality of our habit tracking application
Authentication: To verify your identity and maintain secure access to your account
Data Synchronization: To sync your habit data across devices and sessions
Analytics and Improvement: To understand how users interact with our service and improve features, user experience, and performance
Security: To detect and prevent fraud, abuse, and security threats through rate limiting and input validation
Communication: To send important account-related notifications (if necessary in the future)
Legal Compliance: To comply with applicable laws and regulations

3. Data Storage and Security

3.1 Data Storage

Database: Your data is stored in a PostgreSQL database hosted on secure servers
Geographic Location: Data is stored in secure data centers with industry-standard physical and digital security
Backups: Regular database backups are maintained for data recovery purposes

3.2 Security Measures

We implement multiple layers of security to protect your data:

Password Hashing: Passwords are hashed using bcrypt with salt rounds before storage
Encrypted Sessions: Session data is encrypted using secure algorithms
HTTPS/TLS: All data transmission is encrypted using TLS 1.2+
HSTS: HTTP Strict Transport Security enforced with 1-year max age
Rate Limiting: 100 requests per minute for general API, 10 per minute for authentication
Input Validation: All user inputs are validated to prevent XSS and SQL injection attacks
CSRF Protection: Cross-Site Request Forgery protection enabled
Security Headers: X-Frame-Options, X-Content-Type-Options, CSP, and other security headers configured

3.3 Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. If you delete your account, we will delete your data within 30 days, except where we are required to retain it for legal compliance.

4. Cookies and Tracking Technologies

4.1 Essential Cookies

Session Cookies: Required for authentication and maintaining your logged-in state
CSRF Token: Security cookie to prevent cross-site request forgery attacks
Cookie Consent: Stores your cookie preferences in localStorage

4.2 Analytics Cookies (Google Analytics)

With your consent, we use Google Analytics cookies to understand how you use our service:

_ga: Distinguishes unique users
_gid: Distinguishes unique users
_gat: Used to throttle request rate

You can control analytics cookies through our cookie consent banner. If you decline, Google Analytics will not track your activity.

4.3 Google Consent Mode v2

We implement Google Consent Mode v2, which means analytics and advertising cookies are blocked by default until you explicitly consent. This ensures GDPR compliance.

5. Third-Party Services

We use the following third-party services:

Google OAuth: For authentication via Google accounts. See Google's Privacy Policy
Google Analytics: For website analytics and user behavior tracking. Your IP address is anonymized. See How Google uses data
Vercel (Hosting): For application hosting and delivery. See Vercel's Privacy Policy

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

Right to Access: Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your account and associated data
Right to Data Portability: Request your data in a structured, machine-readable format
Right to Object: Object to processing of your personal data
Right to Withdraw Consent: Withdraw consent for analytics cookies at any time

To exercise these rights, please contact us at priyanshy0219@gmail.com. We will respond to your request within 30 days.

7. Data Sharing and Disclosure

We do not sell your personal data. We may share your data only in the following circumstances:

With Your Consent: When you explicitly authorize us to share your information
Service Providers: With trusted third parties who help us operate our service (hosting, analytics)
Legal Requirements: When required by law, court order, or government regulation
Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users
Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)

8. Children's Privacy

Our service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information from our systems.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your country. By using our service, you consent to the transfer of your information to our facilities and to the third parties with whom we share it as described in this policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email:priyanshy0219@gmail.com
Service Name: 2k26newyearnewme
Type: Daily Habit Tracker

12. Region-Specific Rights

12.1 For European Union (GDPR)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

Right to lodge a complaint with a supervisory authority
Right to restriction of processing
Right to not be subject to automated decision-making

Our lawful basis for processing your data includes: performance of a contract, legitimate interests, and your explicit consent for analytics.

12.2 For California Residents (CCPA)

California residents have the right to:

Know what personal information is collected
Know if personal information is sold or disclosed
Say no to the sale of personal information (we don't sell)
Access and delete personal information
Not be discriminated against for exercising privacy rights