Legal

Privacy Policy

Bad Habits: Expense Tracker
Last updated: March 11, 2026

This Privacy Policy describes how JBA Web Agency SRL ("we", "us", or "our") collects, uses, and shares information about you when you use the Bad Habits mobile application (the "App").

1. Information We Collect

1.1 Information You Provide

  • Account information: email address and display name, collected at registration
  • Check-in data: spending amounts and vice categories you log within the App
  • Circle interactions: messages and activity within accountability circles you join or create

1.2 Information Collected Automatically

  • Device information: device type, operating system version, and app version, used for diagnostics and compatibility
  • Push notification tokens: collected if you grant notification permission, used solely to deliver in-app notifications
  • Usage data: feature interactions and session metadata used to improve the App

1.3 Information We Do NOT Collect

  • Location data
  • Camera or microphone access
  • Contacts or address book data
  • Biometric data
  • Financial account credentials

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the App
  • Deliver your daily and weekly expense summaries
  • Power accountability circle features (showing totals to circle members — never transaction details)
  • Send push notifications you have opted into
  • Process subscription payments via RevenueCat
  • Respond to support requests
  • Comply with legal obligations

We do not use your personal data for advertising purposes, and we do not sell your data to third parties.

3. How We Share Your Information

3.1 Within Accountability Circles

When you are a member of a Circle, other members can see your spending totals by category. They cannot see individual transaction details or the amounts of specific check-ins.

3.2 Third-Party Service Providers

  • RevenueCat — subscription and payment management
  • Expo / Expo Push Notifications — push notification delivery infrastructure

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

3.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your personal data is subject to a different privacy policy.

4. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days.

5. Your Rights

Under applicable data protection law (including the GDPR where applicable), you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your account and data
  • Right to data portability — receive your data in a structured, machine-readable format (CSV export)
  • Right to restrict processing — request that we limit how we use your data
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us at alex@jbagency.ro. We will respond within 30 days.

5.1 Data Export

You can export your check-in history as a CSV file from within the App via Profile > Export Data.

5.2 Account Deletion

You can delete your account from within the App via Profile > Settings > Delete Account. For more information, see our Account Deletion page.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit using TLS
  • Encrypted storage at rest
  • Access controls and authentication requirements
  • Regular security reviews

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but we take it seriously.

7. Children's Privacy

The App is not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that a child under 18 has provided us with personal information, we will delete it immediately.

8. International Data Transfers

Your information may be transferred to and processed in countries other than the one in which you reside. These countries may have data protection laws that differ from those in your country. Where required, we implement appropriate safeguards for such transfers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy in the App and, where appropriate, by sending you an email notification. We encourage you to review this policy periodically.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

JBA Web Agency SRL
CUI: 45013493  |  J2021003372228
Sos. Pacurari 54, Bl. 554, Sc. A, Et. 5, Ap. 13
Cod 700547, Iași, Romania
Email: alex@jbagency.ro

For EU/EEA residents: you have the right to lodge a complaint with your local data protection authority (supervisory authority). In Romania, the relevant authority is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP).