HiBart Privacy Policy

Introduction

HiBart ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services.

Please read this privacy policy carefully. By using HiBart, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide

Account Information

• Email address (for account creation and sync)
• Display name
• Profile preferences
• Authentication credentials (securely hashed)

Sign-In Methods

• Email/password authentication
• Sign in with Apple (Apple ID)
• Google Sign-In

When you use Sign in with Apple, we receive:

• Your name (if you choose to share it)
• Email address (or Apple's private relay email)
• Unique identifier from Apple

When you use Google Sign-In, we receive:

• Your name (if available on your Google account)
• Email address
• Profile photo URL (if available)
• Unique identifier from Google

Task and Activity Data

• Tasks you create, edit, and complete
• Mood and journal entries
• Focus timer sessions and duration
• Task categories, priorities, and scheduling preferences

Voice Input Data

• When you use voice input, your speech is processed by Apple's Speech Recognition service (SFSpeechRecognizer). Audio data is sent to Apple's servers for transcription. We receive only the transcribed text — no audio is stored by HiBart
• You can disable voice input at any time and use text input only

Subscription Information

• Subscription status (free, trial, or paid)
• Purchase history (processed by Apple)
• Trial period dates

Information Collected Automatically

Device Information

• Device type and model
• Operating system version
• App version

Motion Data

• HiBart uses CoreMotion accelerometer data solely to animate the BART character's eye tracking (eyes follow device tilt). This data is processed in real-time at 10Hz and is never stored, transmitted, or logged. It remains entirely on your device

Network Status

• We monitor network connectivity status (online/offline) using Apple's Network framework to determine whether cloud features are available. No network metadata is stored or transmitted

Usage Data

• Features you use
• Crash reports and performance data

Information from Third Parties

Apple App Store

• Subscription status and purchase verification
• Receipt validation data

Firebase Authentication

• Authentication tokens
• Sign-in session information

How We Use Your Information

We use the information we collect to:

1. Provide Core Services
   • Store and sync your tasks across devices
   • Send reminder notifications at times you choose
   • Process voice and text input for task creation
   • Manage your account and subscription
2. AI-Powered Task Parsing
   • When you create tasks via voice or text, your input text is sent to Google's Gemini AI API for natural language processing (extracting task titles, dates, times, and priorities)
   • Only the task text you type or speak is sent — no account information, device identifiers, or personal data accompanies the request
   • Google processes this data under their Gemini API Terms of Service. Per Google's API ToS, data sent through the Gemini API is not used to train Google's models
   • If the AI service is unavailable, HiBart falls back to on-device local parsing — no data leaves your device in this case
   • There is no way to disable Gemini parsing while keeping voice/text task creation, but local fallback ensures the app works without network access
3. Manage Subscriptions
   • Process and verify purchases through Apple
   • Provide access to premium features
   • Track trial period status
4. Personalize Experience
   • Customize BART companion responses based on your chosen personality
   • Learn your productivity patterns (locally on device)
   • Provide energy-based scheduling suggestions
5. Communicate With You
   • Send local push notifications (reminders, nudges, summaries) that you configure
   • Respond to support requests

Subscription Data

Trial Period

• New accounts receive a 15-day free trial of premium features
• Trial status is stored locally and in your account
• We track trial start and end dates to manage access

Purchase Processing

• All purchases are processed by Apple through the App Store
• We receive purchase verification receipts from Apple
• We do NOT store credit card or payment information
• Apple handles all payment processing securely

Subscription Tiers

• Free: Up to 15 tasks, focus timer, mood tracking, journal, all 5 BART personalities
• Premium ($2/month or $15/year): Unlimited tasks, cloud sync, AI suggestions, advanced analytics, home screen widgets

We store:

• Current subscription tier (free/trial/monthly/yearly)
• Subscription expiration date
• Auto-renewal status

Data Storage and Security

Local-First Architecture

HiBart stores all task data, mood entries, focus sessions, and settings locally on your device using iOS secure storage. Your data remains on your device unless you opt into cloud sync.

Note: Even in local-only mode, task text entered via voice or keyboard is sent to Google Gemini for parsing when network is available. See "AI-Powered Task Parsing" above.

Widget Data Sharing

HiBart's home screen widgets (task list, shortcuts, focus timer, progress) share data with the main app through an iOS App Group container (group.com.hibart.app). This is a sandboxed, on-device shared storage area — widget data never leaves your device. Only HiBart and its own widget extension can access this container.

Security Measures

We implement appropriate security measures:

• Authentication: Firebase Authentication with secure token management
• iOS Storage: Data stored in encrypted app sandbox and Keychain
• Passwords: Securely hashed, never stored in plain text
• API Keys: Stored securely in app configuration, never exposed to users
• Transport: All network communication uses TLS 1.3 encryption

Cloud Sync (Optional, Premium Feature)

If you enable cloud sync:

• Tasks, mood entries, focus sessions, and settings sync to Firebase Firestore
• Data is encrypted in transit (TLS 1.3) and at rest on Google's servers
• Firebase servers are located in the United States
• Google manages encryption keys for data at rest
• You can disable cloud sync at any time in Settings; your data remains locally on your device
• You can delete all cloud data by deleting your account
• See: Firebase Security Documentation

Third-Party Services

We use the following third-party services:

Firebase (Google)

• Authentication: Account management and sign-in
• Firestore: Cloud data storage for sync (optional, premium)
• Data processed under Google's Cloud Data Processing Terms
• See: Firebase Privacy
• See: Google Cloud Data Processing Terms

Apple

• Sign in with Apple: Authentication
• App Store / StoreKit: In-app purchase processing and subscription management
• APNs: Push notification delivery (notification content is generated locally; Apple transports it)
• SFSpeechRecognizer: Voice-to-text transcription (audio sent to Apple servers)
• See: Apple Privacy

Google Gemini AI

• Purpose: Natural language task parsing (extracting dates, times, priorities from your text input)
• Data sent: Only the task text you enter (no account data, no device identifiers)
• Retention: Per Google's API Terms, API input data is not used for model training and is subject to Google's data retention policies
• See: Google AI Terms

Your Rights and Choices

Access and Control

You have the right to:

• Access: View all data stored by the app (visible directly in the app)
• Export: Download your tasks and data in JSON format via Settings
• Delete: Remove all your data permanently (see Data Deletion below)
• Correct: Update or correct your information directly in the app
• Portability: Request a machine-readable copy of your data

Opt-Out Options

You can opt out of:

• Push notifications: Via iOS Settings or in-app notification toggle
• Cloud sync: Use the app in local-only mode (Settings → Cloud Sync off)
• Voice input: Use text input only (no audio is sent to Apple)
• Gemini AI parsing: Not separately toggleable, but local fallback parsing works without network

Data Deletion

To delete your data:

1. Open HiBart → Settings
2. Navigate to "Account"
3. Select "Delete Account"
4. Confirm deletion

This action is permanent and will:

• Delete all local tasks, mood entries, focus sessions, and settings
• Delete all cloud-synced data from Firebase Firestore (if applicable)
• Delete your Firebase Authentication account
• Cancel any active subscription (refund per Apple's policy)
• Deletion is processed immediately; cloud data is purged within 30 days

For EU/EEA Residents (GDPR)

Legal Bases for Processing

We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

• Contract Performance (Article 6(1)(b)): Processing necessary to provide you with the HiBart service, including account creation, task management, cloud sync, subscription management, and customer support.
• Legitimate Interest (Article 6(1)(f)): Processing necessary for our legitimate interests, including app security, fraud prevention, service improvement, and crash/error diagnostics. We balance these interests against your rights and freedoms.
• Consent (Article 6(1)(a)): Processing based on your explicit consent, including optional cloud sync, push notifications, voice input (speech recognition), and marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable laws, such as tax and accounting obligations related to subscription payments.

Your Additional Rights Under GDPR

In addition to the rights above, you have the right to:

• Withdraw consent for data processing at any time
• Restrict processing of your personal data
• Object to processing based on legitimate interests
• Lodge a complaint with your local Data Protection Authority
• Data portability — receive your personal data in a structured, commonly used, machine-readable format
• Contact our DPO at dpo@hibart.app for any data protection inquiries

For California Residents (CCPA)

• We do not sell your personal information
• We do not share your personal information for cross-context behavioral advertising
• You have the right to know what personal information we collect and how it is used
• You have the right to request deletion of your personal information

Children's Privacy

HiBart is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@hibart.app and we will promptly delete the information.

International Data Transfers

If you access HiBart from outside the United States:

• Your data may be transferred to and processed on servers in the United States (Firebase/Google Cloud infrastructure)
• For EU/EEA users, transfers are governed by Google's Standard Contractual Clauses (SCCs) as part of their Cloud Data Processing Terms
• We ensure appropriate safeguards are in place per applicable data protection laws

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by:

• Posting the new policy in the app
• Updating the "Last Updated" date
• Sending a notification for significant changes

Your continued use of HiBart after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your data:

Email: privacy@hibart.app

Website: https://www.hibart.app/privacy.html

Support: https://www.hibart.app/feedback.html

For data protection inquiries in the EU:

DPO Contact: dpo@hibart.app

Summary of Key Points

HiBart - Your Privacy, Your Tasks, Your Control