# Privacy Policy — Petabit **Last updated: June 2026** Petabit ("the app", "we", "us") is a habit‑tracking app where your daily routine shapes a virtual creature. We collect the minimum needed to run the app, and we never sell your data or use advertising or third‑party tracking. This policy explains what we collect, why, and the choices you have. --- ## 1. Information we collect We only collect data you provide by using the app: - **Account** — your **email address** and a **nickname** you choose. The email is used to sign you in with a one‑time code (we do not store a password). - **Habits and progress** — the habits you select or create, and which ones you complete each day (including streaks). - **Reflections** — your written **answers to the daily reflection question**. These are short, free‑text responses you choose to write. - **Creature state** — the in‑game genome, alignment and lifecycle that are derived from the data above. - **Merge history** — when you merge with another player, your nickname and one inherited trait are recorded so the bond can be shown to both sides. - **On your device** — your sign‑in token and your device **time zone** (used locally to schedule reminders). This stays on the device. We do **not** collect your contacts, location, photos, advertising identifiers, or any analytics/behavioral tracking data. --- ## 2. How we use your information - To create and secure your account (passwordless email‑code sign‑in). - To track your habits and evolve your Petabit from your routine. - To generate the next reflection question and shape your Petabit's alignment. - To schedule local reminders to keep your habits. --- ## 3. Third‑party processing - **AI processing (Anthropic).** To classify the tone of a reflection and to generate your next question, your **reflection answers** are sent to Anthropic (the Claude API). Reminder message text is also generated with AI, but that generation does **not** include any of your personal data. Anthropic processes this under its own terms and does not use the data to train its models for API traffic. - **Email delivery.** Your email address is used to deliver the one‑time sign‑in code through an email‑sending service. We do not share your data with anyone else, and we do not sell it. --- ## 4. Device permissions - **Camera** — requested only when you choose to **scan another player's merge QR code**. The camera reads a short pairing code; no photo or video is taken, stored, or transmitted. - **Notifications** — used for **local** habit reminders scheduled on your device. These are not push notifications: no push token is created and nothing about your reminders leaves the device. You can revoke either permission at any time in your device settings. --- ## 5. Data retention and deletion We keep your data while your account is active. You can request deletion of your account and all associated data (account, habits, reflections, creature) by contacting us at the address below; we will delete it within a reasonable period. --- ## 6. Security Data is transmitted over encrypted connections (HTTPS). Sign‑in is passwordless (one‑time email code), and your access token is stored only on your device. --- ## 7. Children Petabit is not directed to children under 13 (or the minimum age required in your country). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will remove it. --- ## 8. Changes to this policy We may update this policy from time to time. The "Last updated" date at the top reflects the latest version. Continued use of the app after changes means you accept the updated policy. --- ## 9. Contact Questions or requests (including data deletion): **[your-contact-email@example.com]**