Privacy Policy
Effective July 11, 2026
1. What Bommi processes
Most habit records, check-ins, relapse records, reasons, goals, progress, and Rescue memories are stored in the app’s local database on your device. They leave your device only when you deliberately use a connected feature described below.
- Backup and sync: if you sign in and use cloud backup, Bommi uploads an encrypted backup to a Firebase path associated with your account so you can restore your own data. We do not use backup contents for marketing, advertising, or profiling.
- AI Rescue: when you choose AI-assisted Rescue, the details needed to generate your response may be sent through our Firebase function to OpenAI. This may include the habit type or name, urge details, chosen support style, and relevant prior context. Bommi uses it only to return the requested support, not for marketing.
- Account: Apple or Google sign-in provides identifiers and basic account details needed to authenticate you and protect your backups.
- Purchases: Apple, Google, and RevenueCat process product, purchase, receipt, entitlement, and restore information. Bommi does not receive your full payment-card details.
- Feedback: information you voluntarily send, such as a message or email address, is used to respond and improve Bommi.
2. Analytics and our own marketing measurement
Firebase Analytics helps us understand aggregate product use, such as onboarding completion, feature adoption, Rescue completion, retention milestones, paywall performance, backups, widgets, and notification permission outcomes. Events may include app version, device/platform details, coarse location inferred by the provider, and pseudonymous identifiers. We do not intentionally include user-entered habit names, reasons, Rescue text, or backup contents in analytics events.
On iOS, if you permit tracking through Apple’s App Tracking Transparency prompt, the device advertising identifier may be used to measure which of Bommi’s own marketing campaigns led to an install or app use. On Android, the advertising identifier may serve the same attribution purpose. We do not use these identifiers to show personalized ads, sell your information, or share your habit content for third-party marketing.
3. Reliability and crash reporting
Firebase Crashlytics receives crash reports and technical diagnostics such as app version, device model, operating-system version, stack traces, and installation identifiers. This helps us fix failures. We do not intentionally attach user-entered habit or Rescue content to crash reports.
4. Notifications
If enabled, Bommi schedules reminders and supportive alerts. Notification permission can be changed in your device settings. Notification scheduling does not require access to external storage.
5. Providers and disclosure
We disclose only the information needed for a requested feature or essential app operation to service providers acting for us: Google Firebase (authentication, storage, database, functions, analytics, and Crashlytics), OpenAI (optional AI Rescue), RevenueCat (subscription status), Apple, and Google Play. Their processing is governed by their terms and privacy notices. We may also disclose information when legally required, to protect users, or during a business transfer subject to appropriate safeguards.
We do not sell or rent personal information. We do not share personal information with advertisers or data brokers, and we do not use sensitive recovery data to build advertising profiles.
6. Retention and deletion
Local records remain on your device until you delete them, reset the app, or uninstall it. Cloud backups remain until you remove them or delete your account, subject to short-lived operational copies. AI requests are processed to return the feature; provider security and retention practices may also apply.
A signed-in user can delete their account from Settings → Cloud Sync → Delete Account, including after a subscription has lapsed. For security, Apple or Google may require you to sign in again. Account deletion removes the Firebase account and Bommi cloud backups and associated cloud records. It does not erase the local database on your device; you control that copy separately by deleting local data or uninstalling Bommi.
7. Security and international processing
We use platform authentication, access controls, encrypted network connections, and managed cloud security controls. No system is completely secure. Providers may process information in countries other than yours under their applicable transfer safeguards.
8. Your choices and rights
You can decline analytics tracking permission where offered, disable notifications, avoid optional AI Rescue or cloud backup, sign out, and delete your account. Depending on where you live, you may also have rights to access, correct, delete, restrict, or object to processing. Contact us to exercise a right that is not available in the app.
9. Health and children
Bommi is a self-management tool, not medical advice, diagnosis, treatment, emergency care, or a substitute for a qualified professional. Bommi is not directed to children under 13, or a higher minimum age where local law requires it. We do not knowingly collect children’s personal information.
10. Changes and contact
We may update this policy as Bommi changes. We will update the effective date and provide additional notice when required. Questions or privacy requests can be sent to lazyhippo.apps@gmail.com.