隐私政策

[!NOTE] 为了保持法律文本一致性，本隐私政策仅提供英文版本。 For legal consistency, this policy is provided in English only.

Habisun Privacy Policy

Effective Date: May 15, 2026
Last Updated: May 15, 2026

This Privacy Policy explains how Voxria Tech (“Voxria Tech”, “Habisun”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects personal information when you use the Habisun mobile application, websites, backend APIs, and related services (collectively, the “Services”).

Habisun is a family task, habit, reward, and parent-child collaboration service. The Services are intended to be managed by parents or legal guardians. Child profiles and child-facing experiences are controlled by a parent or guardian account.

If you do not agree with this Privacy Policy, please do not use the Services. This Policy should be read together with our Terms of Service.

1. Who We Are and How to Contact Us

Controller / Operator: Voxria Tech
Product: Habisun
Email: support@habisun.com
Website: www.habisun.com
Registered Address: Building 6, No. 258 Changjiang Road, Baoshan District, Shanghai, China

For privacy requests, account deletion, parental consent questions, or security concerns, contact us at the email above.

2. Information We Collect

We collect only information that is reasonably necessary to provide, secure, maintain, and improve the Services.

2.1 Account and Authentication Information

When you create or access an account, we may collect:

email address;
display name;
authentication provider identifiers, such as Firebase Auth user ID, Google sign-in ID, or Apple sign-in ID;
login status, account creation time, account update time, and locale;
parent PIN status and related security metadata, such as failed attempt count and lockout time. We store PIN verification data in protected form and do not store your plain-text PIN.

2.2 Family, Parent, and Child Profile Information

Parents or guardians may create and manage family data, including:

family membership, parent/guardian role, and child role;
child nickname or display name;
child avatar, profile image, icon choice, birthday or age group, and preferred form of address;
family invitations, invitee email address, invitation status, and family membership status;
preferences such as language, theme, notification settings, and app mode.

Please do not add sensitive information about a child unless it is necessary for your family use of the Services.

2.3 Task, Habit, Reward, Wish, and Activity Data

To operate the core product, we process data such as:

task definitions, schedules, recurrence rules, reminders, task categories, and task assignments;
task completion records, review status, proof notes, reviewer notes, and optional proof images;
reward templates, reward inventory, reward redemption history, coin balances, and coin ledger records;
wish requests, wish descriptions, parent review messages, and related reward conversion records;
focus sessions, growth reports, messages, in-app event notifications, and read status.

2.4 Images and Uploaded Files

If you choose to upload or capture images, we may process:

profile avatars for parents or children;
task proof images;
reward images or other family content images;
image metadata required to store, compress, deliver, or delete the file.

We use these files only for the purposes selected in the App and related family features.

2.5 Device, App, and Technical Information

We may automatically collect or receive:

device model, operating system, app version, platform, language, and region settings;
device notification token, such as Firebase Cloud Messaging token, when notifications are enabled;
device name or similar diagnostic device information where available;
IP address, request metadata, server logs, API route, timestamps, and error logs;
crash, performance, and diagnostic information;
analytics events about product usage, such as feature usage, screen flows, subscription events, and app stability signals.

2.6 Purchase and Subscription Information

Habisun may offer paid subscription plans through Apple App Store, Google Play, and RevenueCat. We may process:

product ID, entitlement ID, billing cycle, subscription status, purchase time, expiration time, renewal status, refund or revocation status;
RevenueCat customer identifiers and app user identifiers;
app store transaction metadata needed to verify and maintain paid access.

We do not collect or store full payment card numbers. Payment processing is handled by the applicable app store or payment platform.

2.7 Website Cookies and Similar Technologies

Our website may use cookies or similar technologies to keep the website functional, understand visits, improve performance, and prevent abuse. You can manage cookies through your browser settings.

3. App Permissions We Request

Habisun requests device permissions only when needed for a feature. You can grant or deny permissions through your device settings. If you deny a permission, the related feature may not work, but the rest of the Services may remain available.

Permission	Platform	Purpose	When Used
Internet / network access	Android, iOS	Connect to our APIs, Firebase, Supabase, Cloudflare, RevenueCat, Sentry, and app store services; sync family data; load images; send diagnostics.	Required for cloud sync, login, subscriptions, notifications, and online features.
Camera	Android, iOS	Let you take a profile photo, reward image, or task proof image.	Only after you choose a camera-based feature.
Photo library / media picker	iOS and supported Android versions through system picker	Let you select an existing image for avatars, rewards, or task proof.	Only after you choose an image selection feature.
Notifications	Android 13+, iOS	Send task reminders, family updates, review results, subscription or service messages, and other app notifications.	Only after permission is granted or notifications are enabled.
Background remote notifications	iOS	Support delivery and handling of remote notifications.	Used for notification-related service behavior.
Local storage / secure storage	Android, iOS	Store app preferences, local cache, authentication/session material, and encrypted local data.	Used to keep the App functional and support offline or faster access.
Device information	Android, iOS	Improve compatibility, support troubleshooting, detect platform-specific issues, and manage notification delivery.	Collected as part of diagnostics, support, and notification features.

Habisun does not request precise location, contacts, microphone, calendar, SMS, phone call, or health data permissions in the current version.

4. How We Use Information

We use personal information for the following purposes:

create, authenticate, secure, and maintain accounts;
provide family management, child profiles, tasks, habits, rewards, wishes, reports, and notifications;
sync data across devices and family members;
process subscriptions, entitlements, renewals, cancellations, refunds, and app store events;
store and deliver user-selected images and other in-app content;
provide customer support and respond to privacy requests;
improve app reliability, performance, safety, usability, and product quality;
detect, prevent, and investigate fraud, abuse, security incidents, policy violations, and technical issues;
comply with law, enforce our Terms, and protect our rights, users, and Services.

5. Legal Bases for Processing

Depending on your location, we rely on one or more legal bases:

Contract necessity: to provide the Services you request.
Consent: for optional permissions, notifications, certain analytics choices, and child-related processing where consent is required.
Legitimate interests: to secure, debug, improve, and protect the Services, provided those interests are not overridden by your rights.
Legal obligations: to comply with applicable laws, tax, accounting, consumer protection, app store, and safety requirements.
Parental authorization: for child profile and child-related family data managed by a parent or legal guardian.

6. Children and Family Privacy

Habisun is designed for families and is intended to be controlled by parents or legal guardians. Children should use the Services only under the supervision and authorization of a parent or legal guardian.

We do not knowingly allow children to create independent parent accounts. Child profiles are created and managed by a parent or legal guardian. Where laws such as COPPA, GDPR-K, the UK Age Appropriate Design Code, or China personal information protection requirements apply, we aim to obtain or rely on appropriate parental authorization before collecting, using, or disclosing child personal information.

Parents or legal guardians may request access, correction, deletion, or restriction of child profile information by using in-app controls or contacting us at support@habisun.com. If we learn that we collected child personal information without required parental authorization, we will take reasonable steps to delete or de-identify it.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We share information only as reasonably necessary for the Services, legal compliance, security, or business operations.

7.1 Service Providers and SDKs

The App and backend may use the following third-party service providers or SDKs. Their processing may involve data transfer to their infrastructure.

Provider / SDK	Purpose	Data That May Be Processed
Firebase / Google Cloud	Authentication, Firebase Cloud Messaging, analytics, crash reporting, token verification, and cloud service support.	Account identifiers, email, provider ID, app instance data, notification tokens, crash logs, device/app information, analytics events.
Google Sign-In	Optional account sign-in.	Google account identifier, email, display name, authentication tokens or assertions.
Sign in with Apple	Optional account sign-in.	Apple user identifier, relay email where selected, authentication tokens or assertions.
Supabase	Database and backend data storage.	Account, family, profile, task, reward, wish, subscription, and operational data.
Cloudflare Workers	API hosting, routing, security, request handling, and logs.	API requests, IP address, headers, timestamps, authentication verification data, operational logs.
Cloudflare R2	Image and file storage.	Avatars, proof images, reward images, file keys, metadata needed to serve and delete files.
RevenueCat	Subscription entitlement management and app store purchase validation.	App user ID, product ID, entitlement ID, purchase and renewal status, transaction metadata from app stores.
Apple App Store / Google Play	In-app purchase processing, subscription management, distribution, and app review compliance.	App store account/payment information handled by the app store, transaction identifiers, subscription status.
Sentry	Error monitoring, crash diagnostics, performance monitoring.	Crash traces, error logs, device/app information, diagnostic breadcrumbs, network error metadata.
Flutter and Flutter plugins listed in the App	Core app framework and device features such as image picking, secure storage, device info, local notifications, sharing, networking, local database, and image caching.	Data depends on the feature used, such as selected images, device info, local preferences, or local cached content.

7.2 Legal, Safety, and Business Disclosures

We may disclose information:

to comply with law, court orders, subpoenas, government requests, or app store compliance requirements;
to protect users, children, families, our Services, and the public from fraud, abuse, security threats, or harm;
to enforce our Terms and other agreements;
in connection with a merger, acquisition, financing, reorganization, asset sale, or similar business transaction, subject to appropriate protections.

8. International Transfers

The Services use global cloud providers and app platforms. Your information may be processed in countries or regions outside where you live. Where required, we use reasonable safeguards such as contractual protections, access controls, data minimization, and vendor due diligence.

If you are located in mainland China, the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction with cross-border transfer rules, we will handle cross-border processing according to applicable legal requirements.

9. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, including providing the Services, maintaining account records, resolving disputes, enforcing agreements, meeting legal obligations, preventing abuse, and preserving security.

Typical retention practices include:

account and family data: retained while your account or family workspace is active;
child profile, task, reward, wish, and activity data: retained while needed for family use and sync unless deleted by a parent or through account deletion;
uploaded images: retained while linked to active family content or until deleted, subject to backups and technical deletion cycles;
subscription records: retained as needed for entitlement verification, accounting, dispute handling, and legal compliance;
crash, analytics, and server logs: retained for a limited period reasonably necessary for security, diagnostics, and service improvement;
deleted account data: deleted, anonymized, or isolated according to our account deletion workflow, except where retention is legally required or necessary for security, fraud prevention, or dispute resolution.

10. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information, including:

encrypted transport where supported;
protected local storage and encrypted local database techniques where implemented;
access controls for backend systems;
authentication token verification;
service provider controls and secret management;
monitoring, logging, and incident response procedures;
deletion and de-identification workflows where appropriate.

No system is completely secure. If you believe your account or family data has been compromised, contact us immediately.

11. Your Choices and Rights

Depending on your location, you may have rights to:

access personal information we hold about you;
correct inaccurate information;
delete personal information;
restrict or object to certain processing;
withdraw consent where processing is based on consent;
receive a copy of certain information in a portable format;
opt out of sale or sharing where applicable. We do not sell personal information or share it for cross-context behavioral advertising;
appeal a privacy request decision where applicable.

You may exercise rights through in-app settings where available or by contacting support@habisun.com. We may need to verify your identity and authority, especially for family or child data requests.

12. Managing Permissions, Notifications, and Account Deletion

You can manage app permissions in your device settings. You can manage push notifications in the App or operating system settings. You can manage subscriptions through Apple App Store or Google Play account settings.

You can request account deletion in the App where available or by contacting us. Account deletion may remove or anonymize account, family, and child profile data, subject to legal, security, backup, and technical limitations. If a family has multiple parents or guardians, deletion may affect family access and shared content.

13. California Privacy Notice

If the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), applies to you, the categories of personal information we may collect include identifiers, customer records, commercial information, internet or electronic network activity, geolocation at a coarse level inferred from network metadata where applicable, audio/visual information you upload such as images, inferences related to preferences, and sensitive personal information such as account login credentials or child data where provided.

We use and disclose these categories for the purposes described in this Policy. We do not sell personal information or share it for cross-context behavioral advertising. We do not knowingly sell or share personal information of consumers under 16.

14. Mainland China Privacy Notice

If the Personal Information Protection Law of the People’s Republic of China or related rules apply, we process personal information according to principles of legality, legitimacy, necessity, good faith, transparency, purpose limitation, data minimization, and security.

Sensitive personal information may include child personal information, precise account credentials, payment-related transaction status, and images you upload. We process sensitive personal information only for specific purposes, with necessity, and where required with separate consent or parental consent.

You may request access, copy, correction, deletion, restriction of processing, account cancellation, explanation of processing rules, or withdrawal of consent by contacting us.

15. European and UK Privacy Notice

If GDPR or UK GDPR applies, you may have rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. You may also have the right to lodge a complaint with your local data protection authority.

Where we rely on legitimate interests, those interests include service security, debugging, fraud prevention, product improvement, and operating a family productivity service. Where we process child-related information, we rely on parent or guardian authorization and other applicable legal bases.

16. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the App, website, app store listing, email, or other reasonable means, and update the “Last Updated” date. Your continued use of the Services after the effective date means you acknowledge the updated Policy.

17. Contact Us

If you have questions or requests about this Privacy Policy, contact us:

Voxria Tech
Email: support@habisun.com
Website: www.habisun.com
Address: Building 6, No. 258 Changjiang Road, Baoshan District, Shanghai, China