Legal

Privacy Policy

How Prisma handles your data — written in plain language, backed by what the app actually does.

Effective date: April 16, 2026 · Last updated: April 16, 2026

At a glance

We do not sell your data. Ever. To anyone.
No ads, no ad networks, no data brokers. Prisma has no advertising SDKs.
No account required. Your habits live on your device.
Analytics & crash reports are collected via Google Firebase to keep the app working and improving.
Payments are handled entirely by Google Play — we never see your card.
Backups go to your private Google Drive space — we cannot read them.

1. Who we are

Prisma (the “app”) is a habit tracker for Android published under the package name com.hapo.prisma. The app and this Privacy Policy are operated by Ivan Haponiuk trading as Haponiuk (“we”, “us”, “our”), based in Argentina.

For the purposes of the EU General Data Protection Regulation (GDPR), UK GDPR, and equivalent laws, we are the data controller for personal data processed through the app.

You can contact us at any time at ivanhaponiuk01@gmail.com.

2. Information we collect

2.1 Information you create inside the app

When you use Prisma, you create content such as habit names, categories, colors, reminder times, target frequencies, completion entries, notes, onboarding answers (your stated goals, blockers, preferred time, ambition level), and settings. This content is stored locally on your device in a SQLite database (prisma.db) and in Android preference files. We do not receive a copy of this content on our servers.

If you have Google’s Android Backup enabled, this local content is automatically backed up by the operating system to your own private Google Drive storage so it can be restored when you reinstall Prisma or switch devices. This backup is encrypted and accessible only to your Google account — we cannot view, download, or modify it. See Google’s Android Backup documentation for details.

2.2 Information collected automatically

To keep the app stable and understand how it’s used in aggregate, Prisma integrates the following Google Firebase SDKs (collection is disabled in development/debug builds and enabled only in the production release distributed through Google Play):

Service	What it sees	Why
Firebase Analytics	Screen names, in-app events (habit created, habit completed, onboarding completed, paywall shown, purchase started/completed/restored, CSV exported/imported, weekly recap viewed), a pseudonymous app-instance ID, device type, OS version, language, coarse region, and — unless you have limited it at the OS level — the Android advertising ID.	Product analytics, retention cohorts, funnel measurement.
Firebase Crashlytics	Crash stack traces, device model, OS version, app version, and a Crashlytics installation UUID.	Diagnosing crashes and bugs.
Firebase Performance Monitoring	App start time, screen rendering metrics, and aggregated performance traces.	Detecting slowdowns and regressions.
Firebase Remote Config	Fetches configuration values we set remotely. Sends a pseudonymous instance ID to Google.	Enabling feature flags and safe rollouts without forcing app updates.
Firebase Cloud Messaging	An anonymous FCM token tied to your device installation.	Receiving optional push notifications from us (such as product announcements). Not currently used to send user-identified content.

Firebase may log additional standard fields as described in Firebase’s Privacy and Security page and Google’s Privacy Policy.

2.3 Payment information

If you buy Prisma Premium (monthly subscription, yearly subscription, or lifetime one-time purchase), the transaction is processed by Google Play Billing. Google is the merchant of record and handles your payment instrument, billing address, and tax information. Prisma only receives the purchase outcome: the product ID you bought, an opaque purchase token, and the acknowledgement state. We never receive your credit-card number, PayPal address, or any other payment credentials.

2.4 Information we do not collect

Your name, email, phone number, or postal address (the app has no sign-up or account).
Your precise location (Prisma does not request location permissions).
Your contacts, calendar, photos, microphone, or camera.
SMS or call log data.
Health Connect or other specially-protected health data.

3. How we use your information

We process the categories of data above strictly to:

Provide the habit-tracking functionality you installed the app for (storing your habits, showing streaks, firing reminders you scheduled).
Deliver reminder and evening-nudge notifications via local AlarmManager — those notifications are generated entirely on your device and do not leave it.
Process your purchase of Prisma Premium and grant you access to premium features.
Diagnose crashes, detect performance issues, and fix bugs.
Understand, in aggregate, which features are used so we can improve the product.
Roll out features safely through server-side configuration.
Comply with applicable legal obligations and respond to lawful requests.

We do not use your data for behavioural advertising, cross-app tracking, profiling that produces legal effects, or training machine-learning models.

4. Third-party services

Prisma relies on the following third-party providers. Each is listed with its role and privacy policy link.

Google Firebase (Analytics, Crashlytics, Performance Monitoring, Remote Config, Cloud Messaging) — firebase.google.com/support/privacy.
Google Play Billing — processes subscription and one-time purchases. Google Play billing policies.
Google Play services — required Android runtime dependency on your device. Google Privacy Policy.
Android Backup (Google Drive) — operating-system backup to your personal Drive space. Android Backup help.

Prisma does not embed any advertising SDKs, cross-app trackers, social-login providers, or customer-data platforms.

6. Storage and security

Your habit content is stored locally on your device, inside the app’s private storage area, which Android isolates from other apps. Data in transit between the app and Firebase is encrypted with TLS 1.2+.

Firebase data is stored on Google-operated servers with the security controls described in Firebase’s Privacy and Security documentation. Android Auto Backup data is encrypted at rest inside your own Google Drive storage.

No system is perfectly secure. If we ever become aware of a data incident affecting you, we will notify you and the competent authorities as required by applicable law.

7. International data transfers

We operate from Argentina, and Google’s servers are distributed globally, including in the United States and the European Economic Area. When personal data is transferred outside your country of residence, we rely on the safeguards Google implements as a processor, including the European Commission’s Standard Contractual Clauses where applicable, and equivalent mechanisms for UK and Swiss data.

8. Your rights and choices

Depending on where you live, you may have the following rights:

Access — request a copy of the personal data we hold about you.
Rectification — correct inaccurate data.
Erasure (“right to be forgotten”) — ask us to delete your data.
Restriction or objection — limit or object to certain processing, including analytics.
Portability — receive your data in a portable format.
Withdraw consent — where processing is based on consent.
Lodge a complaint with your local data protection authority (for EEA users, see the list at edpb.europa.eu).

How to exercise these rights inside the app

Export your data. Settings → Data → Export CSV produces a copy of all your habits and entries on your device.
Delete your data. Uninstalling Prisma removes all locally stored data from your device. To also delete the backup held in your Google Drive, open the Google One app → Settings → Back up → Manage backups, and delete the Prisma entry. For analytics and crash data retained by Google, contact us (see below) and we will submit a deletion request on your behalf.
Opt out of analytics. You can limit ad and analytics tracking at the OS level through Android Settings → Privacy → Ads → Delete advertising ID. You can also email us to request that we disable analytics collection for your installation — we will use the unique app-instance identifier you provide to honor this.
Notification preferences. You can turn off reminders in Android Settings → Apps → Prisma → Notifications, or disable individual reminders within the app.

Requests by email

To exercise any right or ask a question, email us at ivanhaponiuk01@gmail.com. We respond within 30 days (or sooner where required by law). We may ask you for information necessary to verify your request, and we will not charge you except where permitted by law for manifestly unfounded or excessive requests.

California residents

Under the California Consumer Privacy Act (CCPA) as amended by the CPRA, California residents have the right to know what personal information we collect, to request deletion, to correct, and to opt out of “sale” or “sharing” of personal information. As stated above, we do not sell or share personal information for cross-context behavioural advertising. You may exercise all CCPA rights by emailing ivanhaponiuk01@gmail.com. We will not discriminate against you for exercising any right.

9. Data retention

Habit content on your device is retained until you delete it inside the app or uninstall.
Android Backup copies in your Google Drive are retained according to Google’s schedule (typically deleted if a device is inactive for ~2 months or if you remove the app’s backup manually).
Firebase Analytics data is retained for up to 14 months by default, then automatically deleted.
Crashlytics data is retained for approximately 90 days.
Purchase records are retained by Google Play for the duration required by Google’s policies and applicable tax law.

10. Children’s privacy

Prisma is not directed to children. We do not knowingly collect personal data from anyone under the age of 13 (or 16 in the EEA/UK, or the equivalent minimum age in your jurisdiction). If you believe a child has provided us with personal data, contact ivanhaponiuk01@gmail.com and we will delete it.

11. Legal basis for processing (EEA, UK, Switzerland)

Under GDPR and equivalent laws, our legal bases are:

Performance of a contract — to deliver the app and any premium purchase you make.
Legitimate interests — to keep the app secure, prevent abuse, diagnose crashes, and understand aggregate usage; always balanced against your privacy interests.
Legal obligations — tax, accounting, consumer protection, and lawful requests.
Consent — for any processing that requires it under local law; you can withdraw consent at any time.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the app, in applicable law, or in our practices. When we do, we will change the “Last updated” date at the top of this page. If the changes are material, we will notify you in-app or by other reasonable means before they take effect. Continued use of Prisma after the update means you accept the revised policy.

13. Contact

Questions, requests, or concerns? Reach out at ivanhaponiuk01@gmail.com.

Mailing address available on request.