App Privacy Policy

This Privacy Policy explains how TANAB TECHNOLOGIES JOINT STOCK COMPANY (“TanabTech”, “we”, “our”, or “us”) collects, uses, stores, and shares personal data when you use AI Accountability Coach (the “Service”). It is written to support compliance with the EU General Data Protection Regulation (GDPR), Vietnam Decree No. 13/2023/ND-CP on Personal Data Protection, and similar privacy laws.

1. Who we are

Plain English: TanabTech is the company responsible for the app and for answering your privacy requests.

The data controller is TANAB TECHNOLOGIES JOINT STOCK COMPANY, business registration number 0319397744, based in Ho Chi Minh City, Vietnam. Contact us at contact@tanabtech.com.

2. Data we collect

Plain English: we collect the information needed to run your account, coaching threads, reminders, subscriptions, and app reliability.

• Account data: unique user ID, email address, display name, and sign-in provider information from Apple, Google, or email registration.
• Coaching conversation data: messages you send to and receive from the AI coach, including goals, habit descriptions, check-ins, notes, and context you choose to share.
• Habit and progress data: habit records, completion logs, missed-day notes, reminders, settings, and weekly review history.
• Payment and subscription data: subscription status, product IDs, and transaction records processed through Apple, Google Play, and RevenueCat. We do not store your payment card details.
• Technical data: device model, operating system, app version, IP address, approximate location derived from network data, crash logs, diagnostics, and security logs.
• Usage data: feature interactions, session events, notification engagement, and aggregate analytics used to improve the product.

3. Sensitive personal information

Plain English: because habit coaching can be personal, you may share sensitive details. Please keep that to what the app needs.

The app is designed for habit and goal tracking. You may voluntarily share information about health routines, sleep, fitness, mental wellness, stress, cravings, or personal challenges. Some of that information may qualify as sensitive personal data under applicable law. By choosing to share it in the app, you consent to our processing it as described in this policy.

Do not put passwords, financial account numbers, government ID numbers, detailed clinical records, or other highly sensitive information into chat unless it is truly necessary. The app is not built to store those details.

4. What we do not do

Plain English: your habit data is not an advertising product.

• We do not sell, rent, or trade your personal data.
• We do not use your conversations for advertising or ad targeting.
• We do not use your conversations to train public AI models.
• We do not store your full payment card details.
• We do not ask for detailed clinical records or government IDs.

5. AI conversation handling

Plain English: your messages are sent to AI infrastructure so the coach can reply, and those providers are restricted from using your data to train public models.

Coaching messages are transmitted to third-party AI providers, currently including Anthropic PBC and/or OpenAI LLC, to generate coach responses. We use enterprise or API arrangements and data processing terms that prohibit the use of your data to train public AI models.

AI responses can be wrong, incomplete, or inappropriate for your situation. Use your own judgment, and do not rely on the app for medical, psychological, legal, financial, or emergency advice.

6. How we use your data

Plain English: we use data to provide the app, keep it secure, improve it, and meet legal obligations.

• Contractual necessity: creating your account, delivering coaching conversations, storing habits, syncing data, and providing subscription features.
• Legitimate interests: improving product quality, debugging, abuse prevention, security, and reliability.
• Consent: push notifications, optional marketing communications, and processing sensitive data you voluntarily provide.
• Legal obligation: tax, accounting, regulatory compliance, and responding to lawful requests.

7. Who we share data with

Plain English: we share data only with service providers needed to run the app, stores, and legal compliance.

• Anthropic PBC and OpenAI LLC: AI processing for coach responses.
• RevenueCat: subscription and in-app purchase management.
• Firebase / Google Cloud: authentication, database, infrastructure, logs, and app reliability.
• Apple Inc. and Google LLC: app distribution, sign-in, purchases, device services, and push notification infrastructure.
• Professional and legal advisers: only when needed for compliance, disputes, audits, or legal obligations.

We may disclose data if required by law, court order, regulator request, or to protect the rights, safety, and security of users, TanabTech, or the public.

8. Push notifications

Plain English: reminders are optional and controlled by your device settings.

The Service may send push notifications for check-ins, reminders, and recovery prompts. You can enable or disable notifications in your device settings. Turning them off does not affect the rest of the app.

9. Data retention

Plain English: we keep app data while your account is active, then delete or anonymize it on the schedules below unless law requires longer retention.

• Account data: retained while your account is active, plus up to 30 days after deletion for recovery and operational safeguards.
• Coaching conversation and habit data: retained for up to 2 years from last activity, then anonymized or permanently deleted, unless you delete it sooner in the app.
• Technical and diagnostic logs: deleted or anonymized within 90 days where practical.
• Payment records: retained for up to 7 years where required for tax, accounting, or legal compliance.

10. Your rights and choices

Plain English: you can ask for your data, correct it, delete it, restrict it, or export it, and you can withdraw consent where consent is the basis.

Depending on where you live, you may have rights to:

• access a copy of the personal data we hold about you;
• correct inaccurate or incomplete data;
• delete your personal data;
• restrict or object to certain processing;
• export your data in a machine-readable format;
• withdraw consent where processing is consent-based;
• lodge a complaint with a supervisory authority.

You can delete habits, conversations, or your account from the app. You can also email contact@tanabtech.com with “privacy” in the subject line. We will respond within 30 days unless law allows or requires a different timeframe.

11. Security and breach notification

Plain English: we use standard security controls, but no online service can be made perfectly secure.

We use encryption in transit, access controls, provider security controls, monitoring, and limited internal access. If we discover a personal data breach, we will notify the relevant authorities and affected users within timeframes required by applicable law, including GDPR and Vietnam Decree 13/2023/ND-CP.

12. Children

Plain English: this app is for adults.

The Service is intended for users aged 18 and older. Do not create an account or use the Service if you are under 18. If we learn that we collected personal data from a child or minor in violation of this policy, we will delete it promptly.

13. International transfers

Plain English: providers may process data outside your country, including in Vietnam and the United States.

To deliver the Service, your data may be transferred to and processed in countries where TanabTech and our providers operate, including Vietnam and the United States. We use contractual, technical, and organizational safeguards, including Standard Contractual Clauses where required by GDPR and transfer records required by Vietnam Decree 13/2023/ND-CP.

14. Changes to this policy

Plain English: if the policy changes, the date changes, and important changes are announced in the app or on the site.

We may update this policy. Material changes will be communicated through the app, the website, or email where appropriate. Continued use of the Service after an update means the updated policy applies.

15. Contact

Plain English: privacy questions go to the same address as support.

TANAB TECHNOLOGIES JOINT STOCK COMPANY · Ho Chi Minh City, Vietnam · contact@tanabtech.com

For the website-only policy, see Website Privacy Policy.