Privacy Policy

Last updated: 31.12.2025

1. Introduction

NotionHabitHeroes ("we", "our", "us") is operated by Lucas Spiller, located at Nidderau, Germany. We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR).

2. Data Controller

Lucas Spiller
Hügelstr. 19
61130 Nidderau
Germany
Email: contact@notionhabitheroes.com

3. Data We Collect

3.1 Account Data

  • Email address
  • Username
  • Password (encrypted)
  • Timezone

3.2 Notion Integration Data

  • Notion User ID
  • Notion Workspace ID
  • Notion Database ID
  • OAuth Access Token (encrypted)
  • Habit names and completion status
  • Journal entries and dates

3.3 Usage Data

  • Habit tracking statistics
  • Streaks and points
  • Competition participation data
  • Perfect day counts

3.4 Payment Data

Payment processing is handled by Stripe. We do NOT store credit card numbers.

  • Stripe processes and stores payment information
  • We only receive: subscription status, payment confirmation, customer ID

3.5 Technical Data

  • IP address (for security purposes)
  • Browser type and version
  • Device information

4. How We Use Your Data

PurposeLegal Basis (GDPR)
Provide the habit tracking serviceContract performance (Art. 6(1)(b))
Process paymentsContract performance (Art. 6(1)(b))
Sync data with your Notion workspaceContract performance (Art. 6(1)(b))
Send service-related emailsContract performance (Art. 6(1)(b))
Send newsletter (if subscribed)Consent (Art. 6(1)(a))
Improve our serviceLegitimate interest (Art. 6(1)(f))
Prevent fraud and abuseLegitimate interest (Art. 6(1)(f))

4.1 Newsletter

If you subscribe to our newsletter, we collect and process:

  • Email address - to send you the newsletter
  • Subscription and confirmation date - to document your consent (double opt-in)

Content: Updates about NotionHabitHeroes, new features, tips for habit tracking, and occasional promotional content.

Unsubscribe: You can unsubscribe at any time via the link at the bottom of every newsletter or by contacting us at contact@notionhabitheroes.com. Your data will be deleted promptly after unsubscription.

Service Provider: We use Mailjet (Mailjet SAS, Paris, France) to send our newsletters. Mailjet processes your data on our behalf within the European Union. For more information, see their privacy policy.

5. Third-Party Services

5.1 Notion (Notion Labs, Inc.)

  • Purpose: Workspace integration
  • Data shared: OAuth tokens, habit data, journal entries
  • Location: USA
  • Safeguards: Standard Contractual Clauses
  • Privacy Policy: Notion Terms and Privacy

5.2 Stripe (Stripe, Inc.)

  • Purpose: Payment processing
  • Data shared: Email, payment information
  • Location: USA
  • Safeguards: Standard Contractual Clauses, PCI DSS compliant
  • Privacy Policy: Stripe Privacy

5.3 Netlify (Netlify, Inc.)

  • Purpose: Website hosting
  • Data shared: IP address, browser information, access logs
  • Location: USA
  • Safeguards: Standard Contractual Clauses
  • Privacy Policy: netlify.com/privacy

5.4 Amazon Web Services (AWS)

  • Purpose: Backend hosting and data storage
  • Data shared: All application data
  • Location: EU (Frankfurt)
  • Privacy Policy: aws.amazon.com/privacy

5.5 Mailjet (Mailjet SAS)

  • Purpose: Newsletter delivery
  • Data shared: Email address (only if subscribed)
  • Location: France (EU)
  • Privacy Policy: mailjet.com/privacy-policy

6. Data Retention

Data TypeRetention Period
Account dataUntil account deletion
Habit tracking dataUntil account deletion
Payment records10 years (German tax law)
Server logs30 days

7. Your Rights (GDPR)

You have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectify inaccurate data (Art. 16 GDPR)
  • Erase your data ("right to be forgotten") (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability – receive your data in a machine-readable format (Art. 20 GDPR)
  • Object to processing based on legitimate interest (Art. 21 GDPR)
  • Withdraw consent at any time (Art. 7(3) GDPR)
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at contact@notionhabitheroes.com.

8. Data Security

We implement appropriate technical and organizational measures:

  • Encrypted data transmission (TLS/SSL)
  • Encrypted storage of sensitive data (passwords, tokens)
  • Regular security updates
  • Access controls and authentication
  • Secure hosting on AWS infrastructure

9. International Data Transfers

Some of our service providers are located in the USA. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) approved by the EU Commission.

10. Cookies

We use only essential cookies required for the service to function:

CookiePurposeDuration
SessionAuthenticationSession
JWT TokenUser identification24 hours

We do NOT use tracking cookies, analytics cookies, or advertising cookies.

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children.

12. Account Deletion

You can delete your account at any time through the application settings. Upon deletion:

  • Your account data will be removed immediately
  • Your Notion integration will be disconnected
  • Your data will be removed from leaderboards
  • Payment records will be retained for legal compliance (10 years)

13. Changes to This Policy

We may update this Privacy Policy. We will notify you of significant changes via email or in-app notification. Continued use after changes constitutes acceptance.

14. Supervisory Authority

You have the right to lodge a complaint with a data protection authority:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
Germany
www.bfdi.bund.de

15. Contact

For privacy-related questions:

Lucas Spiller
Hügelstr. 19
61130 Nidderau
Germany
Email: contact@notionhabitheroes.com