Effective Date: May 30, 2026
This Privacy Policy explains how Paladin Labs LLC, an Indiana company ("Paladin Labs," "HabitatOS," "we," "us," or "our"), collects, uses, discloses, and protects information when you use HabitatOS, including our mobile application, website, account features, support channels, and related services (collectively, the "Service").
HabitatOS helps reptile keepers track animals, care schedules, husbandry records, enclosure data, sensor readings, reminders, subscriptions, and related records. This Policy is intended to describe our data practices in plain language. It is not a substitute for our Terms of Use.
We collect information used to create, access, secure, and manage your account. This may include your email address, display name, password hash, account ID, device ID, authentication tokens, recovery-key hash, email verification status, password reset status, linked Apple or Google sign-in identifiers, account creation date, last-seen date, onboarding status, and session information.
If you use Sign in with Apple or Google Sign-In, those providers may share account identifiers and, depending on your settings, email address, display name, and email verification status with us. We use this information to create, link, and authenticate your HabitatOS account.
We collect technical information needed to operate and secure the Service, including device identifiers, platform information, device or session metadata, IP address associated with sessions, app version, login/session timestamps, and diagnostic information.
We collect the reptile and husbandry information you enter or generate in the Service. This may include reptile names, species, morph, sex, origin, hatch date, acquisition date, enclosure information, notes, care schedules, feeding logs, misting logs, shedding logs, weight logs, waste logs, handling logs, health check logs, medications, medication logs, custom events, reminders, misting reservoir data, breeding records, clutches, offspring records, zones, racks, enclosures, target temperature and humidity ranges, and related timestamps.
If you choose to add photos or scan QR codes, we may request access to your camera or photo library. Reptile photos you upload may be compressed, converted, stored, and associated with your account and the relevant reptile record. Camera and photo-library permissions are controlled by your device settings.
HabitatOS does not currently use AI photo analysis. If we introduce AI-powered photo analysis in the future, we will update this Policy before using that feature.
If you connect a third-party sensor provider, we collect the credentials or connection information needed to connect that provider. Depending on the provider, this may include an email address and password, API key, API secret, client ID, client secret, region, host or device address, access token, refresh token, provider account metadata, provider device IDs, device names, hidden-device preferences, and selected assets.
Connected sensor providers may include providers such as MOCREO, Govee, Tuya/Smart Life, SensorPush, Inkbird, Herpstat, Shelly, SwitchBot, and other supported providers. When connected, HabitatOS may collect or generate sensor telemetry, including temperature, humidity, online status, captured timestamp, enclosure or reptile mapping, aggregated readings, alerts, alert rules, threshold values, trigger values, acknowledgement status, and resolved status.
HabitatOS includes reptile passport features. We may collect and process passport status, tracked-since date, transfer count, total care events, record completeness score, public share token, public slug, origin breeder name, source type, passport metadata, score, score trend, score reasons, score events, snapshots, transfer tokens, recipient email addresses, transfer notes, transfer status, ownership history, and PDF export data.
If you create a public passport link, information included in that public passport may be visible to anyone with the link or public slug until you revoke sharing or delete the related data.
Paid subscriptions are managed through app-store payment systems and RevenueCat. We do not directly collect or store full credit card numbers or payment card security codes. We may receive and store subscription-related information such as subscription tier, subscription status, entitlement source, RevenueCat customer ID, entitlement ID, last verification time, expiration time, verification failure count, grace-period status, and related notice timestamps.
If you contact us or use support features, we may collect your email address, the contents of your message, app version, platform, reptile count, and any other information you choose to include. We may send transactional emails such as verification codes, password reset codes, welcome emails, subscription verification notices, and support responses.
If you enable push notifications, we collect and store push tokens, platform information, notification-enabled status, and reminder details needed to send reminders. Reminder details may include reptile name, species, reminder type, scheduled due time, and sent status.
HabitatOS stores some information locally on your device so the app can work reliably. Local storage may include authentication state, user ID, device ID, linked email/display name, local app database records, pending sync data, deleted-item queues, last sync timestamps, migration state, notification preferences, scheduled-notification state, photo upload queue data, ordering preferences, and similar app state. On supported native platforms, sensitive authentication tokens may be stored using secure device storage.
We may use diagnostic and crash-reporting tools, including Sentry, to identify and fix errors. Diagnostic reports may include technical information such as error messages, stack traces, route or method information, environment, release identifier, device or platform context, and user ID. We configure diagnostics to avoid sending default personal information where possible and to redact sensitive fields such as passwords, tokens, API keys, secrets, credentials, authorization headers, cookies, and email fields.
Our website uses Webflow Analyze to understand website traffic and performance. Webflow Analyze may provide us with aggregate or technical information about website visits, such as pages viewed, traffic sources, device or browser information, and general usage trends. We do not use website cookies for this purpose.
We use information to:
We do not sell your personal information. We also do not share your personal information for cross-context behavioral advertising.
We may disclose information as follows:
HabitatOS may depend on third-party services that process information under their own terms and privacy policies. These may include Apple, Google, RevenueCat, Sentry, Webflow, email providers, object storage providers, hosting providers, database providers, Expo, push notification providers, app-store platforms, and sensor providers you choose to connect.
When you connect a third-party sensor account, you are directing HabitatOS to access that account on your behalf. Your use of that provider remains subject to the provider's own terms, privacy policy, account rules, API limits, and data practices.
Sensor integrations are optional. If you connect a sensor provider, HabitatOS may store credentials, access tokens, or API connection details so we can retrieve device and environmental readings. We use encryption for provider credentials stored by the Service. No method of storage or transmission is completely secure, and you should only connect provider accounts that you are authorized to use.
HabitatOS may poll connected sensor providers periodically and may store raw readings for a limited period, generate aggregated readings, create alerts, and associate readings with reptiles, enclosures, zones, or devices. Raw sensor telemetry is designed to be retained for 14 days before cleanup. Aggregated sensor readings may be retained longer unless deleted with your account or as otherwise required.
You retain ownership of the content you submit to HabitatOS, such as reptile photos, names, notes, logs, records, and passport data. We process that content to provide the Service, including syncing, storing, displaying, compressing, converting, organizing, exporting, sharing, and backing it up.
Reptile photos may be stored in private object storage and served through authenticated or signed access flows. If you include photos or details in a public passport, transfer, export, or shared record, other people may be able to view that information.
HabitatOS passport features may allow you to create public links, transfer records, generate PDF exports, display QR codes, and share reptile care history. You are responsible for reviewing the information included before sharing a passport, transfer, QR code, PDF, or public link.
Public links may be accessible by anyone who has the link or public slug. You can revoke public sharing where the Service provides that option, but people who previously accessed or downloaded shared information may retain copies.
Push notifications are optional and can be controlled through the app and your device settings. If enabled, we use push tokens and reminder data to send care reminders, alerts, and test notifications.
We send transactional emails for account and service-related purposes, such as email verification, password reset, welcome messages, support, and subscription verification notices. We do not currently send marketing emails, and we do not plan to send marketing emails.
HabitatOS subscriptions may be offered through Apple, Google, RevenueCat, or other app-store payment systems. We use subscription status and entitlement information to determine access to paid features. We do not directly process full payment card details.
Subscription management, cancellation, renewal, payment, taxes, chargebacks, and refunds may be handled by the applicable app store or payment provider. Please review the payment provider's terms and privacy policy for more information.
We use technical and organizational safeguards designed to protect information, including password hashing, token-based authentication, credential encryption for sensor-provider secrets, private object storage for photos, redaction of sensitive diagnostic fields, rate limiting, and access controls. However, no system can be guaranteed to be completely secure.
You are responsible for maintaining the confidentiality of your account, password, recovery key, device, app-store account, and third-party sensor provider credentials.
We retain information for as long as reasonably necessary to provide the Service, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud or abuse, maintain backups, and support security and audit needs.
Some local data remains on your device until you delete it, clear app data, or uninstall the app. Server-side account data generally remains while your account exists unless you delete specific records or delete your account.
Raw sensor telemetry is designed to be cleaned up after 14 days, while aggregated readings, account records, reptile records, photos, subscription records, sessions, reminders, and passport records may remain longer unless deleted through app flows, account deletion, or support processes. Backup copies may persist for a limited period after deletion.
You may delete your account in the app from Settings under Data & Privacy. Account deletion is intended to permanently delete your account and associated server-side data, including synced reptile and care records, subscriptions, push tokens, reminders, sessions, and related server records. Local reptile data may remain on your device unless you clear local data or uninstall the app.
You may also request access, correction, deletion, export, or other assistance by contacting us at support@habitatos.app. We may need to verify your identity before completing a request.
Depending on where you live, you may have privacy rights under applicable law. These rights may include the right to request access to personal information, correction, deletion, portability, restriction or objection to certain processing, and information about how personal information is disclosed.
Residents of certain U.S. states may also have the right to opt out of the sale of personal information, sharing for cross-context behavioral advertising, targeted advertising, or certain profiling. We do not sell personal information or share personal information for cross-context behavioral advertising.
To exercise privacy rights, contact us at support@habitatos.app. You may also appeal a denied request by replying to our decision email with the word "Appeal" in the subject line.
HabitatOS is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, contact us and we will take appropriate steps to delete the information.
If you are under the age of majority in your jurisdiction, you should use HabitatOS only with permission from a parent or legal guardian.
HabitatOS may include automated calculations, deterministic insights, care summaries, passport scores, trend indicators, environmental alerts, species guidance, and similar features. These features are informational tools and may be based on data you enter, sensor data, species datasets, and app logic.
HabitatOS does not currently use AI photo analysis. Automated features are not veterinary care, medical advice, legal advice, or a substitute for professional judgment.
HabitatOS is intended to help organize reptile care information. It is not veterinary care, medical advice, legal advice, or a substitute for professional judgment. Species guidance, alerts, passport scores, sensor readings, and care suggestions may be incomplete, delayed, inaccurate, or not appropriate for a particular animal. For health, safety, legal, or emergency concerns, consult a qualified professional.
HabitatOS is operated by Paladin Labs LLC in the United States. If you use the Service from outside the United States, your information may be transferred to, stored in, or processed in the United States and other locations where we or our service providers operate.
We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and provide notice as required by applicable law. Your continued use of the Service after an updated Policy is posted means you acknowledge the updated Policy.
If you have questions or requests about this Privacy Policy or our privacy practices, contact us at:
Paladin Labs LLC Email: support@habitatos.app State of Formation: Indiana