Privacy Policy

HabitumPilot

HabitumPilot is a local-first app. Your vault contents, prep packs, and meeting notes are stored encrypted on your device - not on our servers.

Last updated: May 2026 / HabitumPilot by HaikoTek

What we store on your device

  • Vault entries (credentials, environment keys, notes) encrypted with your passphrase.
  • Meeting prep packs linked to calendar events.
  • Optional Google Calendar tokens and cached events when you connect Google.
  • App preferences such as auto-lock timing.

What leaves your device

Only if you enable Google Calendar: OAuth tokens and API requests to Google to read calendar events for days you view or sync. We do not receive your Google password.

This build does not include product analytics, crash reporting, or advertising SDKs.

Encryption

Vault files use the HPV1 format (AES-GCM, PBKDF2). Your passphrase is not sent to HaikoTek.

Prep reminders

When enabled, the app schedules a local notification on your device before a meeting. We do not operate a push notification server.

Multiple devices

Vault data is stored per device in this release. Export an encrypted HPV1 backup to move data manually. Automatic encrypted sync may arrive in a later release.

Your choices

  • Delete data by removing the app and its files from your device.
  • Disconnect Google Calendar in Settings to stop calendar API calls.
  • Export an encrypted backup from Settings.

Explore HabitumPilot

Questions about HabitumPilot

For support, privacy, or App Store enquiries, email us. We respond within two business days.