Privacy Policy

Last Updated: 13 July 2025

Hazel with phone

Vibe Labs s.r.o. ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website gethazel.app or use our Hazel mobile application for screen time tracking and app blocking. By using our services, you agree to the collection and use of information in accordance with this policy.

1. Data Controller and Contact Details

Data Controller: Vibe Labs s.r.o.

Registered office: Čs. armády 369/7, Bubeneč, 160 00 Praha 6, Czechia

Business ID: 23452617

Email: admin@gethazel.app

2. Information We Collect

We collect two categories of data:

a. Voluntarily Provided Information

  • Account Data: email address, first name (if provided)
  • Configuration Data: custom screen time goals, app blocking schedules, questionnaire responses

b. Automatically Collected Information

  • Log Data: IP address, browser type, pages visited, timestamps
  • Device Data: device type, operating system version, unique device identifiers
  • Usage Data: screen on/off events, app usage duration, feature interactions
  • Error Data: crash reports, error codes, and related technical details

3. How We Use Your Data

We process your personal data for the following lawful purposes:

  • Performance of a Contract: to provide core features of Hazel, including screen time reporting and app blocking.
  • Legitimate Interests: to improve and personalize our services; perform analytics; detect, prevent, and address technical issues; and enhance security.
  • Legal Compliance: to comply with applicable laws and respond to lawful requests by public authorities.

4. Legal Basis for Processing

Under the EU General Data Protection Regulation (GDPR), our lawful bases are:

  • Contractual necessity (Art. 6(1)(b) GDPR)
  • Legitimate interests (Art. 6(1)(f) GDPR), balanced against your rights and freedoms

5. Sharing and Disclosure of Your Data

We do not sell your personal data. We may share your information with:

  • Service Providers: Amplitude (analytics), Supabase (account authentication), RevenueCat (subscription management)
  • Affiliates: Vibe Labs s.r.o. subsidiaries for internal business purposes
  • Legal Authorities: when required by law, court order, or governmental request
  • Business Transfers: in connection with a merger, acquisition, or sale of assets, under confidentiality obligations

6. International Data Transfers

Your data may be processed on servers located in the Netherlands and other countries where our providers operate. We implement EU Standard Contractual Clauses or equivalent safeguards to ensure adequate protection of your personal data.

7. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy, subject to:

  • Account data: until you delete your account plus 90 days for backup and compliance.
  • Analytics and error data: up to 24 months.
  • Legal obligations: longer if required for statutory retention periods.

8. Cookies and Similar Technologies

Our website uses cookies to improve functionality, analyze traffic, and serve personalized content. You can manage cookie preferences via your browser settings. See our Cookie Policy [link] for details.

9. Security of Your Data

We employ industry-standard organizational, technical, and administrative measures, such as encryption, pseudonymization, access controls, and regular security assessments, to protect against unauthorized access or disclosure.

10. Your Rights Under GDPR

You have the right to:

  • Access and obtain a copy of your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase data (right to be forgotten), subject to legal exceptions.
  • Restrict or object to processing based on legitimate interests.
  • Data portability: receive your data in a structured, machine-readable format.
  • Withdraw consent at any time (without affecting processing based on earlier consent).

To exercise these rights, contact us at admin@gethazel.app. We will respond within one month of receiving your request, extended by two months if necessary.

11. Children's Privacy

Hazel is not directed at children under 13, and we do not knowingly collect personal data from children under 13. If you believe we have collected such data, please contact us to request deletion.

12. Data Protection Officer (DPO)

We have appointed a DPO to oversee compliance with data protection laws.

DPO Contact: admin@gethazel.app

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you by posting the revised policy on our website with a new "Last Updated" date.

14. Complaints and Supervisory Authority

If you believe your data protection rights have been violated, you may lodge a complaint with the Czech Data Protection Authority:

Úřad pro ochranu osobních údajů

Website: https://uoou.gov.cz/en/

Email: postmaster@uoou.cz

For questions about this policy, contact us at admin@gethazel.app.