Privacy Policy

QuitPuff was built with one premise: your behavior data is yours. This policy explains what we collect, why, and your rights over it. It applies to the QuitPuff mobile app, website, and related services.

The short version

• We collect the minimum needed to make the app work.
• We never sell your data, and we don’t share it with advertising networks.
• Your puff logs, goals, and check-ins are stored encrypted and tied only to the account email you provided.
• You can export or delete everything from inside the app, at any time.

1. What we collect

Data you provide

• Account info: email address and a hashed password (or an Apple ID / Google ID token if you choose social sign-in).
• Onboarding answers: the quit goal and context you tell us during setup.
• Usage data you log: timestamps of puffs, daily check-ins, notes, money saved, achievements unlocked.

Data collected automatically

• Device info: operating system version, device model, and app version — used to debug crashes and diagnose compatibility issues.
• Error logs: anonymized stack traces and error messages via our crash reporter. No personal content is captured from within screens.

We do not use third-party advertising SDKs, behavioral tracking pixels, or device fingerprinting.

2. Why we collect it

• To run the app: syncing your data across your devices and between app launches.
• To support you: answering your emails requires us to look up your account.
• To improve reliability: aggregate crash and performance data helps us find bugs.
• To bill you (Premium only): subscription status is verified via Apple/Google’s servers. We never see your payment card.

3. Who we share data with

We share data only with service providers who help us operate the app, under strict data-processing agreements:

• Supabase — secure database and authentication.
• RevenueCat — subscription management (no puff or behavior data is ever sent).
• Apple & Google — payment processing for subscriptions.
• Expo / Sentry — anonymous crash reporting and push notification delivery.

We do not sell or rent your personal data. We do not share it with advertisers.

4. How we protect it

• Data is encrypted in transit (TLS) and at rest.
• Passwords are never stored in plaintext — they’re hashed using modern algorithms (bcrypt / Argon2).
• Access to production systems is limited to the minimum team needed and protected with multi-factor authentication.

5. How long we keep it

We keep your account data as long as your account is active. If you delete your account, we remove your profile and behavior data from active systems within 30 days. Anonymized usage analytics may be retained indefinitely for aggregate reporting.

6. Your rights

You have the right to:

• Access: download a copy of your data from the app (Settings → Account → Export data).
• Delete: permanently delete your account and all associated data (Settings → Account → Delete account).
• Correct: edit your profile info or remove logged puffs at any time.
• Object or restrict: email us to limit processing of specific data.
• Complain: if you’re in the EU, UK, or Brazil, you may contact your local data protection authority.

To exercise any of these, email privacy@quitpuff.app. We respond within 30 days, usually much faster.

7. Children

QuitPuff is not directed at children under 18. We do not knowingly collect data from anyone under that age. If you believe a minor has created an account, contact us and we’ll remove it.

8. International transfers

Your data may be stored and processed in countries other than your own. When that happens, we use contractual safeguards consistent with applicable law (e.g., Standard Contractual Clauses for EU residents).

9. Changes to this policy

If we make material changes, we’ll notify you inside the app and update the effective date above. Continued use of the Service means you accept the revised policy.

10. Contact

Privacy questions or requests: privacy@quitpuff.app. Everything else: hello@quitpuff.app.