English Deutsch

Privacy Policy

Last Updated: January 5, 2026

1. Introduction

Welcome to SmokeShift ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (the "Service").

This policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Data Controller: Andreas Zender - Online Medien, Edigheimer Straße 111, 67069 Ludwigshafen am Rhein, Germany. Contact: smokeshift2025@gmail.com

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account
  • Profile Information: Age, gender, smoking habits, quit date, and preferences you choose to share
  • Health Data: Smoking frequency, cravings, triggers, and progress milestones
  • User Content: Journal entries, community posts, comments, and messages
  • AI Coach Conversations: Messages and responses in the AI coaching feature
  • Communication Data: Support requests and feedback you send us

2.2 Automatically Collected Information

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: Features accessed, interaction patterns, session duration
  • Crash Reports: Error logs and performance data
  • Analytics: Aggregated usage statistics (anonymized)
  • Local Storage: Progress data stored locally on your device using SQLite

2.3 Information from Third Parties

  • Google Sign-In: If you sign in with Google, we receive your name, email, and profile picture
  • Payment Processors: RevenueCat and app stores process payments; we only receive confirmation of subscription status

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b) GDPR): To provide and maintain our Service
  • Consent (Art. 6(1)(a) GDPR): For optional features like community participation and AI coaching
  • Legitimate Interests (Art. 6(1)(f) GDPR): To improve our Service and prevent fraud
  • Legal Obligation (Art. 6(1)(c) GDPR): To comply with applicable laws

Health Data: Your smoking cessation data is considered health data under GDPR. We process this data only with your explicit consent (Art. 9(2)(a) GDPR) to provide personalized quit-smoking support.

4. How We Use Your Information

  • Service Provision: To provide, maintain, and improve our smoking cessation services
  • Personalization: To personalize your experience and AI coaching recommendations
  • Progress Tracking: To track your quit journey and provide insights and achievements
  • Communication: To send notifications, updates, and support communications
  • Community Features: To enable forum interactions and peer support
  • AI Coaching: To provide personalized AI-powered coaching and motivational support
  • Analytics: To understand usage patterns and improve the app (using anonymized data)
  • Safety: To detect and prevent fraud, abuse, and security threats

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information only in these limited circumstances:

  • Service Providers: We use trusted third-party services to operate our app (detailed in Section 11)
  • Legal Requirements: When required by law or to protect our rights and users'' safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
  • With Your Consent: For any other purposes you explicitly approve

Community Content: Posts and comments you share in the community are visible to other users. You can delete your content at any time.

6. Data Retention

We retain your data only as long as necessary:

  • Active Accounts: Data is retained while your account is active
  • Deleted Accounts: Most data is deleted within 30 days of account deletion request
  • Anonymized Analytics: May be retained indefinitely for statistical purposes
  • Legal Requirements: Some data may be retained longer if required by law

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate personal data
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction (Art. 18): Limit how we use your data
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time without affecting previous processing

To exercise these rights, contact us at smokeshift2025@gmail.com or use the in-app account settings.

You also have the right to lodge a complaint with your local data protection authority.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Strict access controls and authentication
  • Infrastructure: Enterprise-grade cloud infrastructure with industry-standard security certifications
  • JWT Authentication: Secure token-based authentication for all API requests
  • Regular Audits: Security reviews and vulnerability assessments

9. International Data Transfers

Your data may be processed in countries outside the EEA, including the United States. We ensure appropriate safeguards through:

  • EU-US Data Privacy Framework certifications where applicable
  • Standard Contractual Clauses (SCCs) where applicable
  • Data processing agreements with all service providers

Our primary infrastructure providers (Supabase, Cloudflare) maintain comprehensive compliance programs and security certifications.

10. Children''s Privacy

Our Service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

11. Third-Party Services

We use the following third-party services to provide and improve our Service:

11.1 Authentication & Identity

  • Supabase: User authentication, account management, and secure login services. Supabase is our primary authentication provider, handling user registration, login, and session management. Privacy Policy
  • Google Sign-In: Optional OAuth authentication for convenient account access

11.2 Backend Infrastructure

  • Cloudflare Workers: Serverless backend processing for API requests, data synchronization, AI chat, and forum features. Privacy Policy
  • Cloudflare D1: Cloud database for storing user data, progress, journal entries, and community content
  • Cloudflare KV: Key-value storage for app configuration and settings

11.3 AI Services

  • Google Gemini API: Powers our AI coaching feature with personalized smoking cessation support. Your AI coach conversations are processed through this service to provide helpful responses. Gemini processes the conversation context to generate relevant coaching advice. Terms of Service

11.4 Analytics & Crash Reporting

  • Firebase Analytics: Anonymous usage analytics to understand app performance
  • Firebase Crashlytics: Crash reporting to identify and fix technical issues

11.5 Notifications

  • Firebase Cloud Messaging (FCM): Push notifications for reminders and updates

11.6 Payments & Subscriptions

  • RevenueCat: Subscription management across platforms. We receive subscription status only, not payment details. Privacy Policy
  • Google Play / Apple App Store: Payment processing through respective app stores

11.7 Advertising

  • Google AdMob: Displays ads in the free tier only. You can upgrade to Pro for an ad-free experience. AdMob may collect device identifiers for personalized advertising. Privacy Policy

11.8 Local Storage

  • SQLite (Drift): Local on-device database for offline functionality. Your data is stored securely on your device and synced with our cloud services when connected.

These services have their own privacy policies. We recommend reviewing them for additional details.

12. Cookies and Local Storage

Our website uses cookies and local storage to:

  • Remember your preferences
  • Provide essential website functionality
  • Analyze website traffic (if you consent)

You can control cookies through your browser settings. Essential cookies are required for the website to function properly.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through the app or email at least 30 days before the changes take effect. Your continued use after changes constitutes acceptance.

14. Contact Us

For privacy-related inquiries:

  • Email: smokeshift2025@gmail.com
  • Address: Andreas Zender - Online Medien, Edigheimer Straße 111, 67069 Ludwigshafen am Rhein, Germany

We aim to respond to all privacy inquiries within 30 days.