These are plain-language highlights. For full details, see the tab.
Transparency First.
This is a plain-language summary of how we handle your data—what we collect, why we need it, how we protect it, and the control you have. For the complete legal policy, see the Full Legal Text tab.
Last updated: January 2026
Your Health Data Is Yours
We do not sell your data. We do not share it with advertisers. You own it, and you control it—period.
1. Data Controller Information
Who is responsible for your data
App Owner & Data Controller
App Developer & Data Processor
Itshak Zabarsky
itshak@getsmokefree.org2. What Data We Collect
Clear breakdown by category
Information You Provide
- Email address (Required)
- Age (18+)
- Smoking history
- Encrypted password
Cessation Tracking
- Daily check-ins
- Cravings & Withdrawals
- Triggers & Quit reasons
AI Personalization
Used solely to generate your personalized plan via Google Gemini API.
Technical & Usage
- Device type & OS
- Crash logs (for bugs)
- Country (approx. location)
Data Stored on Google Cloud
Supabase Platform
All user data, encrypted.
Strict Access
No analysis by Google/Supabase.
3. Legal Basis for Collection
We collect and process data based on your active consent and our legal obligation to retain minimal data for compliance.
4. How We Use Your Data
Transparency in action
What We Do
- Create and maintain your account
- Track smoking cessation progress
- Generate personalized AI advice
- Send motivational reminders
- Fix technical issues
- Comply with legal requirements
What We Don't Do
- Sell your data to advertisers
- Use your data to train AI models
- Share data without permission
- Track GPS location
- Send marketing emails without consent
- Allow family access to your data
5. Who Has Access?
Trusted partners only
| Partner | Purpose | Protection |
|---|---|---|
| Google Cloud | Secure Hosting & Storage | Encrypted, GDPR agreement |
| Google Gemini | Generating Insights | No training, encrypted |
| Supabase | Database Backups | SOC2, HIPAA, encrypted |
We Are Not Data Brokers
6. Your Rights
Full control compliant with GDPR Articles 15–21
Access
Request a copy of all your data
Correction
Fix inaccurate information instantly
Erasure
Right to be forgotten
Portability
Export data as JSON to take anywhere
Objection
Opt-out of all notifications
7. How Long We Keep Data
Minimal retention policy
While account exists
After deletion
Max backup retention
8. Security Infrastructure
Bank-grade protection
Encryption
AES-256 & TLS 1.3
Bank-grade encryption for data at rest and in transit.
Compliance
SOC 2 & HIPAA
Built on Supabase enterprise-grade infrastructure.
Access
Strict RBAC
No unauthorized access. Developers see only what is technically needed.
9. Children & Under 18
Adults only
For adults only. We do not knowingly provide services to users under 18. Records of minors are deleted immediately upon discovery.
10. International Transfers
Cross-border data protection
Data is stored on Supabase Platform (US/EU). We use standard contractual clauses for cross-border protection. You are informed of this at signup.
11. Your Consent & Control
You are in the driver's seat
12. Contact & Complaints
We respond within 30 days
We're here to help. Reach out anytime.
support@getsmokefree.org13. Updates to This Policy
Last updated: January 2026
We may update this policy from time to time. When we make significant changes, we'll notify you through the app or via email before they take effect.
14. Summary
Transparency, security, and control