Last updated: July 11, 2026
StopNic (“we,” “our,” or “us”) operates the StopNic mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable privacy legislation.
By downloading, installing, or using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the App.
Under the GDPR, we process your personal data based on the following lawful bases:
| Processing Activity | Lawful Basis | Details |
|---|---|---|
| Account creation & authentication | Performance of contract (Art. 6(1)(b)) | Necessary to provide our service |
| Personalized quit plan & AI chatbot | Performance of contract (Art. 6(1)(b)) | Core service feature you signed up for |
| Mood tracking & progress analytics | Performance of contract (Art. 6(1)(b)) | To deliver progress insights |
| Community features | Performance of contract (Art. 6(1)(b)) | To enable social support features |
| Push notifications | Consent (Art. 6(1)(a)) | You can withdraw consent at any time via device settings |
| Analytics & service improvement | Legitimate interest (Art. 6(1)(f)) | Anonymized usage data to improve the App |
| Photo verification (AI) | Consent (Art. 6(1)(a)) | You choose to submit photos; not required |
| Subscription & payment processing | Performance of contract (Art. 6(1)(b)) | Managed by Apple; we don’t store payment details |
| Legal obligations & disputes | Legal obligation (Art. 6(1)(c)) | Tax, fraud prevention, legal compliance |
We do not sell, rent, or trade your personal data. We share information only as described below:
| Category | Provider | Purpose | Data Shared |
|---|---|---|---|
| Cloud Infrastructure | Supabase (AWS) | Database hosting, authentication, file storage | All user data stored in encrypted database |
| AI Services | OpenAI | SOS chatbot responses, photo verification | Chat messages (anonymized), submitted photos |
| Payment Processing | Apple (App Store) | Subscription billing | Apple manages payment data; we receive subscription status only |
| Subscription Management | RevenueCat | Entitlement verification, subscription analytics | Anonymous user ID, purchase receipts |
| Push Notifications | Apple (APNs) | Delivering push notifications | Device push token, notification content |
| Product Analytics | Mixpanel | Product usage analytics and feature improvement | Anonymous analytics ID and usage events (e.g. quit date, archetype, days free); no name or email |
| Crash Reporting | Sentry | Crash and performance diagnostics | Diagnostic data only; no personal identifiers (IP/email disabled) |
| Email Delivery | Resend | Sending authentication and transactional emails (verification codes, account notices) | Recipient email address and message content |
All third-party processors listed above are bound by data processing agreements (DPAs) and are prohibited from using your data for their own purposes.
Content moderation: when a post/comment is reported or a user is blocked, our team is notified via an internal messaging tool so the report can be reviewed. This notification includes the reported/flagged content, the reporter's and reported user's in-app nickname, and the report reason — never your email or real name. The same reports are also reviewable directly inside the App by authorized StopNic team members.
Our SOS chatbot uses OpenAI’s API to generate supportive responses during craving episodes. Conversation data sent to OpenAI is used solely to generate responses. We do not share personally identifiable information with OpenAI. We use OpenAI’s API with data processing terms that prohibit the use of your data to train AI models.
When you voluntarily submit a photo for journal verification, the image is sent to OpenAI’s Vision API to verify its content. The photo is transmitted securely and is not retained by OpenAI beyond the processing window. You are never required to submit photos.
Based on your onboarding answers, the App generates a personalized addiction archetype profile and quit plan. This is algorithmic profiling under GDPR Article 22. This profiling is based solely on the information you provide during onboarding and does not produce legal effects or similarly significant effects. You may request human review of any automated assessment by contacting us at privacy@stopnic.app.
Despite our efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you promptly of any breach affecting your personal data (see Section 11).
| Data Category | Retention Period | After Deletion/Closure |
|---|---|---|
| Account information | Duration of account | Deleted within 30 days |
| Onboarding & health data | Duration of account | Deleted within 30 days |
| SOS chat history | Duration of account | Deleted within 30 days |
| Community posts & messages | Duration of account | Deleted within 30 days (DMs removed immediately) |
| Usage analytics | Anonymized after 12 months | Anonymized data retained indefinitely |
| Crash reports | 90 days | Automatically purged |
| Submitted photos | Not stored after AI processing | N/A |
| Payment/subscription data | Per Apple/RevenueCat policies | Managed by Apple/RevenueCat |
You may request deletion of your account and all associated data at any time through the in-app account deletion feature or by contacting privacy@stopnic.app.
Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our cloud infrastructure providers operate. When we transfer personal data outside the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place, including:
By using the App, you acknowledge that your data may be processed in jurisdictions with different data protection laws than your own.
You have the following rights regarding your personal data:
If you are a California resident, you have additional rights under the CCPA as amended by the CPRA:
We have not sold personal information in the preceding 12 months. We do not use or disclose sensitive personal information for purposes other than those permitted under the CPRA.
To exercise any of these rights, contact us at:
We will respond to verifiable requests within 30 days (GDPR) or 45 days (CCPA/CPRA). We may request identity verification before processing your request. If we need additional time, we will inform you of the reason and extension period.
The App is intended for adults only. Because it addresses nicotine use and cessation, it is restricted to users who are at least 18 years of age and is not directed to anyone under 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe a person under 18 has provided us with personal information, please contact us immediately at privacy@stopnic.app. If we discover that we have collected personal information from a person under 18, we will delete that information promptly and terminate the associated account.
During onboarding we ask users to confirm their age, and accounts are limited to users aged 18 and over.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
With your explicit consent, we send push notifications for:
You can disable push notifications at any time through your iOS device Settings > Notifications > StopNic. Disabling notifications does not affect any other aspect of the service.
StopNic is a native iOS mobile application. We do not use cookies, web beacons, pixel tags, or similar browser-based tracking technologies. We do not participate in cross-app tracking or use Apple’s App Tracking Transparency (ATT) framework because we do not track users across other apps or websites.
We collect usage analytics (as described in Section 1.2) using Mixpanel, and crash and performance diagnostics using Sentry. These are product analytics and stability tools, not advertising networks: we do not integrate any third-party advertising SDKs, and analytics events are tied to a randomly generated anonymous identifier rather than your name or email. See Section 4.1 for details on these processors.
The App may contain links to third-party websites or services (such as our website or support pages). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
Your continued use of the App after changes are posted constitutes your acceptance of the updated Privacy Policy.
If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us:
Email: privacy@stopnic.app
Legal inquiries: legal@stopnic.app
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.