StopNic StopNic
  • Features
  • Pricing
  • Support
  • Download

Privacy Policy

Last updated: July 11, 2026

StopNic (“we,” “our,” or “us”) operates the StopNic mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable privacy legislation.

By downloading, installing, or using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the App.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: email address, display name, age, gender
  • Onboarding data: smoking/nicotine habits, daily consumption, triggers, quit date, motivation, preferred quit method
  • Health and wellness data: mood tracking entries, craving logs, daily check-in responses
  • AI chatbot interactions: SOS session messages and conversation history
  • Community content: text posts, comments, reactions, direct messages, bookmarks
  • Journal entries: personal reflections and notes you save in the App
  • Photo submissions: images you voluntarily submit for journal verification (processed via AI; see Section 5)
  • Support communications: emails or messages you send to our support team

1.2 Information Collected Automatically

  • Device information: device type, model, and operating system version
  • Usage data: features accessed, session duration, lesson progress, subscription status
  • A randomly generated anonymous analytics identifier created by the App (not your device ID or Apple ID, and not used to track you across other apps or websites)
  • Crash reports and performance diagnostics
  • Push notification token (Apple Push Notification service)

1.3 Information We Do NOT Collect

  • We do not use advertising identifiers (IDFA) or participate in ad tracking.
  • We do not use cookies or web tracking technologies (the App is a native mobile application).
  • We do not collect precise geolocation data.
  • The SOS mirror feature uses your front-facing camera to display a live view on your device only. Camera images are never transmitted, stored, recorded, or processed by our servers.

2. Lawful Bases for Processing (GDPR)

Under the GDPR, we process your personal data based on the following lawful bases:

Processing ActivityLawful BasisDetails
Account creation & authenticationPerformance of contract (Art. 6(1)(b))Necessary to provide our service
Personalized quit plan & AI chatbotPerformance of contract (Art. 6(1)(b))Core service feature you signed up for
Mood tracking & progress analyticsPerformance of contract (Art. 6(1)(b))To deliver progress insights
Community featuresPerformance of contract (Art. 6(1)(b))To enable social support features
Push notificationsConsent (Art. 6(1)(a))You can withdraw consent at any time via device settings
Analytics & service improvementLegitimate interest (Art. 6(1)(f))Anonymized usage data to improve the App
Photo verification (AI)Consent (Art. 6(1)(a))You choose to submit photos; not required
Subscription & payment processingPerformance of contract (Art. 6(1)(b))Managed by Apple; we don’t store payment details
Legal obligations & disputesLegal obligation (Art. 6(1)(c))Tax, fraud prevention, legal compliance

3. How We Use Your Information

  • To provide, maintain, and personalize the App experience, including your quit plan and addiction archetype assessment
  • To power AI chatbot conversations during SOS sessions and generate personalized support
  • To process photo submissions through AI vision services for journal verification
  • To enable community features (posting, commenting, messaging, reacting)
  • To send push notifications for craving support, daily content, milestone celebrations, and check-ins (with your consent)
  • To track and display your progress statistics and streaks
  • To process and manage your subscription
  • To improve our content, features, algorithms, and services using anonymized and aggregated data
  • To detect, prevent, and address technical issues, fraud, and security incidents
  • To respond to your support requests and communications
  • To comply with legal obligations

4. Data Sharing and Third-Party Processors

We do not sell, rent, or trade your personal data. We share information only as described below:

4.1 Third-Party Service Providers

CategoryProviderPurposeData Shared
Cloud InfrastructureSupabase (AWS)Database hosting, authentication, file storageAll user data stored in encrypted database
AI ServicesOpenAISOS chatbot responses, photo verificationChat messages (anonymized), submitted photos
Payment ProcessingApple (App Store)Subscription billingApple manages payment data; we receive subscription status only
Subscription ManagementRevenueCatEntitlement verification, subscription analyticsAnonymous user ID, purchase receipts
Push NotificationsApple (APNs)Delivering push notificationsDevice push token, notification content
Product AnalyticsMixpanelProduct usage analytics and feature improvementAnonymous analytics ID and usage events (e.g. quit date, archetype, days free); no name or email
Crash ReportingSentryCrash and performance diagnosticsDiagnostic data only; no personal identifiers (IP/email disabled)
Email DeliveryResendSending authentication and transactional emails (verification codes, account notices)Recipient email address and message content

All third-party processors listed above are bound by data processing agreements (DPAs) and are prohibited from using your data for their own purposes.

Content moderation: when a post/comment is reported or a user is blocked, our team is notified via an internal messaging tool so the report can be reviewed. This notification includes the reported/flagged content, the reporter's and reported user's in-app nickname, and the report reason — never your email or real name. The same reports are also reviewable directly inside the App by authorized StopNic team members.

4.2 Other Disclosures

  • Legal compliance: When required by law, regulation, subpoena, or legal process
  • Safety: To protect the rights, safety, or property of StopNic, our users, or the public
  • Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case you will be notified

5. AI-Powered Features and Automated Decision-Making

5.1 SOS Chatbot

Our SOS chatbot uses OpenAI’s API to generate supportive responses during craving episodes. Conversation data sent to OpenAI is used solely to generate responses. We do not share personally identifiable information with OpenAI. We use OpenAI’s API with data processing terms that prohibit the use of your data to train AI models.

5.2 Photo Verification

When you voluntarily submit a photo for journal verification, the image is sent to OpenAI’s Vision API to verify its content. The photo is transmitted securely and is not retained by OpenAI beyond the processing window. You are never required to submit photos.

5.3 Addiction Archetype Assessment

Based on your onboarding answers, the App generates a personalized addiction archetype profile and quit plan. This is algorithmic profiling under GDPR Article 22. This profiling is based solely on the information you provide during onboarding and does not produce legal effects or similarly significant effects. You may request human review of any automated assessment by contacting us at privacy@stopnic.app.

6. Data Storage and Security

  • Your data is stored on secure cloud servers provided by Supabase (built on AWS infrastructure).
  • All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
  • SOS chat history is additionally encrypted at the application level.
  • We implement industry-standard security measures including access controls, audit logging, rate limiting, and regular security assessments.
  • Authentication tokens are stored securely in the iOS Keychain.

Despite our efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you promptly of any breach affecting your personal data (see Section 11).

7. Data Retention

Data CategoryRetention PeriodAfter Deletion/Closure
Account informationDuration of accountDeleted within 30 days
Onboarding & health dataDuration of accountDeleted within 30 days
SOS chat historyDuration of accountDeleted within 30 days
Community posts & messagesDuration of accountDeleted within 30 days (DMs removed immediately)
Usage analyticsAnonymized after 12 monthsAnonymized data retained indefinitely
Crash reports90 daysAutomatically purged
Submitted photosNot stored after AI processingN/A
Payment/subscription dataPer Apple/RevenueCat policiesManaged by Apple/RevenueCat

You may request deletion of your account and all associated data at any time through the in-app account deletion feature or by contacting privacy@stopnic.app.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our cloud infrastructure providers operate. When we transfer personal data outside the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all third-party processors
  • Encryption of data in transit and at rest

By using the App, you acknowledge that your data may be processed in jurisdictions with different data protection laws than your own.

9. Your Rights

9.1 Rights Under GDPR (EEA, UK, Switzerland Residents)

You have the following rights regarding your personal data:

  • Right of access: Obtain a copy of the personal data we hold about you
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data (“right to be forgotten”)
  • Right to restriction: Request that we limit processing of your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time (without affecting prior processing)
  • Right to lodge a complaint: File a complaint with your local data protection supervisory authority
  • Right not to be subject to automated decision-making: Request human review of automated profiling decisions

9.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have additional rights under the CCPA as amended by the CPRA:

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to opt out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary.
  • Right to limit use of sensitive personal information: We use sensitive personal information (health-related data) only to provide the services you requested.
  • Right to non-discrimination: We will not discriminate against you for exercising any of these rights.

We have not sold personal information in the preceding 12 months. We do not use or disclose sensitive personal information for purposes other than those permitted under the CPRA.

9.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: privacy@stopnic.app
  • In-app: Settings > Account > Delete Account (for erasure)

We will respond to verifiable requests within 30 days (GDPR) or 45 days (CCPA/CPRA). We may request identity verification before processing your request. If we need additional time, we will inform you of the reason and extension period.

10. Children’s Privacy

The App is intended for adults only. Because it addresses nicotine use and cessation, it is restricted to users who are at least 18 years of age and is not directed to anyone under 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe a person under 18 has provided us with personal information, please contact us immediately at privacy@stopnic.app. If we discover that we have collected personal information from a person under 18, we will delete that information promptly and terminate the associated account.

During onboarding we ask users to confirm their age, and accounts are limited to users aged 18 and over.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33)
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34)
  • Notify California residents as required by California Civil Code Section 1798.82
  • Document the breach, its effects, and remedial actions taken
  • Take immediate steps to contain and remediate the breach

12. Push Notifications

With your explicit consent, we send push notifications for:

  • Craving support and SOS reminders
  • Daily educational content and lesson reminders
  • Milestone celebrations and progress updates
  • Daily check-in reminders
  • Community activity (replies to your posts, new messages)
  • Free trial ending reminders

You can disable push notifications at any time through your iOS device Settings > Notifications > StopNic. Disabling notifications does not affect any other aspect of the service.

13. Cookies and Tracking Technologies

StopNic is a native iOS mobile application. We do not use cookies, web beacons, pixel tags, or similar browser-based tracking technologies. We do not participate in cross-app tracking or use Apple’s App Tracking Transparency (ATT) framework because we do not track users across other apps or websites.

We collect usage analytics (as described in Section 1.2) using Mixpanel, and crash and performance diagnostics using Sentry. These are product analytics and stability tools, not advertising networks: we do not integrate any third-party advertising SDKs, and analytics events are tied to a randomly generated anonymous identifier rather than your name or email. See Section 4.1 for details on these processors.

14. Third-Party Links and Services

The App may contain links to third-party websites or services (such as our website or support pages). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy in the App with a new “Last Updated” date
  • Sending a push notification or in-app notice for significant changes
  • Requesting renewed consent where required by applicable law

Your continued use of the App after changes are posted constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us:

Email: privacy@stopnic.app

Legal inquiries: legal@stopnic.app

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

© 2026 StopNic. All rights reserved. Back to Home