Effective Date: October 10, 2025

Last Updated: October 10, 2025

1. INTRODUCTION

Welcome to NicQuitter ("we," "our," "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and share your information when you use our mobile application and website.

NicQuitter is a health and wellness application designed to help users quit smoking and vaping. This policy applies to all users of our services.

---

2. INFORMATION WE COLLECT

#### 2.1 Personal Information

•Email address

•Account credentials (encrypted passwords)

•Name (optional)

•User-created profile information

#### 2.2 Health and Usage Data

•Quit date and smoking history

•Daily craving logs and intensity ratings

•Mood tracking entries

•Journal entries and personal notes

•Health progress metrics

•Achievement and milestone data

•Time spent in app and features used

#### 2.3 Device and Technical Information

•Device type and model

•Operating system version

•Unique device identifiers

•IP address

•App version

•Browser type (for website)

•Log data and error reports

#### 2.4 Communication Data

•Messages sent to our AI assistant

•Support inquiries and feedback

•Email communications with our team

#### 2.5 Purchase Information

•In-app purchase history

•Subscription status

•Payment processing data (handled by Apple/Google/RevenueCat - we do not store payment card details)

---

3. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

•Service Delivery: To provide and maintain the NicQuitter app functionality

•Personalization: To customize your experience and provide tailored AI support

•Progress Tracking: To calculate and display your quit journey metrics

•AI Features: To process your inputs through AI services for craving support and sentiment analysis

•Communication: To send you app updates, support responses, and important notifications

•Improvement: To analyze app usage and improve features

•Purchase Management: To process and manage in-app purchases and subscriptions

•Security: To protect against fraud, abuse, and technical issues

•Legal Compliance: To comply with applicable laws and regulations

---

4. THIRD-PARTY SERVICES AND DATA SHARING

#### 4.1 AI Service Providers

We use the following AI services to provide intelligent features:

•OpenAI - For AI craving support conversations and text generation

•Anthropic (Claude) - For AI-powered insights and analysis

•Grok (xAI) - For alternative AI assistance options

What they receive: Your text inputs to AI features (craving descriptions, journal entries when AI-analyzed)

Data retention: These providers do not permanently store your conversations per their terms of service

No personal identifiers: We do not share your email, name, or other identifying information with AI providers

#### 4.2 Backend Infrastructure

•Supabase - Secure cloud database and authentication

•Stores: User account data, progress metrics, journal entries

•Location: Cloud servers with encryption at rest and in transit

•Purpose: Data synchronization across devices and secure authentication

#### 4.3 Payment Processing

•RevenueCat - Subscription and in-app purchase management

•Apple App Store - iOS payment processing

•Google Play Store - Android payment processing

What they receive: Purchase transaction data, subscription status

We do not see: Your credit card numbers or payment credentials

#### 4.4 We Do NOT Share Data With:

•Advertisers or ad networks

•Data brokers

•Social media platforms

•Marketing companies

•Any party for purposes of selling your data

---

5. DATA STORAGE AND SECURITY

#### 5.1 Where Your Data is Stored

•Local Storage: Most personal data is stored locally on your device using secure encrypted storage

•Cloud Backup: Optional cloud sync via Supabase (encrypted)

•AI Processing: Temporary processing by AI providers (not permanently stored)

#### 5.2 Security Measures

We implement industry-standard security practices:

•Encryption in transit (TLS/SSL)

•Encryption at rest for cloud-stored data

•Secure authentication protocols

•Regular security assessments

•Access controls and audit logs

•Secure API key management

#### 5.3 Data Retention

•Active accounts: Data retained while your account is active

•Account deletion: All personal data deleted within 30 days of account deletion request

•Legal requirements: Some data may be retained longer if required by law

---

6. YOUR RIGHTS AND CHOICES

You have the following rights regarding your personal data:

#### 6.1 Access and Portability

•View all personal data we have about you

•Export your data in a machine-readable format (available in Premium)

#### 6.2 Correction

•Update or correct inaccurate personal information through the app settings

#### 6.3 Deletion

•Delete your account and all associated data at any time

•Available in Settings > Account > Delete Account

#### 6.4 Opt-Out

•Disable AI features if you prefer not to use them

•Opt out of optional data collection

•Unsubscribe from marketing emails (we send very few)

#### 6.5 Data Minimization

•Use the app without creating an account (limited features)

•Choose what data to sync to the cloud

---

7. COOKIES AND TRACKING (WEBSITE ONLY)

Our website uses minimal cookies:

•Essential cookies: Required for website functionality

•No tracking cookies: We do not use advertising or analytics cookies

•No third-party tracking: No Facebook Pixel, Google Analytics, or similar services

---

8. CHILDREN'S PRIVACY

NicQuitter is intended for users aged 18 and above. We do not knowingly collect personal information from anyone under 18.

If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@nicquitter.com, and we will delete it promptly.

---

9. INTERNATIONAL DATA TRANSFERS

If you use NicQuitter outside the United States, your data may be transferred to and processed in:

•United States (Supabase servers)

•Other countries where our service providers operate

We ensure appropriate safeguards are in place for international transfers in compliance with applicable laws.

---

10. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights:

•Right to Know: What personal information we collect and how we use it

•Right to Delete: Request deletion of your personal information

•Right to Opt-Out: Opt out of sale of personal information (note: we do not sell data)

•Right to Non-Discrimination: Equal service even if you exercise your rights

To exercise these rights, contact us at privacy@nicquitter.com

---

11. GDPR RIGHTS (EUROPEAN USERS)

If you are in the European Economic Area, you have rights under GDPR:

•Right of access

•Right to rectification

•Right to erasure ("right to be forgotten")

•Right to restrict processing

•Right to data portability

•Right to object

•Rights related to automated decision-making

Legal basis for processing: Consent, contract performance, legitimate interests

To exercise these rights, contact us at privacy@nicquitter.com

---

12. CHANGES TO THIS POLICY

We may update this privacy policy to reflect changes in our practices or legal requirements.

How we notify you:

•In-app notification

•Email to registered users

•Updated "Last Updated" date

•Post on our website

Your continued use of NicQuitter after changes constitutes acceptance of the updated policy.

---

13. CONTACT INFORMATION

#### Privacy Inquiries:

Email: privacy@nicquitter.com

#### General Support:

Email: support@nicquitter.com

#### Mailing Address:

[Your Company Name]

[Street Address]

[City, State, ZIP]

[Country]

#### Data Protection Officer (if applicable):

[DPO Contact Info]

---

14. APP-SPECIFIC DISCLOSURES

#### Apple App Store Privacy Labels

Our App Store listing discloses:

•Data linked to you: Email, user content, identifiers

•Data not linked to you: Crash data, diagnostics

•Data used to track you: None

•Data not collected: Precise location, contacts, browsing history

#### Google Play Data Safety

Our Play Store listing discloses:

•Personal info collected: Email, user ID

•Health info collected: Health & fitness data

•App activity: App interactions

•Encrypted in transit: Yes

•Request data deletion: Yes

---

15. SPECIFIC USE CASES

#### AI Craving Support

When you use the AI Craving Buster:

•Your message is sent to our AI provider (OpenAI/Anthropic/Grok)

•Processed in real-time

•Response generated and displayed

•Not permanently stored by AI provider

•Conversation saved locally on your device only

#### Mood and Sentiment Analysis

•Mood entries processed through AI for sentiment scoring

•Results stored locally and in cloud backup (if enabled)

•Used to generate personal insights

#### Health Timeline

•Calculated based on your quit date and smoking history

•Based on published medical research

•Stored locally

•Not shared with third parties

---

WEBSITE-SPECIFIC ADDITIONS

Website Forms and Contact

•Contact form submissions stored securely

•Newsletter subscriptions (if applicable) managed via [Email Service Provider]

•Form data not sold or shared with third parties

Website Analytics

•We do not use Google Analytics or similar tracking

•Server logs may contain: IP address, page visited, timestamp

•Logs retained for [X days] for security purposes only

Links to External Sites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies.

---

ACCEPTANCE OF PRIVACY POLICY

By using NicQuitter, you acknowledge that you have read and understood this privacy policy and agree to its terms.

---

Document Version: 1.0

Effective Date: October 10, 2025

Last Reviewed: October 10, 2025

---

Implementation Notes

Where to Host This

1.Create a dedicated webpage: `https://nicquitter.com/privacy` or `https://yourdomain.com/privacy-policy`

2.Plain HTML page - No tracking scripts, no cookies beyond essential

3.Update app.json to reference this URL

4.Link from app - Already done (Settings → Privacy Policy opens in-app, but provide URL too)

Required Updates

1.Fill in blanks:

•[Your Company Name]

•[Mailing Address]

•[DPO Contact if applicable]

•[Email Service Provider if you have newsletter]

•[Log retention period]

2.App Store Connect:

•Add privacy policy URL when submitting

•Complete Privacy Nutrition Label based on this policy

3.Google Play Console:

•Add privacy policy URL

•Complete Data Safety section based on this policy

PRIVACY POLICY FOR NICQUITTER