Privacy Policy
Last updated: 20 May 2026 Effective date: 20 May 2026
This Privacy Policy describes how Stoppy (“we”, “our”, or “us”) collects, uses, and protects information when you use the Stoppy mobile application (the “App”). The App is operated by Andrey Kokin, a sole proprietor based in Cyprus, reachable at stoppy@stoppy.xyz.
If you do not agree with this Privacy Policy, please do not use the App.
1. Summary (Plain English)
- Stoppy is a quit-nicotine tracking app. It works mostly on your device.
- We collect what you tell us during onboarding (age, gender, the product you’re quitting, your daily consumption, your daily spend) so the App can personalize your experience.
- We collect basic usage and subscription data so the App can function (track your streak, remember your purchase, send you check-in notifications you opted into).
- We do not sell your data. We do not show ads.
- You can delete your account and all associated data at any time from within the App (Settings → Delete Account), or by emailing stoppy@stoppy.xyz.
2. What we collect
2.1 Information you provide during onboarding
- Product type (“cigarettes”, “vapes”, or “snus”)
- Age (used to personalize your body-recovery timeline)
- Gender (used for personalization and aggregate analytics)
- Daily consumption (number of cigarettes, pods, or pouches per day)
- Daily cost (your typical spend per day on the product)
This information is stored locally on your device using your device’s secure storage. If you create an account (optional, post-subscription), a copy is also stored on our servers (see Section 4).
2.2 Information about your use of the App
- Quit date (the timestamp when you started or restarted your nicotine-free journey)
- Relapse history (timestamps of any relapses you log; you control whether to log them)
- Streak data (your longest streak, current streak, total relapses, breathing-session count, panic-feature usage count)
- Milestones celebrated (which milestone days you’ve reached)
- Notification preferences (whether you’ve enabled daily check-ins and your preferred time slot)
This data is stored locally on your device by default. If you sign in to a Stoppy account, it is also synchronized to our servers to enable cross-device access.
2.3 Subscription and purchase information
When you subscribe to Stoppy through the App Store, Apple processes your payment. We do not receive or store your payment method, card number, or any financial credentials.
We do receive (via RevenueCat, our subscription management provider) a non-identifying receipt token and your subscription status (active trial, active subscription, expired, cancelled). This is necessary to grant you access to the App.
2.4 Information collected automatically
- Device type and operating system version (used for crash reporting and to ensure compatibility)
- App version (used to know which features you have access to)
- Crash logs and performance data (anonymous; used to find and fix bugs)
- Anonymous usage analytics (which screens you visit, which features you use, in aggregate; used to improve the App)
We do not collect: your name, email address (unless you provide it for an account), phone number, precise location, contacts, photos, health data from Apple Health, your IP address (beyond what is technically necessary to deliver the service), or any other personal identifier you have not provided.
3. Why we collect this information
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Personalize your quit journey (correct copy per product, accurate savings calculations) | Onboarding inputs | Consent (Art. 6(1)(a)) |
| Track your streak, money saved, and milestones | Quit date, consumption, cost | Performance of contract (Art. 6(1)(b)) |
| Process and verify your subscription | Subscription receipt token, customer ID | Performance of contract (Art. 6(1)(b)) |
| Send daily check-in notifications you opted into | Notification preferences, quit date | Consent (Art. 6(1)(a)) |
| Fix bugs and improve the App | Crash logs, anonymous usage analytics, device info | Legitimate interest (Art. 6(1)(f)) |
| Comply with legal obligations (tax, App Store compliance) | Subscription records | Legal obligation (Art. 6(1)(c)) |
We do not use your data to make automated decisions that produce legal or similarly significant effects on you. We do not profile you for advertising.
4. How we store and protect your information
4.1 On your device
The App stores onboarding inputs, streak data, and preferences in your device’s local storage. This data does not leave your device unless you create a Stoppy account.
4.2 On our servers
If you create a Stoppy account, we store a copy of your onboarding inputs and progress in our database, hosted by Supabase (a third-party platform with servers in the EU and US). Supabase encrypts data at rest and in transit. Access is restricted to the App’s authenticated user only (enforced via row-level security policies).
4.3 Subscription data
Subscription receipts and customer IDs are handled by RevenueCat (a third-party subscription management platform). RevenueCat receives Apple’s purchase receipt and reports your subscription status to the App. RevenueCat’s privacy policy: https://www.revenuecat.com/privacy.
4.4 Security measures
We use industry-standard security practices, including encryption in transit (HTTPS/TLS), encryption at rest for server-stored data, and access controls. However, no system is completely secure. If we discover a data breach that affects you, we will notify you in accordance with applicable law (GDPR Art. 33–34 requires notification within 72 hours).
5. Third parties we share data with
We share limited data only with the service providers necessary to run the App. We do not sell your data. We do not share your data with advertisers, data brokers, or marketing networks.
| Provider | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Apple | App Store distribution, payment processing | Purchase receipt, App Store account ID (Apple-side only) | https://www.apple.com/legal/privacy |
| RevenueCat | Subscription management | Anonymous customer ID, subscription receipt | https://www.revenuecat.com/privacy |
| Supabase | Database hosting (if you sign up for an account) | Your onboarding inputs and progress | https://supabase.com/privacy |
| Expo / EAS | Build and distribute the App | Crash logs, build metadata | https://expo.dev/privacy |
We may add to this list in the future. If we do, we will update this Privacy Policy and notify you within the App.
6. International data transfers
If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, your data may be transferred to and processed in countries outside your home jurisdiction, including the United States. We rely on the European Commission’s Standard Contractual Clauses and equivalent UK / Swiss mechanisms to ensure adequate protection. You can request a copy of the safeguards in place by emailing stoppy@stoppy.xyz.
7. Your rights
7.1 If you are in the EEA, UK, or Switzerland (GDPR / UK GDPR)
You have the right to:
- Access the data we hold about you
- Rectify inaccurate data
- Erase your data (“right to be forgotten”) — available in-App via Settings → Delete Account, or by emailing stoppy@stoppy.xyz
- Restrict processing of your data
- Object to processing based on legitimate interest
- Data portability (receive your data in a machine-readable format)
- Withdraw consent at any time (this does not affect lawfulness of past processing)
- Lodge a complaint with your local data protection authority
To exercise any of these rights, email stoppy@stoppy.xyz. We will respond within 30 days.
7.2 If you are in California (CCPA / CPRA)
You have the right to:
- Know what personal information we collect, use, and share
- Delete your personal information — available in-App via Settings → Delete Account
- Correct inaccurate personal information
- Opt out of the sale or sharing of your personal information (we do not sell or share — see Section 5)
- Non-discrimination for exercising your rights
To exercise these rights, email stoppy@stoppy.xyz. We will respond within 45 days.
7.3 If you are elsewhere
You may have similar rights under your local data protection laws. Contact us at stoppy@stoppy.xyz to learn more.
8. Children’s privacy
Stoppy is not directed to children under 16. The App’s onboarding requires you to enter your age, with a minimum of 13. If we learn that we have collected information from a child under 16 without verifiable parental consent, we will delete that information promptly.
If you believe a child has used the App, please contact stoppy@stoppy.xyz.
9. Data retention
- Local device data: retained on your device until you delete the App or use the “Reset journey” function in Settings.
- Server-stored data (if you have an account): retained for as long as your account is active. When you delete your account via Settings → Delete Account, all server-stored data is permanently removed within 30 days.
- Subscription receipts and tax-relevant records: retained for 7 years (legal obligation in most jurisdictions).
- Anonymous analytics: retained indefinitely in aggregate, non-identifying form.
10. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. For material changes, we will notify you within the App at least 30 days before the change takes effect. Continued use of the App after that period constitutes acceptance.
11. Contact
Questions, requests, or complaints about this Privacy Policy?
Email: stoppy@stoppy.xyz Operator: Andrey Kokin (sole proprietor) Country of operation: Cyprus
If you are in the EU and we have not satisfactorily resolved your concern, you may contact your local data protection authority. In Cyprus, this is the Commissioner for Personal Data Protection: https://www.dataprotection.gov.cy.