Quitora
Privacy

Privacy Policy

Plain-English version first, formal version second. Both apply. If they ever disagree, email us and we'll fix the document.

Last updated: April 17, 2026

The plain-English version

  • You can use most of Quitora anonymously. Signing in with Apple is optional and only used to preserve your data across reinstalls.
  • We don't sell or rent your data. Ever. To anyone. Period.
  • We don't run third-party advertising inside the app. No ad SDKs, no behavioral profiling, no cookies following you across the web.
  • AI features send your data to OpenAI to generate responses. We don't allow OpenAI to train their models on your data. See the "AI processing" section below for the detail.
  • Delete everything from Settings → Deactivate Sanctuary. Your account, check-ins, chats, summaries, and attached identifiers are purged within 7 days.

1. Who we are

Quitora ("we", "us", "our") is an independent publisher of a mobile recovery companion app, also called Quitora. You can reach us at support@quitora.app.

2. What data we collect

You give us, directly

  • Account identifiers — when you sign in with Apple, we receive a stable Apple user identifier and your chosen display name. We do not receive your real Apple ID email unless you explicitly share it.
  • Recovery data — your selected recovery type, optional sobriety date, commitment goal, triggers, and the contents of your daily check-ins (mood, craving level, sleep quality, optional journal, sobriety state, optional daily amount).
  • Optional profile data — name, birthday, gender, weight, weight unit, emergency contact details. Every field is optional and editable.
  • AI coach conversations — the messages you send to the in-app coach and the responses you receive.
  • Wisdom Scroll interactions — likes and comments you post, and comments you report.

Automatically, minimally

  • App-quality telemetry — anonymized crash reports, performance metrics, and aggregate event counts used to fix bugs and improve reliability. No individual behavior profile is built from this.
  • Subscription state— whether you hold an active premium subscription, provided to us by Apple's App Store. We never receive your Apple payment details.

3. What we do NOT collect

  • Advertising identifiers (IDFA) — not used.
  • Contact list, photo library, or location — not requested.
  • Third-party cross-site tracking — none. No Meta Pixel, no Google advertising cookies, no fingerprinting.
  • Your Apple ID real email, unless you explicitly choose to share it at sign-in.

4. Why we collect it

  • To run the app: showing your streak, check-in history, milestones, impact stats, and pattern insights all require reading back what you entered.
  • To generate personalized AI responses: coach replies, daily quotes, and weekly therapy summaries use your recent check-ins and chats as context.
  • To keep your data safe across devices: signing in with Apple lets us restore your progress if you reinstall or switch phones.
  • To keep the service safe: comment moderation relies on a lightweight on-device profanity check plus a report-and-hide flow for community posts.

5. AI processing

When you use an AI feature (coach chat, wisdom quotes, therapy summary, magic-mix mocktail generator), the relevant portion of your recent data is sent to OpenAI to produce a response. We use OpenAI's API in a mode that contractually prohibits them from training their models on your submissions and that retains data for only abuse-monitoring purposes, per OpenAI's API data usage policy.

The inputs sent are limited to what the specific feature needs — for example, the coach receives your recent conversation history and structured check-in signals, not your full account.

6. Where data is stored

Your data is stored on Supabase-managed infrastructure hosted in secure cloud data centers. Access is limited to authorized Quitora operators for support, debugging, and account-deletion requests. All data is encrypted in transit (TLS) and at rest (AES-256).

7. How long we keep it

  • Active accounts: while your account is active plus 30 days after you request deletion (to allow cancellation of accidental delete requests).
  • Anonymized quality telemetry: up to 13 months for trend analysis, then deleted.
  • Stored therapy summaries: the most recent 4 summaries, automatically pruned.
  • Backups: rolling encrypted backups retained for up to 30 days, after which deleted data is unrecoverable.

8. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, restrict certain processing, or object to processing. You can exercise most of these directly from Settings inside the app. For anything you can't do in-app, email support@quitora.app.

If you are in the EU or UK, our lawful bases for processing under GDPR are (a) performance of a contract — delivering the service you signed up for — and (b) legitimate interest for minimal service-quality telemetry.

9. Children

Quitora is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect data from children under this age. If you believe we have, email us and we will delete it.

10. Changes

If we materially change this policy, we'll update the "Last updated" date at the top and notify active users in the app. The latest version always lives at this URL.

11. Contact

Privacy questions, data requests, complaints: support@quitora.app.

Disclaimer: This page is a good-faith description of our practices, not legal advice. If a formal regulatory question arises, the applicable jurisdiction's law controls and we'll respond through proper channels.