Privacy Policy
This Privacy Policy applies to the mobile app Nichtraucher Pro (the "App"), provided by Ismail Turan-Atmaca. The address is available in the German Imprint. It explains which personal data is processed when the App is used, for which purposes and on which legal basis.
Summary
We process your data only to operate and improve the App. We never share sensitive data such as your real name, profile picture or email address with third parties for advertising purposes. The free tier is partly funded by advertising and displays only non-personalised ads. Ads are hidden for accounts with Premium enabled.
You can reset your advertising ID in your device settings at any time. On iOS, use Settings > Privacy & Security > Apple Advertising. On Android, use Settings > Privacy > Ads > Delete advertising ID.
1. Controller
The controller under the GDPR and other applicable data protection laws is:
Ismail Turan-Atmaca
Address: see the German Imprint
Email: supportepiclappscom
German law does not require the appointment of a data protection officer.
2. Legal basis and scope
Your data is processed in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telecommunications Digital Services Data Protection Act (TDDDG) and other applicable provisions. Personal data is any information relating to an identified or identifiable natural person, such as a username, email address or IP address.
3. Purpose and features of the App
Nichtraucher Pro supports you in quitting smoking. It calculates your smoke-free time, cigarettes avoided, money saved and pollutants avoided, primarily on your device. With an account, you can synchronise these values across devices, use the community wall and live chat, and access Premium features.
4. Account data and registration
Registration is required for community features. We collect:
- username, freely chosen and preferably a pseudonym;
- email address for login, password resets and security notices;
- password, stored only as a cryptographic hash and never in plain text;
- optional age and gender information if you provide it;
- an optional profile picture and voluntary profile text.
You may alternatively sign in with Google Sign-In, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google then sends us your Google account name and email address to create your account.
- Legal basis: Article 6(1)(b) GDPR, performance of the user agreement.
- Retention: until your account is deleted, subject to section 13.
5. Statistics and synchronisation using Firebase Realtime Database
Your streak statistics are calculated primarily on your device. When you are signed in, they are also stored in your account using the Firebase Realtime Database provided by Google Ireland Limited, so they can be synchronised across devices. We do not analyse these values for advertising or profiling.
- Legal basis: Article 6(1)(b) GDPR, providing the synchronisation feature you selected.
- International transfer: the EU-US Data Privacy Framework of 10 July 2023. Google LLC is certified under this framework.
6. Community wall, live chat and images
Content you publish on the community wall or in live chat is stored in Firebase Realtime Database and is visible to other signed-in users. Posts are moderated. You can report content or users through the App or by emailing supportepiclappscom. Reports are reviewed manually. We may remove content that violates the Terms of Use or applicable law.
If you add a profile picture or an image to a post, the App asks for access to your camera or photo library. Images are stored on Firebase servers and delivered for display in the App.
- Recommendation: use a nickname and do not publish personal data about yourself or others.
- Legal basis: Article 6(1)(b) GDPR for the community feature and, for publication, Article 6(1)(a) GDPR based on your action of posting.
7. Push notifications using Firebase Cloud Messaging
Reminders, streak milestones and community replies are delivered through Firebase Cloud Messaging from Google Ireland Limited. An anonymous push token is assigned to your device. Background notifications are technically not possible without this token.
- Legal basis: Article 6(1)(b) GDPR and section 25(2)(2) TDDDG.
- International transfer: the EU-US Data Privacy Framework.
8. Analytics, Crashlytics, Performance Monitoring and Remote Config
We use the following Firebase services from Google Ireland Limited to improve stability and the product. In the current App version they run with their standard settings when the App starts:
- Firebase Analytics collects pseudonymised usage statistics such as features used and session duration and may link them to your device advertising ID.
- Firebase Crashlytics sends device model, operating system version, timestamp and a stack trace after a crash so we can diagnose errors. It does not intentionally collect personal content.
- Firebase Performance Monitoring collects pseudonymised loading times and network spans to identify performance bottlenecks.
- Firebase Remote Config retrieves non-personal feature flags so functions can be enabled or disabled without an App update.
We are preparing an in-app consent control for Analytics and Performance Monitoring. Until it is available, you may object at any time by emailing supportepiclappscom under Article 21 GDPR. We will disable the relevant Firebase processing flags for your account and delete already collected data linked to it where technically possible.
- Legal basis for Analytics, Performance Monitoring and Remote Config: Article 6(1)(f) GDPR, our legitimate interest in improving the free App.
- Legal basis for Crashlytics: Article 6(1)(f) GDPR, our legitimate interest in operating a stable App.
- International transfer: the EU-US Data Privacy Framework.
More information is available from Firebase Privacy and Security.
9. Advertising using Google AdMob
The free tier displays banners through Google AdMob, provided by Google Ireland Limited. Ads are hidden for accounts with Premium enabled.
Nichtraucher Pro displays only non-personalised ads. The current version does not use Google User Messaging Platform to request consent and does not build an interest-based profile. On Apple devices, the App does not request App Tracking Transparency permission because it does not perform cross-app tracking.
When an ad is loaded, your device advertising ID and technical device information are transmitted to Google so the ad can be delivered and accounted for. You can reset the ID or disable personalised advertising in your device settings.
- Legal basis: Article 6(1)(f) GDPR, our legitimate interest in funding the free service through non-personalised advertising, and section 25(2)(2) TDDDG where access is technically necessary to deliver the requested ad.
- International transfer: the EU-US Data Privacy Framework.
More information is available in Google's advertising policies.
10. In-app purchases and Premium
Premium features are purchased through Google Play or the Apple App Store. Payment data is processed exclusively by the respective store. We only receive confirmation that a Premium feature has been enabled for your account. Premium products are one-time purchases, not subscriptions.
11. Categories of recipients
We share personal data only when:
- it is necessary to provide the service, particularly with Google Ireland Limited for Firebase services and the app stores for purchases;
- you have expressly consented, for example by publishing content in the community;
- we are legally required to disclose it, for example by an official order.
The current App version does not include social plugins such as Facebook, Instagram or X. Normal App use does not establish connections to social networks.
12. Transfers to third countries
Transfers to Google LLC in the United States rely on the EU-US Data Privacy Framework of 10 July 2023. Google LLC is certified under this framework. You can verify its current status in the Data Privacy Framework list.
13. Account deletion and retention
You can delete your account in the App under Settings > Delete account or request deletion at supportepiclappscom. We delete your account and related personal account data without undue delay and no later than 30 days after a valid request, unless statutory retention duties apply. Anonymous statistical data may remain.
Public community posts, live chat content and publicly uploaded images may be anonymised instead of fully deleted to preserve conversations and support for other users. We remove their link to your account, including account ID, email address, username, profile picture, profile link and other account references. If content itself contains information that identifies you, tell us exactly which content is affected. We will remove or redact it where it can reasonably be linked to your account or request. Non-public reports and moderation notes are deleted or anonymised unless they are temporarily required to prevent abuse, investigate security issues or enforce community rules.
14. Minimum age
Community use is permitted only from the age of 16 under Article 8 GDPR. If we learn that a younger person operates an account, we will close it and contact a parent or guardian where possible.
15. No automated decision-making
We do not use automated decision-making, including profiling, within Article 22 GDPR.
16. Your rights
Subject to the statutory requirements, you have the right to:
- access under Article 15 GDPR;
- rectification under Article 16 GDPR;
- erasure under Article 17 GDPR;
- restriction of processing under Article 18 GDPR;
- data portability under Article 20 GDPR;
- object under Article 21 GDPR, especially to processing based on Article 6(1)(f) GDPR;
- withdraw consent with future effect under Article 7(3) GDPR.
To exercise your rights, email supportepiclappscom.
17. Right to lodge a complaint
You may lodge a complaint with a supervisory authority under Article 77 GDPR. The competent authority is:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart, Germany
Website: baden-wuerttemberg.datenschutz.de
18. Data security
Data is transmitted between the App and servers only over TLS-encrypted connections. Passwords are stored only as hashes.
19. Changes to this Privacy Policy
We may update this policy when App features or legal requirements change. The current version is available in the App and on this website.