Vape.Not

Privacy Policy

This privacy policy applies to the Vape.Not app (hereby referred to as "Application") for mobile devices, created by Jurgis Šaliamoras (hereby referred to as "Service Provider") as a Freemium service. This service is intended for use "AS IS" and is intended for adults aged 18 or older.

Information We Collect and How It Is Used

Vape.Not is designed to keep your data on your device wherever possible. The majority of what you enter into the Application is stored only on your device (iOS UserDefaults / Android SharedPreferences). The Service Provider has no backend server receiving, storing, or synchronising this data.

Data that is held only on your device includes, for example:

• Your individual puff log (each puff timestamp);

• Your article and challenge progress;

• Your in-app preferences: accent colour, dark mode, gradient intensity, sound volume, reduced-transparency flag, panic-timer state, and cold-turkey toggles.

A defined subset of your onboarding answers, your first name (if you entered one), your age bracket, and certain aggregate progress figures (lifetime puffs, current streak, lifetime money saved/lost, days active) are additionally sent off your device to Mixpanel for product analytics, and a separate subset is sent to Superwall for paywall management. The full list, field by field, is in the next section.

Because some of this information is health-adjacent or financial in nature, the Service Provider has configured Mixpanel for EU data residency, has disabled Mixpanel's automatic-event collection, suppresses IP-based geo on the events that do not need it, and does not transmit any advertising identifier, account identifier, contact information, or precise location to any third party.

Data sent off your device

Three categories of data leave your device:

Mixpanel (product analytics)

The Application uses Mixpanel, Inc. as a processor for product analytics — to understand how users move through onboarding, where they drop off, and which features are used. Mixpanel's privacy policy is available at https://mixpanel.com/legal/privacy-policy.

The integration is configured as follows:

• Region: all events are sent to Mixpanel's EU ingestion endpoint (api-eu.mixpanel.com) and stored on Mixpanel's EU infrastructure.

• Automatic events: disabled. Mixpanel's built-in session and first-open events ($ae_session, $ae_first_open, $ae_session_length, $ae_total_app_sessions) are not collected.

• Identifier: a pseudonymous UUID (distinct_id) generated by the Mixpanel SDK on first run and stored only inside the Application's private storage on your device. It is never linked to your email, phone, Apple/Google account, IDFA (Apple advertising identifier), GAID (Google advertising ID), Android ID, or any other cross-app identifier — the Application never calls Mixpanel's identify() method.

• Approximate location: for the events App Launched and Daily Summary the Application instructs Mixpanel not to perform IP-based geo resolution, and no city, region, or country is attached. For the onboarding and paywall events listed below, Mixpanel does perform IP-based geo resolution and attaches an approximate city, region, and country code. The Application never reads or transmits GPS coordinates, Wi-Fi BSSID, or cell-tower data.

The events sent to Mixpanel and their payloads are:

• App Launched — once per cold start. Payload: platform (android / iOS).

• App Reset — when you tap Reset in Settings. The Application then calls Mixpanel's reset() to discard the current distinct_id. See "Data Retention" below for what this does and does not delete server-side.

• Onboarding Started — when the onboarding screen is opened.

• Onboarding Screen Viewed — for each onboarding slide (a slide number 0–24 and a slide-title identifier).

• Onboarding Slide Exited — slide number, slide title, dwell time in seconds, and exit method (next / back / dispose).

• Onboarding Question Answered — a question identifier (e.g. vaping_duration, daily_amount, triggers) and the chosen answer. For the question that asks your first name, the answer property is replaced with the literal string <provided>; the name itself is sent to Mixpanel separately as a profile property described below.

• Onboarding Back Pressed — slide number and slide title.

• Onboarding Abandoned — the slide where you abandoned, the furthest slide you reached, and total seconds in onboarding.

• Onboarding Completed — your attribution source, vaping-duration bucket, daily-amount bucket, previous-attempts bucket, primary reason, archetype, derived estimated daily puffs, derived estimated weekly spend, and a boolean indicating whether you subscribed.

• Paywall Triggered and Paywall Entitled — the paywall placement identifier; on Paywall Triggered also your attribution source, daily-amount bucket, primary reason, and archetype.

• Daily Summary — at most once per calendar day, summarising today's puff count, lifetime puffs, lifetime money saved, current streak in days, and days since you committed.

In addition to these events, the Application maintains a Mixpanel "User Profile" containing the following properties, which are written or updated whenever the relevant local state changes:

• Your first name (if you entered one) and your age bracket (Under 18, 18–24, 25–34, 35–44, 45+);

• Your onboarding answers: attribution source, vaping-duration bucket, daily-amount bucket, monthly spend (the numeric value you entered), previous-attempts bucket, triggers (joined into a comma-separated list), primary reason, and archetype;

• Derived estimates: estimated daily puffs, estimated weekly spend, estimated lifetime puffs;

• Engagement snapshot: streak in days, lifetime puffs, daily limit, lifetime money saved/lost (where a baseline is set), days active, last-active timestamp, and an onboarding_complete flag;

• Onboarding milestones: the timestamp at which you started onboarding and the furthest slide you reached.

After onboarding, this profile data is also attached as "super-properties" to every subsequent event listed above, so that — for example — a Daily Summary event for a returning user carries the user's vaping-duration bucket, baselines, streak, lifetime totals, and (if you provided one) your first name.

The Mixpanel SDK additionally attaches the following technical metadata to every event, which the Application does not read or alter: device manufacturer, brand, model, screen height/width/DPI, OS name and version, app version and build number, mobile carrier (when available), Wi-Fi flag, network class (Android), and Mixpanel SDK version. None of these are advertising identifiers.

Superwall (paywall and subscription management)

After you complete onboarding the Application sends to Superwall, Inc. the non-sensitive answers most relevant to selecting which paywall variant to show you (for example vaping-duration bucket, monthly-spend bracket, triggers list, archetype, and an anonymous Superwall-generated user identifier). Superwall also receives the technical metadata any HTTP client sends to a server (IP address, device model, operating system, SDK version) and records paywall impression and purchase events. Superwall acts as a processor on the Service Provider's behalf under a data-processing agreement, and its own privacy policy is available at https://superwall.com/privacy.

Apple App Store / Google Play (purchases)

Purchases and subscriptions are processed directly by Apple App Store (iOS) or Google Play Store (Android). The Service Provider never receives or stores your payment details; we receive only transaction metadata (product ID, transaction ID, subscription status) as forwarded by Apple's StoreKit or Google Play Billing. Refer to Apple's and Google's privacy policies for how payment data is handled.

What the Application does not collect

The Application does not collect or transmit your precise location, your contacts, your photos, your camera, your microphone, your calendar, files, clipboard, accelerometer or gyroscope data, NFC reads, Bluetooth scan results, MAC address, IMEI, IMSI, SIM serial, screen recordings, keystrokes, or any other media. It does not transmit individual puff timestamps, your in-app preference settings (accent colour, dark mode, gradient, sound volume, reduced-transparency flag, panic-timer state, cold-turkey toggles), your article or challenge progress, your payment-card details, billing address, Apple/Google purchase receipts, or transaction IDs.

The Service Provider does not have a mechanism to contact you by email, push notification from a server, SMS, or any other out-of-app channel. Any notifications you receive are generated locally by the Application on your own device.

Third Parties

The Application uses the following third-party services. Each is listed with its role and a link to its privacy policy:

• Mixpanel, Inc. — product analytics, configured for EU data residency. Receives the events and profile properties described above. https://mixpanel.com/legal/privacy-policy

• Superwall, Inc. — paywall delivery and subscription-entitlement management. Receives the targeting data described above. https://superwall.com/privacy

• Apple Inc. (App Store / StoreKit) — processes iOS purchases. https://www.apple.com/legal/privacy/

• Google LLC (Google Play Billing) — processes Android purchases. https://policies.google.com/privacy

The Application does not use Firebase, Firebase Analytics, Firebase Crashlytics, Google Analytics, Unity, Facebook SDK, Sentry, or any advertising or attribution SDK. Mixpanel is the only analytics SDK in use, and the Application does not engage in cross-app or cross-website tracking.

The Service Provider does not sell, rent, or trade your information. Your information may be disclosed only:

• as required by law (for example to comply with a subpoena or equivalent legal process);

• where the Service Provider believes in good faith that disclosure is necessary to protect rights, safety, or to investigate fraud, or to respond to a government request;

• to the trusted service providers listed above, each of which acts on the Service Provider's behalf under a written agreement and does not use your data for its own independent purposes.

Legal Basis for Processing (GDPR)

The Service Provider relies on the following lawful bases under Article 6 of the GDPR:

• Contract (Article 6(1)(b)) — for processing necessary to provide the Application's core features and to manage subscriptions (Superwall, Apple / Google billing).

• Legitimate interest (Article 6(1)(f)) — for product analytics via Mixpanel. The Service Provider has a legitimate interest in measuring how the Application is used, diagnosing onboarding drop-off, and improving the product. This interest is balanced against your interests by: using a pseudonymous SDK-generated identifier rather than an account or device advertising identifier; configuring Mixpanel for EU data residency; disabling Mixpanel's automatic-event collection; suppressing IP-based geo on the App Launched and Daily Summary events; not engaging in advertising or cross-app tracking; and not making automated decisions that produce legal or similarly significant effects on you. You have the right to object to this processing at any time — see "Your Rights" below.

• Legal obligation (Article 6(1)(c)) — where disclosure is required by law.

Your Rights (GDPR / EU Residents)

The Service Provider is based in Lithuania and the processing of personal data is governed by the EU General Data Protection Regulation (GDPR). If you are in the European Economic Area, the United Kingdom, or another jurisdiction with equivalent rights, you have the right to:

• Access — request a copy of the personal data the Service Provider holds about you;

• Rectification — correct data that is inaccurate or incomplete. Mixpanel events are append-only and cannot be amended after the fact; Mixpanel profile properties can be corrected;

• Erasure — request deletion of your data ("right to be forgotten");

• Restriction — request that processing be limited;

• Portability — receive your data in a structured, machine-readable format;

• Object — object to processing based on legitimate interests, including the analytics processing described above;

• Lodge a complaint — with your national data-protection authority. In Lithuania the supervisory authority is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) — https://vdai.lrv.lt.

For data stored on your device, the simplest way to exercise the "erasure" right is to uninstall the Application or to use the in-app Reset option in Settings, which clears all local data.

For data held by Mixpanel: using Settings → Reset causes the Application to call Mixpanel's reset() method, which discards your current distinct_id so that future events are no longer linked to your prior pseudonymous profile. However, reset() does not delete the events and profile properties already stored on Mixpanel's servers under the prior identifier. To have those deleted, contact phoquegames@gmail.com and the Service Provider will file a deletion request with Mixpanel on your behalf. The same email address is the route to exercise access, rectification, restriction, portability, or objection rights against Mixpanel-held data.

For data held by Superwall or the app stores, contact the Service Provider as below and a request will be forwarded.

Opt-Out Rights

You can stop all collection of information by uninstalling the Application through the standard uninstall process on your device. You may also reset all locally-stored data and orphan your Mixpanel profile at any time using the Reset option inside Settings. To have data already received by Mixpanel, Superwall, or the app stores deleted on the server side, contact phoquegames@gmail.com. System-level permissions such as notifications can be revoked at any time in your device's OS settings.

Data Retention

• On your device: data remains on your device until you delete it, reset it in-app, or uninstall the Application.

• Mixpanel: events and profile properties are retained by Mixpanel according to Mixpanel's then-current retention policy and the Service Provider's project settings, until you (or the Service Provider on your behalf) request deletion. Note that the in-app Reset option orphans the prior profile but does not delete prior events on Mixpanel's servers; an email request is required for that.

• Superwall: per Superwall's privacy policy.

• Apple / Google: per their respective policies.

If you wish the Service Provider to delete any information held about you outside your device, contact phoquegames@gmail.com and the Service Provider will respond within 30 days.

Children

The Application is intended for users aged 18 or older and is not directed to children. The Service Provider does not knowingly collect personal information from anyone under the age of 18. If you are a parent or guardian and become aware that a minor has provided personal information through the Application, please contact phoquegames@gmail.com and the Service Provider will take the necessary steps to delete it.

Security

The Service Provider takes reasonable precautions to protect your information. Because the Application stores most of your data locally on your device, device-level security (PIN / biometric lock, OS updates) is the primary safeguard. Data in transit to Mixpanel, Superwall, and Apple/Google is protected by HTTPS/TLS.

No method of electronic transmission or storage is 100% secure; while the Service Provider strives to use commercially acceptable means to protect your information, absolute security cannot be guaranteed.

Changes to This Policy

This Privacy Policy may be updated from time to time. The Service Provider will notify you of any material changes by updating this page and revising the "Last Updated" date below. Continued use of the Application after the changes take effect constitutes your acceptance of the revised policy.

Your Consent

By using the Application, you consent to the processing of your information as described in this Privacy Policy.

Contact

For privacy-related questions or to exercise any of the rights listed above, contact the Service Provider at phoquegames@gmail.com.

Last Updated: 2026-05-03
Effective Date: 2025-11-25