Privacy Policy

What we don’t collect

Cinder does not ask for or store your name, email address, phone number, mailing address, or any other contact information. You don’t create an account to use Cinder. We do not use the iOS Advertising Identifier (IDFA) and we do not track you across other apps or websites.

What we do collect

Device ID (anonymous)

When you install Cinder, we generate a random anonymous device identifier and store it in your iPhone’s Keychain. This ID is not tied to your Apple ID, your name, or any contact information. We use it to:

• scope your data on our servers (so you can see your own progress)
• identify your subscription state via our payments provider
• group your product analytics events together for product improvement

Purchase status

We work with RevenueCat to verify your subscription status with Apple. RevenueCat receives your anonymous device ID and your purchase receipt, but does not receive your name, email, or payment details. Payments themselves are processed by Apple — we never see your credit card or payment information.

Product analytics

We use PostHog to understand how Cinder is used — which features help, which screens are confusing, where the experience can improve. Analytics events are tied to your anonymous device ID and contain things like screen views, button taps, and feature usage. We do not sell or share this data with advertisers, data brokers, or any third party outside of PostHog (our analytics processor).

Session recording

As part of our product analytics through PostHog, we record anonymized session replays — visual reconstructions of how the app screens appeared to you and how you interacted with them (taps, scrolls, gestures). Replays are associated with your anonymous device ID, not your name or contact information. We use them only to diagnose bugs, understand confusing screens, and improve the app. We do not record content typed into secure fields and we mask the optional note text on the daily check-in screen.

You can turn off session recording at any time. Open Settings inside Cinder → Privacy → toggle “Session recording” off. Your choice is honored immediately and remembered on this device. You may also email support@foxtide.co to opt out of all product analytics including session recording.

Crash and performance data

If Cinder crashes or has performance issues, we collect crash logs and basic performance telemetry tied to your anonymous device ID. This helps us fix bugs.

Onboarding and daily-use data

When you set up Cinder and continue to use it, we store the following on our servers (tied to your anonymous device ID):

• the substance you’re quitting (cigarettes, vape, dip, nicotine pouches, etc.) and your daily amount before quitting
• your quit date, motivation for quitting, what you expect to be hardest, and other quit-context answers from onboarding
• your daily check-in entries: mood rating (1–5), whether you had a slip (yes/no), and your optional one-line note
• your money-saved goal: target amount and what you’re saving toward
• self-reported health baselines you choose to share
• life-impact answers describing how nicotine has affected you, selected from a menu
• Recovery Score values calculated from your HealthKit data — the integer score is stored; the underlying heart rate, HRV, and sleep samples are not

This information is treated as sensitive personal information under California law and as consumer health data under Washington, Nevada, and Connecticut law. It is not shared with anyone outside Foxtide LLC and our service providers (Supabase for storage, PostHog for analytics).

Apple Health data

If you grant Cinder permission to access Apple Health, we read your resting heart rate, heart rate variability (HRV), and sleep data to calculate your Recovery Score and show personalized insights.

Your raw Apple Health data never leaves your device. All reading, processing, and computation happens locally on your iPhone. We do not transmit your heart rate, HRV, or sleep samples to our servers, to RevenueCat, to PostHog, or to any third party. Only the derived integer Recovery Score may be stored to enable progress tracking.

Cinder does not write to Apple Health. We request a read-only HealthKit authorization. (Apple requires us to publish a Health-write purpose string even for read-only apps; we do not write any data even though that string is in our app bundle.)

You can revoke Apple Health permission at any time in the iOS Settings app under Privacy & Security → Health → Cinder.

Tracking

Cinder does not track you across other apps or websites. We do not use the iOS Advertising Identifier (IDFA). We do not share data with advertising networks or data brokers. We do not sell or share your personal information as those terms are defined under the California Consumer Privacy Act or other state comprehensive privacy laws.

Where your data is stored

Data is stored on servers operated by Supabase (database), RevenueCat (subscription state), and PostHog (analytics and session replay), all located in the United States. We follow industry-standard security practices including encrypted transit (HTTPS / TLS 1.2 or higher), at-rest encryption in Supabase Postgres, secret storage in Apple Keychain on your device, and access controls with audit logging for staff accounts.

For users outside the United States, see the EU / UK / EEA section below for details on the legal mechanisms we use for international data transfers.

How long we keep your data

• Onboarding answers, daily check-ins, money goal, health baselines, life-impact answers, and Recovery Score history: retained while your Cinder install is active. Deleted within 30 days when you tap Delete My Data in the app or email support@foxtide.co.
• Subscription state (RevenueCat): retained for the life of your subscription plus seven years after final transaction to comply with tax and accounting requirements.
• Product analytics events and session recordings (PostHog): retained for 12 months from the event date, then automatically deleted.
• Crash logs: retained for 90 days from the crash event.
• Anonymous device ID: retained as long as your data exists in our systems. When you delete your data, the device ID is deleted with it.

Your choices

• Delete your data:in the Cinder app, open Settings → Delete My Data. This permanently removes your data from our servers within 30 days. You can also email support@foxtide.co.
• Turn off session recording: Settings → Privacy → Session recording → off.
• Revoke health access: iOS Settings → Privacy & Security → Health → Cinder.
• Cancel your subscription: iOS Settings → [Your Name] → Subscriptions → Cinder Premium.

California residents (CCPA / CPRA)

In the past 12 months we have collected the following categories of personal information from California residents, all tied to your anonymous device ID and never to your name or contact information:

• Identifiers: the anonymous device UUID
• Commercial information: subscription and purchase events from Apple via RevenueCat
• Internet or other electronic network activity: app screen views, taps, scrolls, and session recordings via PostHog
• Sensitive personal information: information concerning your health, including the substance you’re quitting, daily nicotine amount, slip events, mood scores, and the Recovery Score derived from your HealthKit data
• Inferences: a Recovery Score calculated from your HealthKit data, used to show progress in the app

We do not use or disclose your sensitive personal information for any purpose other than providing the Cinder service you requested. We do not use sensitive personal information to infer characteristics about you for marketing, advertising, or cross-context behavioral profiling. Because of this limited use, we are not required to provide a “Limit the Use of My Sensitive Personal Information” link, but you may still exercise that right by emailing support@foxtide.co.

We do not sell or share your personal information as those terms are defined by the CCPA / CPRA. Our use of PostHog for product analytics is a contractual service-provider relationship; PostHog does not use Cinder data for its own purposes or for cross-context behavioral advertising.

Your CCPA / CPRA rights include the right to know, the right to delete, the right to correct, the right to limit the use of sensitive personal information, the right to opt out of sale or sharing (we do neither), the right to non-discrimination for exercising your rights, and the right to opt out of automated decision-making that produces legal or similarly significant effects (we do not engage in such automated decision-making). To exercise any right, email support@foxtide.co. We will substantively respond within 45 days.

Global Privacy Control. Cinder is an iOS-native app and does not currently present web content where browser Global Privacy Control signals would apply. If we add web flows in the future, we will honor GPC.

California Shine the Light (Civ. Code § 1798.83). We do not disclose your personal information to third parties for their direct marketing purposes.

EU, UK, and EEA residents (GDPR / UK GDPR)

Foxtide LLC is the data controller for personal data processed by Cinder. You can reach us at support@foxtide.co.

EU and UK representatives. As required by Article 27 of the GDPR and Article 27 of the UK GDPR, we have appointed representatives in the EU and the UK to act as a point of contact for supervisory authorities and data subjects. Their details are listed at the bottom of this policy.

Legal bases for processing:

• Providing the Cinder service (anonymous device ID, onboarding answers, daily check-ins, money goal, life-impact answers): contract performance, GDPR Art. 6(1)(b).
• Reading HealthKit data and calculating your Recovery Score (heart rate, HRV, sleep, processed on-device): explicit consent for health data, GDPR Art. 9(2)(a). You provide consent through the iOS HealthKit permission prompt and can withdraw it at any time in iOS Settings.
• Processing your subscription (anonymous device ID, purchase events): contract performance, GDPR Art. 6(1)(b).
• Product analytics, including session replay, to improve the app (screen views, taps, session recordings): legitimate interests, GDPR Art. 6(1)(f). You may object at any time using the Settings → Privacy → Session recording toggle or by emailing support@foxtide.co.
• Complying with legal obligations (tax records for subscriptions): GDPR Art. 6(1)(c).

Your rights. You have the right to access your personal data, rectify inaccurate data, erase your data, restrict processing, object to processing based on legitimate interests, receive your data in a portable format, and withdraw consent at any time without affecting the lawfulness of prior processing. To exercise any right, email support@foxtide.co. We will respond within one month.

Right to complain. You may lodge a complaint with your local data protection supervisory authority. The list of EU supervisory authorities is available at edpb.europa.eu. UK residents may complain to the Information Commissioner’s Office at ico.org.uk.

International data transfers. Our processors (PostHog, Supabase, RevenueCat) are located in the United States. We rely on the EU-US Data Privacy Framework where the processor is certified, and on EU Standard Contractual Clauses (Module 2 or Module 3 as applicable) together with the UK International Data Transfer Addendum where it is not. Copies of the transfer mechanisms we rely on are available on request.

Automated decision-making. We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects. The Recovery Score is informational only; it does not gate access to features, change your subscription, or produce any decision about you.

Other US state privacy rights

If you reside in a US state with a comprehensive consumer privacy law — including Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Texas, Oregon, Delaware, New Jersey, New Hampshire, Kentucky, Nebraska, Maryland, Minnesota, Rhode Island, or Florida — you have rights that may include confirming whether we process your personal data, accessing it, correcting it, deleting it, obtaining a portable copy, opting out of sale or sharing, opting out of targeted advertising and profiling that produces legal or similarly significant effects, and appealing our denial of a request.

We do not sell your personal data, do not share it for cross-context behavioral advertising, and do not engage in profiling that produces legal or similarly significant effects. To exercise any state-law right, email support@foxtide.co. We will confirm receipt within 10 business days and substantively respond within 45 days.

Other state consumer-health-data laws

Residents of Washington (RCW 19.373), Nevada (NRS Chapter 603A as amended by SB 370), and Connecticut (CT Gen. Stat. § 42-515 et seq.) have specific rights with respect to consumer health data, including the right to know what consumer health data we collect about you, to access it, to delete it, and to withdraw consent. Washington residents should also read our standalone Consumer Health Data Privacy Policy. To exercise any consumer-health-data right, email support@foxtide.co.

Large language models and AI training

We do not collect, use, or sell your personal data to train large language models or other artificial intelligence systems, whether our own or a third party’s.

Children

Cinder is intended for adults seeking to stop using nicotine products and is rated 17+ on the App Store. We do not knowingly collect personal data from anyone under 13, consistent with the Children’s Online Privacy Protection Act (COPPA). If you believe a child under 13 has used Cinder, contact support@foxtide.co and we will delete the data.

Changes to this policy

If we make changes to this policy we will update the “Last updated” date at the top of this page. If we make material changes to how we collect, use, or share your personal information — especially health data — we will notify you in the app before the change takes effect and, where required by law, ask for fresh consent.

Contact

Questions about this policy or your data? Email support@foxtide.co.

Foxtide LLC · Cinder · iOS

EU Representative (GDPR Art. 27): [to be appointed before EU distribution]. UK Representative (UK GDPR Art. 27): [to be appointed before UK distribution]. Until appointed, EU and UK residents may contact support@foxtide.co directly.