Legal
Privacy Policy
Version 2.0 · Last updated: July 7, 2026
Important summary
QUIFY is a wellness app for adults (18+) that helps you reduce or quit habits. It is not a medical service and provides no medical advice, diagnosis, or treatment.
QUIFY does not sell your personal information, shows no ads, uses no analytics SDK, and no AI or machine-learning system processes your personal data.
By creating an account or using QUIFY you acknowledge this Policy. Contact for all privacy matters: designjinno@gmail.com.
QUIFY is a wellness app that helps you reduce or quit habits such as cigarettes, heated tobacco, vaping, hookah, coffee, or a custom habit you name yourself. You log moments of use ("incidents"), optionally follow a personal reduction or quit plan, read educational content, and watch calculated progress — money saved, time without use, and physiological recovery indicators.
A note on "AI". Labels like "AI Library" and "AI Tips" are brand styling. QUIFY does not use large language models or any third-party AI service, and no machine-learning system processes your personal data. Plan recommendations are produced by a fixed mathematical formula from your questionnaire answers. No automated decision-making with legal or similarly significant effects (GDPR Art. 22) takes place.
2.1 Account data
- Email address and sign-in provider. You sign in with Sign in with Apple or Google Sign-In — these are the only sign-in methods. We receive your email address from the provider (if you use Apple's "Hide My Email", we receive the private relay address). We never see your Apple or Google password.
- Legacy accounts. Accounts created under our former email/password sign-in continue to work; their password credentials are held (as hashes) by Firebase Authentication until you link an Apple or Google identity in the app or delete the account.
- User ID. A random identifier (Firebase UID) that keys your data.
2.2 Profile data
Name (1–25 characters), age, sex, and country — entered by you during registration and editable in Settings. Country is picked manually from a list; we do not use GPS, IP geolocation, or any location service. Your profile photo, if you set one, is stored only on your device and never uploaded.
2.3 Habit and usage data (health-adjacent)
- Your habits (kind, usage baseline, cost inputs, custom names).
- Incident logs — timestamps and amounts of each use you log, with an optional trigger label (e.g. "stress").
- Plan data and questionnaire answers — if you start a personal plan, your answers to the 9-question self-efficacy questionnaire and the resulting plan schedule.
- Self-assessment tests — if you explicitly consent, your answers and scores for optional tests such as the Anxiety Level Test (GAD-7-based). These are treated as special-category data: they require separate in-app consent, results are stored immutably in your account, and you can delete them by deleting your account.
- Motivation test — your picked reasons for quitting, shown back to you as a reminder.
- Recovery indicators ("My Health") are computed on your device from your incident timestamps — no additional data is collected for them.
We treat incident logs and questionnaire answers as potentially sensitive. They are used solely to run the app's features for you — never for advertising, never sold, never used to infer protected characteristics.
2.4 App activity data
XP points and levels, achievements, daily tasks, streaks, bookmarks, activity runs (breathing exercises, timers) with your optional feedback, notification inbox items, notification preferences, in-app language (English/Russian), pinned charts and health categories, and one-time notice flags.
2.5 Subscription status
If you buy Quify Premium (see Section 6), we store your subscription status in your account: whether it is active, which product (annual/monthly), its expiration date, the environment, and Apple's opaque transaction identifier used to match renewal notifications to your account. We never receive or store your card number, bank details, billing address, or Apple ID credentials — Apple processes all payments. Accounts created before subscriptions launched are marked with a permanent free premium flag.
2.6 Device data
- Push token. If you allow notifications, a Firebase Cloud Messaging token is stored to deliver them.
- Timezone. Your device's timezone identifier (e.g. "Europe/Berlin") is stored so reminders respect your local daytime hours.
- We do not collect advertising identifiers (IDFA/IDFV), precise location, contacts, photos (beyond your local-only avatar), microphone, or browsing history.
2.7 Anonymous aggregates
When a plan is selected or completed, we record an anonymous statistical row (e.g. plan type chosen, coarse region) with no user identifier. These cannot be linked back to you and are retained after account deletion.
- Provide the app — tracking, plans, content, gamification (account, profile, habit/usage, activity data) — Contract (GDPR Art. 6(1)(b)).
- Self-assessment tests (test answers/scores) — Explicit consent (Art. 9(2)(a)).
- Premium subscriptions (subscription status) — Contract.
- Push notifications (push token, timezone, preferences) — Consent (iOS permission + in-app toggles).
- Service integrity, abuse prevention, legal defence (consent records, anonymous deletion log) — Legitimate interests (Art. 6(1)(f)).
- Product statistics (anonymous aggregates) — Legitimate interests (not personal data once anonymised).
- Google Firebase (Google LLC) — authentication, database (Cloud Firestore), server functions, push delivery, temporary export storage. Data is encrypted in transit and at rest and may be processed on Google infrastructure in the United States and other Google regions (see Section 9, International transfers). Firebase Analytics is disabled; Crashlytics is not integrated.
- Apple — Sign in with Apple; App Store payments for subscriptions (governed by Apple Media Services terms).
- Google Sign-In — if you choose it, Google learns you signed in and provides us your email.
- YouTube (Google) — some Library content is embedded via the privacy-enhanced youtube-nocookie.com player; YouTube's own terms apply when you play it.
- Unsplash / Pexels — article covers and activity background media are loaded from their CDNs (standard technical logs such as IP address apply on their side).
We do not use any analytics SDK, ad network, or data broker. We do not sell your personal information and do not share it for cross-context behavioural advertising.
The QUIFY iOS app sets no cookies of its own. Embedded third-party players/CDNs (YouTube, Unsplash, Pexels) may use minimal cookies or similar storage inside the embedded view — see their privacy policies.
Premium is an auto-renewable subscription purchased through Apple In-App Purchase: Annual (with a 7-day free trial) or Monthly. Prices are shown in the App Store purchase sheet in your local currency. Apple manages billing, renewal, cancellation, and refunds; manage or cancel anytime in your Apple ID subscription settings or via Settings → Subscription in the app. Details of what Premium unlocks and the commercial terms are in the User Terms. Data aspects are described in Section 2.5 above.
QUIFY is a wellness tool, not a medical device, and provides no medical advice, diagnosis, or treatment. Recovery indicators are population-average educational estimates computed from your own logs. QUIFY is not a HIPAA-covered entity or business associate, and information you provide is not protected health information under HIPAA. The full health disclaimer is in the User Terms.
- Account, profile, habit, and activity data: for the life of your account.
- Test results: for the life of your account (immutable while it exists).
- Export archives ("Download my data"): auto-deleted after 48 hours.
- Anonymous aggregates and the anonymous deletion-audit row: retained indefinitely (they contain no identifiers).
- After account deletion: everything under your account is erased (see Section 10); Firebase's own auth audit logs follow Google's retention.
Your data is processed on Google's global infrastructure, including in the United States. Where data is transferred out of the EEA/UK, Google's standard contractual clauses and Google's Data Processing Terms apply.
Subject to your jurisdiction (GDPR, UK GDPR, CCPA/CPRA and similar): access, rectification, erasure, portability, restriction, objection, and the right to complain to a supervisory authority.
In-app controls:
- Edit profile — Settings.
- Notification toggles — master and per-category.
- Download my data (portability) — Settings → Privacy & Data creates a ZIP export; you get a private 48-hour download link.
- Delete Account — Settings → Privacy & Data erases every habit, log, plan, test result, reward, and the account itself (client-side cascade plus a server-side sweep). What remains: one anonymous audit row (date, region bucket, terms version — no identifiers) and the anonymous aggregates of Section 2.7.
- Consents — your acceptance of these documents is recorded with version and timestamp; material changes will be re-presented for acceptance.
California (CCPA/CPRA). We do not sell or share personal information as defined by the CPRA. Incident logs and questionnaire answers may qualify as sensitive personal information; we use them only for the app functionality you request. You may exercise access/deletion rights via the in-app tools or by email; we do not discriminate for exercising rights.
Russia / Belarus / CIS. Additional local-law rights and procedures may apply; contact us at designjinno@gmail.com for local-language enquiries.
QUIFY is not directed at children. Registration requires age 18+. We do not knowingly collect data from anyone under 18; if you believe a minor has an account, contact us and we will delete it.
Per-user data isolation is enforced by server-side security rules on every read and write (your UID must match the data path). Transport is TLS; storage is encrypted at rest by Google. Premium status flags can only be granted server-side. No system is perfectly secure; notify us of concerns at designjinno@gmail.com.
We will post updates here with a new "Last updated" date and version. Material changes are announced in the app and, where required, re-consented. Accepted versions are recorded in your account.
Operator: GoodProduct ULADZIMIR KAVALENKA, Poland / Polska, NIP / INN: 1133086320.
Contact for all privacy matters: designjinno@gmail.com.