Privacy Policy - Break The Pouch

Effective date: May 12, 2026 Last updated: May 14, 2026

Jacob Self, an individual residing in the State of Oklahoma, United States (“we”, “us”, “our”) operates the Break the Pouch mobile application (the “App”). This Privacy Policy explains what information we collect when you use the App, how we use it, who we share it with, how long we keep it, and what rights you have. We have written it to be readable in plain English while still meeting our obligations under U.S. and international privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), the General Data Protection Regulation (GDPR), and Apple’s App Store guidelines.

If you do not agree with this Policy, please do not use the App.

Contact for any privacy question or request: [email protected]

1. Scope

This Policy applies only to the Break the Pouch mobile App, the marketing site at breakthepouch.com, and any related transactional emails we send you (for example, password reset). It does not apply to third-party services we link to or websites you reach from the App.

2. Definitions

“Personal information” means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or device.
“Account identifier” means the Supabase-issued UUID created for your account when you sign up (or when an anonymous session is started for you). It is not your email address or any other directly identifying information by itself.
“Anonymous account” means a session where the App has not yet been linked to an email address. Your data is still saved to our backend under your account identifier so it survives a reinstall, but no email, name, or other directly identifying information is attached on our servers until you create a full account.
“Third-party service provider” means a company we engage to perform a function on our behalf (for example, hosting data or detecting crashes). Service providers are contractually limited to processing data for the purposes we specify.

3. Information we collect

3.1 Information you provide directly

Category	Specific items
Account credentials	Email address; password (we never receive or store your plaintext password — it is hashed by our authentication system before we ever see it). You can use the App with an anonymous account, in which case no email or password is collected until you choose to create a real account.
Profile information	Display name or nickname, age, gender, quit date, baseline daily pouch count, cost per can of pouches, pouches per can, primary goal, motivation note (free text you write), and a chosen avatar from a preset list.
Activity entries you log	Pouch usage entries (the timestamp of each pouch you log and an optional note); craving entries (intensity rating from 1–10, trigger you select, what you coped with, and whether you resisted); daily check-in entries (date, status of “clean / slipped / relapsed”, and any additional answers you record).
Commitment content	If you complete the commitment step, the “your why” text and signature drawing you create. The signature drawing is stored only on your device.
Support communications	When you email us at [email protected], we receive the contents of your email, your email address, and any attachments.

3.2 Information collected automatically when you use the App

Category	Specific items	Source
Account identifier	Your Supabase user UUID, used to link your data across our backend.	Generated by our authentication system.
Subscription state	Whether you have an active, trial, cancelled, expired, or grace-period subscription, and the events that move you between those states (initial purchase, renewal, cancellation, expiration, billing issue). We never receive your payment-card number, billing address, or any other financial details — only the result of Apple’s transaction.	RevenueCat, via Apple’s StoreKit.
Product analytics events	A small set of named events along with your account identifier and, once you sign in with an email, your email address. The full current list is: `signup_completed`, `signin_completed`, `account_linked`, `password_reset_requested`, `onboarding_completed`, `paywall_viewed`, `purchase_succeeded`, `purchase_cancelled`, `purchase_failed`, `pouch_logged`, `pouch_undone`, `craving_logged` (with intensity and resisted flag), `check_in_completed` (with status), `notification_permission_granted`, `notification_permission_denied`, and `account_deleted`.	The App, sent to PostHog (US region). IP collection is disabled.
Diagnostic data	When the App crashes or throws an unexpected error, technical information is collected: the error type, a stack trace, App version, operating system version, device model, and a non-personally-identifying breadcrumb trail of in-App navigation immediately before the error. We have configured this to exclude IP addresses, cookies, and other personal identifiers beyond your account identifier.	The App, sent to Sentry.
Device and App information	iOS version, App version, and device model. Used solely for diagnostics — for example, to know that a crash only happens on iOS 17 vs. iOS 18.	The App, sent to Sentry alongside diagnostic data.
Notification scheduling state	Whether you have granted notification permission and the local time of your daily reminder. The reminder itself is generated and fired on your device by iOS — we do not run a server-side push system, and the content of the notification never leaves your phone.	Stored locally on device and (for the permission state) sent as an analytics event.

3.3 Information we do not collect

For clarity, the App does not collect:

Your precise or approximate location, GPS coordinates, IP-derived location, or any location information.