App Privacy Policy

This Privacy Policy describes how Jakub Havelka (“Developer,” “we,” “us,” or “our”), an individual residing in the Slovak Republic, handles information in connection with the Craving Toolkit — Recovery Tools mobile application (“App”).

Our core privacy commitment is simple: Craving Toolkit does not collect, transmit, store on any server, or share any personal data. The App is designed to function entirely offline. There is no backend, no server, no cloud storage, no user accounts, no analytics, no tracking, and no advertising. Your data never leaves your device.

We have built the App with privacy-by-design principles, recognizing that people using addiction recovery tools deserve absolute confidence that their most private and sensitive information remains under their control.

This Privacy Policy is provided to comply with the requirements of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Apple App Store, the Google Play Store, and other applicable privacy laws, even though we do not collect personal data.

To be clear and transparent, the App does not collect, transmit, access, process, or share any of the following:

• Personal identification information (name, email, phone number, address)
• Account credentials or login information (no accounts exist)
• Device identifiers, hardware IDs, or advertising identifiers
• IP addresses
• Location data or GPS coordinates
• Usage analytics, behavioral data, or interaction patterns
• Crash reports or diagnostic data transmitted to the Developer
• Cookies, tracking pixels, or similar tracking technologies
• Biometric data
• Financial or payment information (see Section 7 for in-app purchases)
• Data from other apps on your device
• Contacts, photos, calendar, or other device data beyond what is described in Section 3

We do not use any third-party analytics, advertising, attribution, or tracking SDKs. There are no hidden data collection mechanisms in the App.

The App stores data exclusively on your device in a local SQLite database and local file storage. This data is created by you, stored by you, and accessible only to you. The Developer never has access to this data.

The types of information stored locally on your device include:

• Profile information you enter during onboarding (addiction types you select, recovery stage, personality style result, recovery start date)
• Recovery cards — personal text statements you write
• Craving log entries — intensity ratings, trigger types, tools used, and outcomes you record
• Daily check-in data — risk level selections you make
• Voice recordings — audio messages you record using the Voice of Truth feature (see Section 4)
• Support contacts — names and phone numbers you choose to store
• Custom lie/truth pairs — personal addictive voice entries you create
• Milestone data — recovery milestones tracked by the App
• App preferences — theme selection, notification settings, and other configuration choices

All of this data remains on your device at all times. It is never uploaded, transmitted, synced, backed up to our servers, or shared with any party. We do not have the technical capability to access this data, as no server infrastructure exists to receive it.

If you uninstall the App, all locally stored data will be permanently and irreversibly deleted from your device. The Developer cannot recover this data under any circumstances.

The App includes a feature called “Voice of Truth” that allows you to record personal audio messages to yourself. These recordings are intended to be played back during moments of craving or emotional distress.

• Voice recordings are captured using your device's microphone.
• Recordings are stored as audio files (m4a format) in the App's local storage directory on your device.
• Recording metadata (user-assigned label, duration, creation date) is stored in the local SQLite database.
• Maximum recording length is 3 minutes per recording.

We never access, upload, transmit, process, listen to, analyze, or store your voice recordings on any server or system. Your voice recordings exist only on your device and are under your complete control. You may play, delete, or re-record messages at any time within the App.

We recognize that voice recordings are personal data under GDPR (as a voice can identify an individual). However, because the Developer never processes this data — it is created and stored by you, on your device, for your personal use only — the Developer is not acting as a data controller or data processor with respect to your voice recordings.

We acknowledge that information you create and store within the App — including craving logs, addiction type selections, recovery stage, daily check-in data, and slip review entries — may constitute sensitive personal data relating to your health under GDPR Article 9 (“special categories of personal data”).

The Developer does not process this sensitive data. All health-related information is created by you, stored locally on your device, and never transmitted to or accessed by the Developer or any third party. The App's fully offline architecture ensures that this sensitive information remains exclusively under your control.

As of the effective date of this Privacy Policy, the App does not integrate with, transmit data to, or use any third-party services, SDKs, APIs, or external platforms.

If we introduce third-party services in future versions of the App (for example, for subscription management), we will update this Privacy Policy before any such integration is made available, clearly describing what data is involved, the purpose of the integration, and the third party's privacy practices.

The App may offer optional premium features through in-app purchases or subscriptions.

All payment transactions are processed exclusively by Apple (via the App Store) or Google (via Google Play), depending on the platform you use. The Developer does not collect, process, store, or have access to your payment information, credit card details, billing address, or any financial data.

Payment-related data is handled in accordance with the privacy policies of the respective platform:

• Apple: apple.com/legal/privacy
• Google: policies.google.com/privacy

The App is not intended for and is not directed at children under the age of 16. We do not knowingly collect any personal information from children under 16. Since the App collects no personal information from any user, there is no data from children to collect, store, or process.

If you are a parent or guardian and believe that a child under 16 has accessed the App, please note that no personal data has been collected or transmitted to the Developer. You may uninstall the App from the child's device to remove all locally stored data.

The General Data Protection Regulation (EU) 2016/679 grants EU/EEA residents certain rights regarding their personal data, including the right of access, rectification, erasure, restriction of processing, data portability, and the right to object.

Because the Developer does not collect, store, or process any personal data, these rights are not applicable in the traditional sense — there is no personal data held by the Developer to access, rectify, erase, restrict, port, or object to.

You have full control over all data stored locally on your device. You may:

• View all your data within the App at any time.
• Edit your recovery cards, craving log entries, support contacts, voice recordings, and other User Content directly within the App.
• Delete individual entries, recordings, or all data by using the App's built-in editing and deletion features.
• Erase all data by uninstalling the App, which permanently deletes all locally stored data from your device.

If you have any questions about your data rights or wish to exercise any right under GDPR, please contact us at the address provided in Section 14. We will respond within 30 days.

Data Protection Authority: If you are located in the EU/EEA and have concerns about data protection, you have the right to lodge a complaint with your local data protection supervisory authority. In Slovakia, this is:

The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant California residents certain rights regarding personal information collected by businesses.

The Developer does not collect, sell, share, or disclose personal information from any user, including California residents. As the Developer does not meet the CCPA/CPRA applicability thresholds and does not collect personal information, these regulations do not impose obligations on the Developer with respect to the App.

Notwithstanding the above, we affirm that:

• We do not sell your personal information.
• We do not share your personal information for cross-context behavioral advertising.
• We do not collect personal information from any user.

Your device's operating system may include App data in automated device backups if you have enabled such features (e.g., iCloud Backup on iOS, Google Backup on Android). These backups are created and managed by Apple or Google, respectively, not by the Developer.

If App data is included in a device backup:

• The backup is encrypted and managed according to Apple's or Google's policies.
• The Developer has no access to, control over, or visibility into these backups.
• Restoring a device from a backup may restore previously deleted App data.

For information about managing device backups, please refer to Apple's or Google's support documentation.

Because all data is stored locally on your device and is never transmitted over any network, the primary security for your data is provided by your device's built-in security features, including:

• Device passcode, PIN, or password protection
• Biometric authentication (Face ID, Touch ID, fingerprint)
• Device encryption (enabled by default on modern iOS and Android devices)

We recommend that you:

• Use a strong device passcode or biometric lock.
• Keep your device's operating system updated.
• Do not share your device with individuals you do not trust with access to your recovery data.
• Be aware that if someone has physical access to your unlocked device, they may be able to open the App and view your data.

The Developer does not transmit data over any network, so there is no risk of data interception, man-in-the-middle attacks, or server-side data breaches related to the App.

We may update this Privacy Policy from time to time. Changes will be effective upon publication of the updated Privacy Policy within the App or on our website at cravingtoolkit.com.

We will indicate the date of the most recent update at the top of this Privacy Policy. If we make material changes (particularly if we begin collecting or processing any personal data in a future version), we will provide prominent notice within the App before the changes take effect.

We encourage you to review this Privacy Policy periodically.

Your continued use of the App after the publication of an updated Privacy Policy constitutes your acceptance of the revised Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all privacy-related inquiries within 30 days.

For transparency, here is how we declare our data practices to the app stores:

• Apple App Store Privacy Label: “The developer does not collect any data from this app.”
• Google Play Data Safety: “No data collected. No data shared with third parties.”