Last updated: 8 December 2025
PuffTrack (“we”, “our”, “the App”) helps users monitor and gradually reduce vaping and smoking. This Privacy Policy explains what data we collect, how we use it, how long we keep it, and what rights you have. By installing or using PuffTrack you agree to the practices described below.
Account Information. When you create an account or sign in, we collect:
Identifier for Vendor (IDFV). We generate and store the IDFV on our backend to recognise returning users across re-installations and synchronize their progress.
Identifier for Advertisers (IDFA). When you provide consent under Apple’s App Tracking Transparency (ATT) framework, this identifier may be used for attribution, analytics, measurement of marketing performance, and fraud prevention.
Diagnostic & crash data. When the App crashes or encounters an error, Apple’s crash-reporting mechanisms and our analytics SDKs may record OS version, device model, timestamp and stack traces. No names, e-mails or precise locations are included.
Aggregated usage analytics. We collect anonymised event data (e.g., button taps, screen flows) to understand which features are most useful and to plan improvements.
Refund-related usage data. If you request a refund through the App Store, we may link limited in-app usage metrics (for example, number of sessions, feature activations and total time spent) to the transaction ID and share this information with Apple. The data is transmitted securely via Apple’s Send Consumption Information API and used only to help Apple decide whether the refund should be approved or declined.
Under the EU GDPR we process:
• Performance of a contract — to deliver core app functions.
• Legitimate interests — to fix bugs, protect the service and analyse aggregated usage.
• Consent — where the App or the OS prompts you for optional data sharing.
• To create and manage your account, authenticate your identity.
• To generate anonymous statistics that help us improve retention and success rates.
• To attribute app installs and measure the effectiveness of marketing campaigns through AppsFlyer. We also rely on AppsFlyer to perform aggregated product analytics and detect fraudulent behavior. Data processed via AppsFlyer is used strictly for these purposes on our behalf and is never sold.
• To detect, diagnose, and resolve stability or performance issues.
• To generate aggregated revenue metrics for business accounting.
PuffTrack retains Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. We may also keep certain information as needed to comply with legal obligations, resolve disputes, and enforce our agreements and policies.
Usage Data (such as diagnostic logs and anonymous analytics) is generally kept for a shorter period. However, we may preserve it longer when required to strengthen security, improve service functionality, or meet statutory retention requirements.
We primarily store and process usage data on secure servers located in the European Union. This applies regardless of the user’s country of residence, including the United States. We take appropriate measures to ensure the confidentiality, integrity, and availability of this data.
To keep subscriptions working and understand how users progress we rely on two SDKs:
• Qonversion Inc. — subscription management and revenue analytics (privacy policy).
• Mixpanel Inc. — product analytics (privacy policy).
Both providers operate under strict contractual confidentiality obligations and comply with GDPR and CCPA requirements. Data shared with them is pseudonymised (IDFV-based) and never sold.
• AppsFlyer Ltd. — attribution, analytics, and fraud prevention. (privacy policy).
AppsFlyer may process device identifiers (e.g. IDFV/IDFA when available), IP addresses, and in-app event data.
• Supabase Inc. — authentication and user account management (privacy policy).
Supabase processes your email address and authentication credentials to enable account creation and sign-in functionality. When you use email authentication, Supabase stores your email address securely. When you use Apple Sign In, Supabase processes authentication tokens provided by Apple. All data is encrypted in transit and at rest, and Supabase complies with GDPR and other applicable data protection regulations.
• Apple Inc. — authentication provider.
When you use Apple Sign In, Apple processes your authentication request according to Apple's privacy policy (privacy policy). Apple may share your name and email address (if you choose to share them) with PuffTrack for account creation purposes.
Apple Inc. (App Store Server API). When Apple requests additional details about a purchase as part of a refund review, PuffTrack (via Qonversion's Refund Keeper) sends pseudonymised usage statistics linked to that purchase. This data is shared solely for refund adjudication, is processed under Apple's privacy policies, and is not retained longer than necessary for that purpose.
We collect information about visitors to our website and about users of our PuffTrack application(s) in order to improve our Services. For this purpose we use different kinds of so-called cookies and tracking pixels (a.k.a. web beacons).
Cookies. A cookie allows a web server to place a text file (e.g., a clear ID) on your computer or smart phone/tablet. Cookies are used, for example, to automatically recognize you the next time you visit our websites or use a PuffTrack application. The cookie is sent either by the web server to your browser or is generated by client-side scripting (e.g., JavaScript). Cookie data will be stored locally on your terminal device and in most cases will be effective only for a limited time period.
Flash Cookies. Websites that include flash media write user-specific data to your computer and later read such data. Such files are called flash cookies or local shared objects (LSO). Such files are not managed by your browser, but rather by the flash player plug-in. Flash cookies are subject to the same rules as conventional cookies. Flash cookies, too, can only be read by the website that caused those flash cookies to be placed. However, flash cookies can store a substantially greater volume of data.
Managing Cookies. Your browser offers extensive setting options to manage cookies. For example, you can deactivate cookies in your browser or limit cookies to certain websites. You can also program your browser to first notify you before a cookie is placed. You can also choose these settings on your mobile terminal devices. You can at any time manage cookies by changing the settings of your devices, delete cookies, or block cookies altogether.
You can also visit our website even if you block cookies on your terminal device. If you block cookies, the display of our website may however be impaired and not all functions may be available to you. You can also use PuffTrack application(s) without cookies. In that case, you may however no longer be able to use all functions of such application as conveniently.
Tracking Pixels. Tracking pixels are small graphics in HTML e-mails or on websites. When you access such a website, your access to the tracking pixel will be recorded in a log file. This allows statistical analysis, which, in turn, can be used to improve our Services. We use tracking pixels from third-party services such as Meta (Facebook Pixel) and TikTok Pixel on our website to measure the effectiveness of our marketing campaigns and to understand how users interact with our content. You can set your e-mail program or your browser so that HTML e-mails will be displayed as text only, thereby preventing the use of some tracking pixels.
We apply industry-standard safeguards such as TLS encryption in transit, sandboxed cloud infrastructure, role-based access controls and regular security reviews. No method of electronic storage can be guaranteed 100% secure, but we strive to maintain commercially acceptable standards.
If personal data is transferred outside the European Economic Area (EEA), including to the United States, we ensure appropriate safeguards are in place. These include Standard Contractual Clauses approved by the European Commission and supplementary measures where required.
We primarily store and process usage data on secure servers located in the European Union. This applies regardless of the user’s country of residence, including the United States. We take appropriate measures to ensure the confidentiality, integrity, and availability of this data.
You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.
You may delete your account and associated data directly from within the App through the account settings, or by contacting us at contact@pufftrack.top. When you delete your account, we will remove your email address, name, and other personal data from our systems, subject to any legal obligations or lawful basis we may have to retain certain information (such as transaction records for accounting purposes or data required for fraud prevention).
Please note that deleting your account will permanently remove your progress data and you will not be able to recover it. If you have an active subscription, you should cancel it separately through your Apple ID account settings before deleting your account.
PuffTrack is intended for adults aged 17 and above and is not directed to minors. We do not knowingly collect data from anyone under 17. If you believe such data has been collected, please contact us so we can delete it promptly.
We may update this Policy from time to time. Material changes will be announced in-app or on pufftrack.top. Continued use of the App after changes take effect constitutes acceptance of the revised Policy.
If you have questions or concerns about privacy, data protection or our security practices, write to contact@pufftrack.top.
© 2025 Dmytro Lytvynenko. All rights reserved.