Privacy Notice

Updated: 7 May 2026

1. Controller

The controller responsible for data processing on this website is:

Philipp Aigner
Mörmoosen 23
84577 Tüssling
Germany

Email: swdev.pa@gmail.com

2. Privacy in the QuitNicPouches App

This privacy notice also applies to the QuitNicPouches iOS app. The App stores your quit plan, pouch logs, cravings, triggers, symptoms, savings, achievements, notes and settings locally on your device by default. This information may include health data because it relates to nicotine use, withdrawal, symptoms and behavior change.

We process this health-related App data to provide the App's features and based on your explicit consent. You can withdraw that consent in the App; this deletes your local profile and associated local data and may make the App unusable until onboarding is completed again.

3. Optional App Features, Purchases and Analytics

iCloud sync is optional and is provided by Apple under your Apple account and device settings. If you export data, create PDFs or CSV files, share progress or invite another person, you decide which data is shared through the apps or services you choose.

In-app purchases and subscriptions are processed through the Apple App Store. We use RevenueCat to manage subscription status and premium entitlements. Purchase identifiers, receipt or transaction data, subscription status and technical information may be processed for this purpose.

We use PostHog EU for limited pseudonymous product analytics. This may include product interactions, onboarding, paywall, purchase and core feature events, technical app and device data, timestamps and a pseudonymous identifier. We do not use this data for advertising tracking and do not sell personal data.

4. Hosting and delivery of the website

This website is delivered through the infrastructure of Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare processes technically required connection data such as IP address, request headers, browser information, requested URL, referrer and timestamps in order to deliver content, defend against abuse and ensure website stability.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is the secure, reliable and performant provision of our online offering.

Where Cloudflare processes data in the United States, Cloudflare states that it relies on the EU-U.S. Data Privacy Framework and, where necessary, supplementary Standard Contractual Clauses.

5. Technically necessary access data

When you access this website, technically necessary access data are processed. This may include your IP address, date and time of access, requested file, browser type, operating system and referrer. These data are used to provide the website, troubleshoot errors and detect attacks.

For dynamic landing pages, for example after opening a link from Pinterest, a landing page or pin identifier contained in the URL may also be processed to deliver the requested page. This identifier is not forwarded to the App Store.

6. Storage of your privacy choice

If you make a choice regarding optional analytics on this website, we store that choice in your browser's local storage. The stored information contains the selection status, a timestamp and a version marker so that your preference can be respected on later visits.

The legal basis is Art. 6(1)(f) GDPR in conjunction with Section 25(2) no. 2 TDDDG. The information is generally kept for up to 180 days unless you delete browser data or change your choice via the cookie settings.

7. Web analytics with Google Analytics and Fastlane

We use Google Analytics 4 only after you have expressly consented. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. A transfer to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, cannot be ruled out.

Google Analytics helps us understand which pages are used, which content is accessed, which devices and browsers are used and how visitors reach the website. On dynamic landing pages, campaign parameters such as utm_source, utm_medium, utm_campaign, utm_content or utm_term may also be evaluated after your consent so that visits, for example from Pinterest, can be attributed. We have limited the analytics setup to a privacy-conscious configuration. Personalized advertising and Google Signals are disabled.

After your consent, we may also use Fastlane Website Analytics to record page views, sessions, referrers, campaign parameters, language, screen size, scroll depth and time on page. The pseudonymous visitor and session identifiers used for this are stored in your browser's local storage where available; if local storage is unavailable, measurement is kept in memory for the current session only.

Analytics cookies and comparable analytics storage are set only after your consent. Storage on your device is limited to a maximum of 180 days. The retention period for event data inside the respective analytics services depends on the configured retention settings.

The legal basis is your consent under Art. 6(1)(a) GDPR and Section 25(1) TDDDG. You can withdraw your consent at any time for the future via the “Cookie settings” link in the footer.

Where Google processes data in the United States, Google states that it relies on appropriate safeguards, in particular Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

8. Email contact

If you contact us by email, we process your message, your email address and any additional information you provide in order to respond to your request.

The legal basis is Art. 6(1)(b) GDPR where your request relates to pre-contractual or contractual communication, otherwise Art. 6(1)(f) GDPR.

9. External links and App Store

This website contains links to the Apple App Store. When you click such a link, you leave our website. The respective third party is then solely responsible for any subsequent processing of personal data.

On dynamic landing pages, standard campaign parameters from the URL may be appended to the App Store link so that the visit source can be attributed in downstream systems. Internal landing page identifiers such as the p parameter are not forwarded.

10. Recipients of data

Recipients of personal data may in particular include:

• Cloudflare, Inc. for hosting, delivery and security services,
• Google Ireland Limited or Google LLC if you consent to Google Analytics,
• Fastlane Website Analytics if you consent to optional web analytics,
• technical service providers where required for operation, maintenance or security of the website.

11. Storage period

We keep personal data only as long as necessary for the respective purposes or as long as statutory retention obligations apply. For technically required access data, the storage period depends on operational and security needs. For your consent choice, the period is generally up to 180 days. Optional analytics services are additionally subject to the retention settings configured there.

12. Your rights

Subject to the statutory requirements, you have the right of access, rectification, erasure, restriction of processing, data portability and objection to processing based on Art. 6(1)(f) GDPR. You may withdraw consent at any time with effect for the future.

13. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. The authority responsible for us is in particular the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany, www.lda.bayern.de.