Last updated: 4 March 2026
ClearLung ("the App", "we", "us", "our") is a wellness application designed to help users quit vaping. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the App.
We collect the following categories of personal data: Account information — your email address and password (encrypted) when you create an account. Quit journey data — your quit date and daily vaping cost, used to calculate your progress and savings. Chat messages — messages you send to the AI companion, which are processed to generate responses and improve your support experience. Breathing exercise usage — records of completed breathing sessions, including exercise type and duration. Device information — your device's push notification token (if you grant permission), used solely to send you motivational reminders. Usage statistics — aggregated, non-identifying data about how you use the App, such as session frequency.
We use your personal data to: provide and personalise the App experience, including your quit timer, savings tracker, and stats; generate AI companion responses tailored to your quit journey; send push notifications with motivational reminders (only if you opt in); track your breathing exercise history and progress; and improve the App's features and reliability.
Your chat messages are sent to our backend server and processed using OpenAI's API to generate AI companion responses. OpenAI may process your messages in accordance with their data usage policies. We do not include your email address or other identifying account information in AI requests. Chat messages are associated with your user ID on our servers but are not linked to your identity when sent to OpenAI. We also use Supabase for authentication and database services. Supabase processes your email address and stores your App data securely.
Your data is stored securely using Supabase, a cloud database platform with enterprise-grade security. All data is transmitted over encrypted HTTPS connections. Passwords are hashed and never stored in plain text. Authentication tokens are stored securely on your device using encrypted storage. We implement Row Level Security on our database, ensuring users can only access their own data. While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure.
We retain your personal data for as long as your account is active. Chat messages are summarised periodically and older messages may be condensed to maintain performance, but the substance of your conversations is preserved. Breathing exercise records are retained for the lifetime of your account to provide long-term statistics. When you delete your account, all associated data — including chat messages, exercise records, quit sessions, and account information — is permanently deleted from our servers.
You have the right to: access the personal data we hold about you; correct any inaccurate personal data; delete your account and all associated data (available in Settings); withdraw consent for push notifications at any time through your device settings; and request a copy of your data by contacting us. If you are in the UK or EU, you also have rights under the UK GDPR and EU GDPR respectively, including the right to lodge a complaint with your local data protection authority.
We do not sell, rent, or trade your personal data to third parties. We share data only with: OpenAI — chat message content (without identifying information) for AI response generation; Supabase — account and App data for storage and authentication; and law enforcement — only when required by law or to protect the safety of our users.
The App does not use cookies. We do not use advertising trackers, analytics SDKs, or any third-party tracking tools that follow you across apps or websites.
The App is intended for users aged 16 and above. We do not knowingly collect personal data from children under 16. If we become aware that a user is under 16, we will delete their account and data promptly. If you believe a child under 16 is using the App, please contact us.
Push notifications are entirely optional. If you grant permission, we store a device token to send you motivational reminders. You can disable notifications at any time through your device settings. We do not use push notifications for marketing or advertising purposes.
Your data may be processed in countries outside your country of residence, including the United States (where OpenAI and Supabase operate). These transfers are necessary to provide the service. Where applicable, we rely on standard contractual clauses or other lawful transfer mechanisms to protect your data.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App. Continued use of the App after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
You can delete your account at any time from the Settings screen. When you delete your account, all of your personal data is permanently removed from our servers, including your profile, chat history, breathing exercise records, and quit session data. This action cannot be undone.
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: nathan.beckett@yahoo.com