Privacy Policy - ClearAir App

Effective Date: May 6, 2026

1. Introduction

ClearAir ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

2. Information We Collect

Account and profile

• Account identifiers and contact information, for example email when you register with email and password, or email relayed by an identity provider.
• Display name, preferences, quit goals, currency and cost settings, and similar profile fields.
• Profile photo if you choose to upload one.

Sign-in and identity providers

You may sign up or sign in using email and password, Sign in with Apple on supported Apple devices, or Sign in with Google.

• Sign in with Apple: Apple performs authentication. Apple may share an identity token with Supabase Auth. Depending on your choices, Apple may share your name and email or an Apple Hide My Email private relay address. Apple's processing is described in Apple's Privacy Policy.
• Sign in with Google: Google performs authentication through an OAuth flow. Google may share with Supabase Auth your Google account identifier, email, name, and profile picture URL or similar fields as configured and authorized. Google's processing is described in Google's Privacy Policy.
• Our role: We use the information those providers supply to Supabase Auth to create your session, associate your activity with your ClearAir account, and display profile details you see in the App. We do not receive your Apple or Google password.

Cessation and activity data

• Puff or usage logs, triggers, notes, goals, streaks, milestones, and related analytics we derive in the App.
• Program enrollment, lesson progress, and completion status for structured programs.
• Voice journal entries: when you use voice journaling, audio is processed to produce text and stored content associated with your account as described in the feature.
• SOS or crisis-flow interactions and summaries we generate to support those workflows.
• Relapse-related events, reflections, and context you provide, for example mood or trigger labels.
• Weekly reports and insight summaries generated for your account.

AI chat and coaching

Messages you send in AI coach chat and assistant replies are maintained to provide the service and improve session continuity within limits described in our product.

Notifications and patterns

• Notification preferences and delivery logs as needed to operate reminders, including craving-related notifications that may be informed by analysis of your usage patterns on our systems.
• Device tokens used to deliver push notifications, for example via Firebase Cloud Messaging or Apple Push Notification service.

Support communications

• Communications with support and associated metadata.
• Information you choose to provide when requesting help, privacy support, or account deletion.

Subscription and payments

We collect subscription status, product identifiers, and purchase restoration metadata. Payments are processed by Apple or Google; we do not receive your full payment card number.

Device and technical data

• Device type, operating system, App version, and diagnostics or crash data.
• Approximate or regional signals used for currency, localization, or compliance. We do not continuously track precise GPS location as a history trail.

Optional integrations

• Calendar: if you grant permission, your device may process calendar information locally to contextualize recommendations as described in system prompts. We design flows to avoid uploading raw calendar contents unless a specific feature clearly states otherwise.
• Apple Health: on supported iPhones and iPads, you may connect Apple Health. With your permission, we read health categories you authorize such as sleep, heart rate, heart rate variability, and steps to show recovery trends and correlations with your logging in the App. We do not write health data back to Apple Health. You can change or revoke access in iOS Health app settings.
• Health Connect: on supported Android devices, you may connect Health Connect. With your permission, we read types you authorize that the App requests such as sleep, heart rate, resting heart rate, heart rate variability, and steps for trends and correlations. We do not write data back to Health Connect. You can change or revoke access in Health Connect or system settings.
• Data from these connections is associated with your ClearAir account when you use features that rely on it. Wearables or other apps that sync into Apple Health or Health Connect may indirectly contribute to the metrics we read, depending on what you allow in those systems.

3. How We Use Your Information

• Operate, secure, and improve the App.
• Personalize coaching, summaries, programs, and notifications.
• When you connect Apple Health or Health Connect, correlate permitted metrics with cessation activity to show trends and insights in the App.
• Generate AI-assisted content using automated systems hosted on our infrastructure and subprocessors listed below.
• Process subscriptions and premium entitlements.
• Send transactional and product notifications.
• Meet legal obligations and enforce our Terms.

Voice data: voice journaling sends audio to our servers for processing, including transcription and reflection. We retain resulting text and metadata needed to show your journal history. Retention of raw audio, if any, is limited to what is necessary to operate the feature and our internal policies.

AI processing: to provide AI features, portions of your content and relevant profile or usage context may be sent to model providers under our control. We configure services for cessation support and do not use your content to train public models where our agreements with providers prohibit doing so.

4. Data Sharing and Disclosure

We do not sell your personal information. We share information with categories of recipients as needed to run the App:

• Cloud and authentication: Supabase.
• Identity providers: Apple or Google when you use their sign-in services.
• Subscriptions: RevenueCat.
• Notifications: Google Firebase or equivalent Apple or Google notification infrastructure.
• AI and speech: Anthropic for large language model responses and OpenAI for speech-to-text, invoked from our secure backend.
• Payments: Apple App Store and Google Play.
• Legal and safety: regulators, law enforcement, or others when required by law or to protect rights, safety, and integrity.
• Business transfers: in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards.

When we use subprocessors, we choose arrangements with confidentiality and security obligations consistent with this Policy.

5. Data Security

We implement reasonable administrative, technical, and organizational measures, including encrypted transmission where applicable, access controls, and secure cloud configuration. No method of transmission or storage is completely secure.

6. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of your personal information, and to object to certain processing.

• Update profile information in the App where supported.
• Disable optional integrations in device settings.
• Request account deletion through App settings or by contacting us. Deletion may take up to 30 days for backups and residual copies.

Account deletion

Deleting your account removes or anonymizes associated personal data from active systems within that timeframe, subject to legal retention needs.

7. Data Retention

We retain information as long as your account is active and as needed to provide the service, comply with law, resolve disputes, and enforce agreements. Aggregated or de-identified data may be retained longer.

8. Children's Privacy

ClearAir is not directed at children under 18. We do not knowingly collect personal information from children under 18. If you believe we have, contact us and we will delete it.

9. Location Data

We do not use continuous background location tracking. We may use coarse regional or currency signals from the device or account settings to personalize pricing displays and content.

10. California Privacy Rights

California residents may request access, deletion, and information about sharing, and may designate an authorized agent. We do not sell personal information as sale is defined under the CCPA.

11. International Users

If you use the App outside the United States, your information may be transferred to the United States and other countries where we or our service providers operate. Those countries may have different data protection laws.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated Policy in the App and revise the Last Updated date. Material changes may include additional notice where required.

13. Contact Us

For privacy-related questions or requests: privacy@clearair.app. To exercise privacy rights or request deletion, email privacy@clearair.app with "Privacy Request" in the subject line. A physical mailing address is available upon request for correspondence that requires it.

Website: https://clearair.app/privacy

Last Updated: May 6, 2026