This Privacy Policy explains how Life Back ("we", "us", "our", or the "App") collects, uses, stores, and protects your information when you use the Life Back: 90-Day Recovery mobile application and related services (together, the "Service"). We are committed to protecting your privacy and handling your data in a transparent, secure, and lawful manner in accordance with Apple's App Store Review Guidelines, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data-protection laws.
If you do not agree with this Privacy Policy, please do not use the Service.
1. Who We Are (Data Controller)
The Service is operated by the publisher of Life Back: 90-Day Recovery (the "Developer"). For any questions, requests, or complaints about your personal data, you can contact us at:
Email: daancrefcoeur@gmail.com
Postal address: Available on request via the email above.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you can also contact our data-protection point of contact at the same email address.
2. Sensitive Nature of the Service
Life Back is not a medical device and does not provide medical, psychological, or therapeutic advice. It is not a substitute for professional diagnosis or treatment. If you are in crisis, please contact a qualified professional or local emergency services.
3. Information We Collect
We only collect information that is necessary to deliver and improve the Service. We do not sell your personal information, and we do not use it for third-party advertising.
3.1 Information you provide directly
- Account information: when you sign in with Sign in with Apple, we receive a unique Apple user identifier and, if you choose to share it, your name and a relay email address. You can also use the App anonymously, in which case we only store a randomly generated user ID.
- Profile / onboarding information: age range, username or first name, self-reported frequency and duration of use, previous quit attempts, escalation patterns, personal triggers, affected life areas, motivation, and commitment level.
- Recovery content you enter: daily check-ins (mood, urge intensity, sleep quality), logged triggers, relapse journal entries (including free-text reflections), action plans, and answers to in-lesson questions.
- Progress data: completed lessons, XP, "lives", streaks, milestones, and other gamification metrics.
- Support communications: if you email us, we keep your message and contact details to respond.
3.2 Information collected automatically
- Device and technical information: device model, operating-system version, App version, language, time zone, and anonymous diagnostic information used to detect crashes and improve stability.
- Usage information: which screens you open and which features you use, stored against your user ID so we can sync your progress across sessions.
- Subscription information: whether you have an active trial or paid subscription, and the associated product identifier. Payment card details are never seen or stored by us — they are handled solely by Apple and our subscription provider (see §4).
3.3 Information we do not collect
- We do not collect precise geolocation.
- We do not access your photos, microphone, camera, contacts, or health data from Apple Health.
- We do not use third-party advertising SDKs and do not track you across other companies' apps or websites (we do not trigger App Tracking Transparency).
- We do not knowingly collect information from anyone under 18 (see §11).
4. Third-Party Services (Processors)
We rely on a small number of trusted providers who act as data processors on our behalf. Each provider is bound by contractual and, where applicable, GDPR-compliant data-processing terms.
| Provider | Purpose | Data shared |
|---|---|---|
| Apple Privacy |
Authentication, in-app purchases, notifications | Apple user ID, purchase receipts |
| Supabase Privacy |
Storing your account, progress, check-ins, and journal entries | All data listed in §3.1 and §3.2 |
| RevenueCat Privacy |
Managing subscriptions, trials, entitlements, and receipt validation | Anonymous user ID, purchase history, subscription status |
We may change providers from time to time and will update this section accordingly.
5. How We Use Your Information
We use your information only for the following purposes:
- To provide the Service — creating your account, syncing your progress, displaying your journey and journal entries, unlocking lessons, and sending you the in-app reminders you enable.
- To manage subscriptions — granting or revoking access to premium content, administering free trials, and handling refunds through Apple.
- To improve the Service — analyzing aggregated, non-identifying usage patterns and diagnosing crashes.
- To keep the Service safe — preventing fraud, abuse, and security incidents.
- To communicate with you — responding to support requests and sending important service messages (e.g., material changes to this policy).
- To comply with law — meeting legal, regulatory, tax, and audit obligations.
Legal bases under GDPR
Where GDPR applies, we rely on the following legal bases: (a) performance of a contract (to deliver the Service you request); (b) your explicit consent for processing sensitive health-related information (Article 9(2)(a) GDPR), which you give by choosing to enter such information into the App; (c) our legitimate interests in securing and improving the Service; and (d) legal obligation where required by law.
You can withdraw consent at any time by deleting your entries or your account (see §8 and §9); withdrawal does not affect the lawfulness of processing before the withdrawal.
6. Apple's Privacy Manifest
In line with Apple's requirements, the App ships with a PrivacyInfo.xcprivacy manifest that declares the data categories we collect and link to your identity (currently: User ID and Purchase History) and the required-reason APIs we use (UserDefaults, reason CA92.1). We do not perform tracking as defined by Apple's App Tracking Transparency framework.
7. Data Storage, Security and International Transfers
Your data is stored on servers operated by our cloud processors, which may be located in the United States or the European Union. When data is transferred outside your country of residence, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
We apply technical and organizational safeguards appropriate to the sensitive nature of the data, including: TLS encryption in transit, encryption at rest, row-level security so each user can only access their own records, hardened authentication, restricted employee access on a need-to-know basis, and regular review of our security practices. No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Data Retention
We keep your personal data only for as long as necessary to provide the Service and to meet legal obligations:
- Account and recovery data: kept for as long as your account is active. If you remain inactive for 24 months, we may delete your account after giving you reasonable notice by email (where available).
- Subscription records: kept for up to 7 years to comply with tax and accounting laws.
- Support messages: kept for up to 24 months.
- Backups: residual copies may remain in encrypted backups for up to 30 days after deletion and are then overwritten.
9. Your Rights and Choices
Subject to local law, you have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure ("right to be forgotten") — delete your account and associated data at any time using the Delete account option inside the App, or by emailing us. This permanently removes your profile, check-ins, journal entries, lesson progress, and personal tools across our database tables.
- Restriction and Objection — ask us to pause or stop certain processing.
- Data portability — receive your data in a machine-readable format.
- Withdraw consent — at any time, without affecting prior lawful processing.
- Lodge a complaint — with your local data-protection authority. In the EEA, a list is available at edpb.europa.eu.
California residents (CCPA/CPRA)
You have the right to know, delete, correct, and limit the use of sensitive personal information, and the right not to be discriminated against for exercising these rights. We do not sell or "share" personal information as defined under the CCPA.
To exercise any of these rights, email daancrefcoeur@gmail.com. We will verify your request and respond within the timeframes required by law (typically 30 days).
10. Push Notifications and Reminders
If you enable notifications, we use Apple Push Notification service (APNs) to send reminders and motivational prompts you have configured. You can disable notifications at any time from your iOS Settings.
11. Children's Privacy
The Service is intended for adults aged 18 and older. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal data, please contact us at daancrefcoeur@gmail.com and we will delete it.
12. Automated Decision-Making
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you in the App and/or by email and update the "Last Updated" date above. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
14. Contact Us
Questions, requests, or complaints? Please contact:
Life Back — Privacy Team
Email: daancrefcoeur@gmail.com
We aim to respond within 5 business days.