Support on Buy Me a Coffee

An honest document

Your data, handled with care.

The short version: your data is yours. We collect only what we need to keep SmokeLess working, and we never sell it.

Last updated 16 April 2026

Back to home
1

Who is the data controller

The legal entity responsible for your personal data under UK and EU data protection law is Seedcraft Ventures Ltd, a company registered in Scotland, trading as SmokeLess. If SmokeLess is ever incorporated as its own entity, we will update this document and notify active users before the change takes effect.

Data Controller

Seedcraft Ventures Ltd

Registered in Scotland

Trading as SmokeLess

contact@gosmokeless.io
2

What we collect

We try to collect as little as possible, and only what is needed to make SmokeLess work. Here is everything:

Account

Account information

Your email address and a password stored as a one-way hash. We never see the plaintext. If you sign in with a third-party provider, we receive only the basic profile fields that provider sends us.

Usage

Haptic session data

Timestamps of when you use the hold ritual. We use this to understand usage patterns at an aggregate level. This data is never shared individually and is never surfaced back to you as a counter or score.

Tech

Technical data

Basic log data your device sends: IP address, device type, app version, and timestamps. We keep this for a short window to diagnose problems and spot abuse.

Payments

Payment information

If you subscribe or support us via Stripe or Buy Me a Coffee, we receive confirmation that a payment was made. We never see or store your card details. The payment processor handles that.

What we do not collect: we do not track you across other websites, we do not use advertising cookies, we do not fingerprint your device, and we do not ask for your phone number.

3

How we use it

  • Run the service. Keep your account active, sync preferences, and keep things secure.
  • Keep things working. Fix bugs, prevent abuse, and improve features based on what is actually being used.
  • Talk to you when we must. Important account notices, security alerts, or material changes to this policy. No marketing spam without your consent.
  • Meet legal obligations. Respond to lawful requests, resolve disputes, and enforce our terms.
4

Our legal bases for processing

  • Contract. Running your account and processing payments is necessary to deliver the service you signed up for.
  • Legitimate interests. Basic logging, spam prevention, and security monitoring. We have weighed this against your privacy and kept collection minimal.
  • Consent. Where we ask for something optional, like marketing updates, we only act if you say yes. You can withdraw consent at any time.
  • Legal obligation. When we have to respond to a lawful request from a court or regulator.
5

Who we share it with

We do not sell your data. We do not rent it. We share personal data only with a small set of infrastructure providers that help us run SmokeLess, each bound by a data processing agreement.

V

Vercel Hosting

Serves the SmokeLess website and handles basic contact and applications.

S

Supabase Database

Stores application data securely in the European Union.

C

Clerk Authentication

Manages user authentication and account security.

S

Stripe Payments

Processes any paid plan or one-time support payment. We never see your card details.

B

Buy Me a Coffee Support

Handles voluntary support payments. We only see the name and amount.

6

International data transfers

SmokeLess has a global audience. If you are using the app from outside the UK or EU, your data may be transferred to and stored on servers in other jurisdictions. When personal data leaves the UK or EEA, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or an equivalent safeguard to ensure your data keeps the same level of protection wherever it goes.

7

How long we keep things

Your account and data stick around for as long as your account is active. If you delete your account, we delete your personal data within 30 days, with the exception of:

  • Backups. Encrypted backups may retain your data for up to 60 days before rotation.
  • Financial records. We keep records of any payments for as long as UK tax law requires (currently six years).

Technical logs are rotated automatically, typically within 30 days.

8

How we protect it

We take reasonable technical and organisational measures to protect your data: encryption in transit (TLS), encryption at rest for sensitive fields, hashed passwords, and access controls on our infrastructure. No system is perfectly secure. If we discover a breach affecting your personal data, we will notify the relevant supervisory authority within 72 hours as UK GDPR requires and, where the risk is significant, notify you directly as soon as we reasonably can.

9

Your rights

Depending on where you live, you have a set of rights over the personal data we hold about you. We honour these globally where we reasonably can.

a

Access

Ask for a copy of the personal data we hold about you.

b

Rectification

Ask us to correct anything that is wrong or out of date.

c

Erasure

Ask us to delete your account and the data we hold on you.

d

Restriction

Ask us to pause processing while a dispute is being sorted out.

e

Portability

Receive your data in a portable, machine-readable format.

f

Object

Object to processing based on our legitimate interests.

To exercise any of these, write to contact@gosmokeless.io. We will respond within 30 days at no charge.

10

Children

SmokeLess is not intended for anyone under 16. We do not knowingly collect personal data from anyone under that age. If you are a parent or guardian and believe your child has created an account, please get in touch and we will delete it promptly.

11

Cookies

We use a small number of cookies to keep you signed in and remember your preferences. We do not use advertising cookies, cross-site trackers, or third-party analytics tools that build profiles on you. You can block or delete cookies through your browser or device settings.

12

Changes to this policy

When we make material changes, we will notify active users by email before the change takes effect. If Seedcraft Ventures Ltd is ever acquired or restructured, we will tell you before any personal data moves and give you the chance to delete your account first.

13

Governing law

This policy is governed by the laws of Scotland. Any disputes shall be subject to the exclusive jurisdiction of the Scottish courts, without prejudice to your rights as a consumer under the laws of your own country.

Get in touch

Questions?

Write to us. A real person reads every email.

contact@gosmokeless.io