Download App

Privacy Policy

Last updated: May 2026

1. Data Controller

The controller responsible for data processing in the Cravewatch app and on this website is:

Mert Agil
In der Tiefschley 2
41517 Grevenbroich
Germany

Email: support@cravewatch.de

2. Data We Process

When you use Cravewatch, we process the following data:

  • Account data: email address (provided by your Apple or Google account; with Apple optionally an anonymized relay address), username (freely chosen)
  • Usage data: your streak, saved craving moments, joker usage, emergency sessions
  • Social data: your friends list and your support circle (only if you use this feature)
  • Device data: push token (only if you allow notifications)
  • Technical data: anonymized crash reports on app errors (stack traces, device model, OS version)

3. Purpose of Processing

We process your data solely to provide the app's functionality — streak tracking, the joker system, emergency features, and the support circle. We do not sell data and we do not use it for advertising.

4. Legal Basis

Processing is based on Art. 6(1)(b) GDPR (performance of a contract) and, where you have given consent (e.g. push notifications), Art. 6(1)(a) GDPR.

5. Storage Location & Data Processors

We use the following data processors:

  • Supabase (Supabase Inc., USA / EU region): backend for storing your account and usage data. A data processing agreement (DPA) under Art. 28 GDPR is in place. Data is stored in the EU region.
  • Apple (Apple Inc., USA) — "Sign in with Apple": when you sign in with your Apple ID, Apple handles authentication and provides us with a user ID and an email address. Apple's Privacy Policy
  • Google (Google LLC, USA) — "Continue with Google": when you sign in with your Google account, Google handles authentication and provides us with a user ID, your name, and your email address. Google's Privacy Policy
  • RevenueCat (RevenueCat Inc., USA): manages your Pro subscription. RevenueCat receives a pseudonymous user ID and processes purchase data. A DPA under Art. 28 GDPR is in place. Data transfer to the USA is based on the EU Standard Contractual Clauses.
  • Sentry (Functional Software, Inc., EU region Frankfurt): technical error logging. We use the EU region, so error data is processed exclusively in Germany. Only technical data is transmitted (stack traces, device model, OS version, anonymous user ID). No email addresses, names, or content are transmitted. Sentry's Privacy Policy
  • Expo Push Notification Service (Expo, USA): only when you allow push notifications. Only the push token and the notification text are transmitted. Data transfer to the USA is based on the EU Standard Contractual Clauses. Expo's Privacy Policy
  • Apple or Google (App Store / Play Store): process your payment data directly when you purchase a subscription — we do not receive your payment data.

6. Retention Period

We store your data for as long as your account exists. When you delete your account, all personal data is removed within 30 days.

7. Your Rights

Under GDPR you have the right to:

  • Access (Art. 15)
  • Rectification (Art. 16)
  • Erasure (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Objection (Art. 21)

To exercise these rights, simply write to us at support@cravewatch.de. We will process your request within 30 days.

8. Account Deletion

You can delete your account at any time — either directly in the app via "Profile → Delete account" or by emailing support@cravewatch.de.

9. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates GDPR. The competent authority is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (ldi.nrw.de).

10. Changes to This Privacy Policy

We reserve the right to amend this privacy policy if the app's functionality or legal requirements change. The current version is always available at cravewatch.de/en/privacy.