Privacy Policy
Last updated: May 26, 2026
This Privacy Policy explains how Sobbr ("Sobbr", "we", "our", or "us") collects, uses, shares, and protects personal data when you use the Sobbr mobile application and the sobbr.app website (together, the "Service"). We handle personal data in accordance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), the Children's Online Privacy Protection Act (COPPA), Rwanda's Law No. 058/2021 on the protection of personal data and privacy, and other applicable data protection laws.
1. Data controller and contact
Sobbr is the data controller responsible for your personal data. For privacy questions, data subject requests, or to exercise any of the rights described below, contact us at support@sobbr.app. We respond to verifiable requests within the timeframes required by applicable law (typically 30 days under GDPR; 45 days under CCPA/CPRA).
2. Information we collect
We collect only what we need to operate the Service. The categories below describe everything we collect.
a) Information you provide directly
- Account information: email address, password (stored as a salted hash), and display name.
- Sobriety tracking data: sobriety start date, check-ins, streaks, relapse events, goals, notes, reflections, and reminders you create.
- Support correspondence: messages, attachments, and contact details you send when you contact support.
b) Information collected automatically
- Device and technical data: device model, operating system and version, app version, language, time zone, and crash logs.
- Usage data: features used, screens viewed, session timestamps, and interaction events used to measure performance and improve the Service.
- Approximate location derived from IP address (country/region level only); we do not collect precise GPS location.
c) Information related to purchases
- Subscription and in-app purchase status, transaction identifiers, and entitlement records. All payment processing occurs through Apple App Store or Google Play. We never receive or store your full payment card details.
Sobriety, recovery, and sobriety-related notes are treated as sensitive personal information under the CCPA/CPRA and as special-category data under GDPR where applicable. We do not use sensitive personal information for purposes beyond providing and improving the Service.
3. How we use your data
- Provide and maintain sobriety tracking, streaks, reminders, and account features.
- Process subscriptions and validate in-app purchases.
- Diagnose crashes, fix bugs, and improve performance and reliability.
- Analyze aggregated, de-identified usage to improve user experience.
- Send transactional and service messages (e.g., security alerts, account notices).
- Send optional reminders or notifications you have enabled.
- Respond to support requests and enforce our Terms of Service.
- Comply with legal obligations and prevent fraud or abuse.
We do not sell or share personal information for cross-context behavioral advertising (as defined by the CCPA/CPRA). We do not use your personal data to train third-party AI models, and we do not share personal data with third-party generative AI services.
4. Legal bases for processing (GDPR)
- Performance of a contract (Art. 6(1)(b)) — to provide the Service you signed up for, including account management and subscriptions.
- Legitimate interests (Art. 6(1)(f)) — to secure, debug, and improve the Service.
- Consent (Art. 6(1)(a) and, where applicable, Art. 9(2)(a) for sensitive data) — for optional features such as push notifications and for processing sobriety data you choose to record. You may withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)) — when processing is required to comply with the law.
5. Third-party service providers
We rely on a limited set of vetted service providers. Each is bound by a written data processing agreement and is required to provide the same or equal protection of personal data as set out in this Policy.
- Apple App Store and Google Play — distribute the app, process payments, and handle subscription billing.
- Google Analytics (sobbr.app website only) — measures aggregated website traffic. IP addresses are truncated and we do not use Google Analytics in the mobile app.
- Cloud hosting and crash reporting providers — store account data and capture diagnostic crash logs to keep the Service running.
We do not share personal data with advertising networks, data brokers, or third-party AI providers. We will update this list if we add or change service providers.
6. International data transfers
Personal data may be processed in countries other than your own, including the United States and the European Economic Area. Where data is transferred outside the EEA, the United Kingdom, or Rwanda, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and supplementary measures where required.
7. Data retention
We retain personal data only for as long as needed to provide the Service or to meet legal, accounting, or reporting obligations. When you delete your account, we delete your account data within 30 days, except for limited records we must retain to comply with the law, resolve disputes, or enforce our agreements. Backup copies are purged on our standard backup rotation (no later than 90 days).
8. Your rights
Depending on where you live, you may have the following rights regarding your personal data:
- Access a copy of the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your personal data ("right to erasure").
- Restrict or object to certain processing.
- Receive your data in a portable, machine-readable format.
- Withdraw consent at any time, without affecting prior lawful processing.
- Lodge a complaint with your local data protection authority — for example, your EU supervisory authority, the UK ICO, the California Privacy Protection Agency, or Rwanda's National Cyber Security Authority.
California residents additionally have the right to know what personal information we collect, the right to opt out of any sale or sharing of personal information (we do not sell or share), the right to limit the use of sensitive personal information, and the right not to be discriminated against for exercising these rights.
To exercise any of these rights, email support@sobbr.app. We may need to verify your identity before fulfilling a request.
9. Account and data deletion
You can delete your account and associated personal data directly inside the Sobbr app under Settings → Account → Delete Account. You can also request deletion without opening the app at sobbr.app/account-deletion or by emailing support@sobbr.app. Deletion is permanent and cannot be undone.
10. Security
We use industry-standard technical and organizational measures to protect personal data, including encryption in transit (TLS), encryption at rest for sensitive fields, access controls, least privilege for staff, and regular security reviews. No method of transmission or storage is 100% secure; if we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and the competent supervisory authorities within the timeframes required by applicable law (within 72 hours under GDPR).
11. Children's privacy
Sobbr is not directed to children. We do not knowingly collect personal data from anyone under the age of 16 (or under 13 in the United States, in line with COPPA). If you believe a minor has provided us with personal data, contact support@sobbr.app and we will delete it promptly.
12. Tracking technologies
The Sobbr mobile app does not use third-party advertising identifiers and does not request permission under Apple's App Tracking Transparency framework because we do not track you across other companies' apps or websites. The sobbr.app website uses a single first-party analytics cookie via Google Analytics with IP anonymization to measure aggregate traffic. You can block this cookie at any time through your browser settings.
13. Health and crisis disclaimer
Sobbr is a self-help tracking tool and is not a medical device, treatment, or substitute for professional care. If you are in crisis or need immediate help, contact your local emergency services or a recognized helpline (for example, SAMHSA's National Helpline at 1-800-662-HELP in the United States, or your country's equivalent service). See our Terms of Service for additional health disclaimers.
14. Changes to this Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and notify you through the app or by email before the changes take effect. Continued use of the Service after the effective date means you accept the revised Policy.