This Privacy Policy explains how the Nolapse application ("the App") processes personal data in accordance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and other applicable law.
The data controller is Carlos Santos, an individual developer based in Portugal, European Union. For privacy-related enquiries: support@getnolapse.app
Nolapse was built to keep most app data on your device. Impulse logs, check-in history, risk window configuration, progress statistics, and savings estimates are created and stored locally on your device and are not transmitted to the Developer as part of normal app operation.
The Developer does not receive this local app data through the ordinary operation of the App. Remote data processing is limited to trial management, subscription support, and related service functions.
The following data is created and stored locally on your device. It is not transmitted to the Developer as part of normal app operation:
| Data | Purpose |
|---|---|
| Impulse log — intensity, trigger, estimated spend, outcome | History and pattern display (Pro) |
| Risk window configuration — days and time blocks | System scheduling and filter calibration |
| Average session spend | Savings estimation |
| Progress statistics and resistance rate | Dashboard display |
| App settings and preferences | Personalisation |
If you uninstall the App or clear its local data, this information may be deleted from the device, subject to any device-level backup or synchronisation settings outside the Developer's control.
The date of first installation may be recorded in the Developer's backend services and associated with a randomly generated pseudonymous device identifier. This information is used to calculate the 7-day trial period and support trial integrity. This identifier is not intended to directly identify you by name or email address.
Legal basis: Performance of contract (Art. 6(1)(b) GDPR); legitimate interests in preventing trial abuse (Art. 6(1)(f) GDPR).
The App uses RevenueCat to support subscription entitlement and purchase-status management. This may include subscription status, app-user identifiers, and store purchase identifiers. Payment card data is processed by the App Store (Apple) or Google Play (Google), not by the Developer.
Legal basis: Performance of contract (Art. 6(1)(b) GDPR).
If you contact the Developer, the information you include in your message — such as your email address and the contents of your request — may be processed to respond and provide support.
Legal basis: Legitimate interests in handling support requests (Art. 6(1)(f) GDPR), or performance of contract where the request relates to subscription access (Art. 6(1)(b) GDPR).
Personal data is not sold and is not shared for advertising purposes. The Developer does not use your data for third-party behavioural advertising.
The App relates to impulsive gambling behaviour and may therefore involve information that users consider sensitive. However, the Developer does not intentionally collect or receive users' impulse logs, check-in history, or progress data from the App's normal operation. Such information is designed to remain on your device.
To the extent the Developer processes only limited technical or subscription-related identifiers and not local session data, the scope of sensitive data processing by the Developer is correspondingly limited.
Installation-date records, device identifiers, and related technical subscription-support data are retained only for as long as necessary to manage trial eligibility, subscription-related issues, or fraud-prevention checks.
Where such data is no longer needed for those purposes, it will be deleted or anonymised within up to 90 days, unless a longer retention period is required by law or reasonably necessary to establish, exercise, or defend legal claims.
Data processed by third-party providers such as RevenueCat may be retained according to their own applicable retention practices. RevenueCat privacy information ↗
Under the GDPR, you may have the following rights regarding the personal data processed by the Developer:
To exercise any applicable rights, contact: support@getnolapse.app. The Developer aims to respond within one month, subject to applicable data protection law timelines.
You also have the right to lodge a complaint with your local supervisory authority, or in Portugal with the CNPD (cnpd.pt).
The Developer implements appropriate technical and organisational measures, proportionate to the nature of the processed data, to protect personal data against unauthorised access, accidental loss, misuse, or unlawful disclosure. These measures include encrypted communications (HTTPS/TLS) and access-control restrictions for backend services.
Some service providers used by the App may process personal data outside the European Economic Area, including in the United States. Where personal data is transferred internationally, such transfers are intended to be safeguarded through mechanisms recognised under applicable data protection law, which may include Standard Contractual Clauses approved by the European Commission.
The App does not use cookies in the traditional web-browser sense. The Developer does not use advertising SDKs or behavioural tracking technologies for third-party marketing or profiling purposes through the App.
The device identifier described in section 3 is used only for functional purposes such as trial management, subscription support, and fraud prevention.
The App is intended for adults only and is not directed to children. The Developer does not knowingly collect personal data from minors.
The Developer may update this Privacy Policy from time to time. If material changes are made, users will be notified through the App or by other appropriate means at least 15 days before the changes take effect, unless a shorter period is required for legal or security reasons.
The effective date shown at the top of this Policy indicates when the current version came into force.
For questions about privacy or personal data processing: support@getnolapse.app
You may also contact the supervisory authority of your country of residence in the EU, or the Portuguese CNPD (cnpd.pt).