Privacy Policy for ZenSurf

Our Privacy Stance

ZenSurf ("we", "us", "our") is designed to be a local-first app. We do not run a backend server that stores your personal data, we do not require an account, and we do not send your usage data to third-party analytics or advertising providers. Everything you record in ZenSurf stays on your iPhone, your Apple Watch, and (if you enable it) your private iCloud account.

This Privacy Policy explains what is processed on your device, what (if anything) leaves your device, and the choices you have.

Information We Do Not Collect

• No account, no sign-in. ZenSurf does not ask for an email address, name, phone number, or any social login.
• No personal identifiers. We do not collect device advertising identifiers (IDFA), MAC address, or location.
• No usage analytics sent off-device. ZenSurf does not integrate any third-party analytics SDK (no Google Analytics, no Firebase Analytics, no Mixpanel, no Amplitude, etc.).
• No advertising. ZenSurf shows no ads and does not share data with advertising networks.

Information Processed Locally on Your Device

The following data is created and stored on your device while you use ZenSurf. It does not leave your device unless explicitly noted below.

• Quit journey data: Your quit start date, daily pack count, price per pack, your stated reasons for quitting, and your free-text "why I quit" notes. Used to compute days quit, money saved, and progress widgets.
• Urge surfing records: Pre- and post-craving intensity (0–10), surfing mode used (blow / silent / grounding), location chip and trigger chip (such as "after meal", "stress"), duration, and whether you completed or marked a lapse. Used to show your insights and streaks.
• Settings & preferences: Microphone sensitivity, preferred soundscape, notification toggles, and similar in-app preferences.
• Microphone audio (blow mode only): When you choose Blow mode for a surfing session, ZenSurf uses the iOS microphone API to measure breath sound level in real time, on device only. The raw audio is never recorded, never written to disk, and never transmitted. Only a numeric level is read and immediately discarded after the session ends.

This data is stored using Apple's Core Data framework, scoped to your device. We do not have access to it.

Apple Health (HealthKit)

If you grant permission, ZenSurf writes the duration of each completed urge-surfing session to the Mindful Minutes category of Apple Health on your device. ZenSurf also requests read access to your smoking-related Health categories so it can offer a more accurate picture of your quit journey if you have logged data there.

All HealthKit data stays in Apple's encrypted Health store on your device. ZenSurf does not transmit Health data to any server, ours or otherwise. You can revoke ZenSurf's Health access at any time in Settings → Health → Data Access & Devices → ZenSurf.

iCloud Sync (Optional, Your Account)

If you are signed in to iCloud and have ZenSurf enabled in iCloud Drive / iCloud Backup, your in-app records may sync between your own iPhone and your own Apple Watch through Apple's iCloud / CloudKit infrastructure. This data sits in your private iCloud container, end-to-end controlled by Apple, and is not visible to us. You can disable iCloud sync for ZenSurf at any time in Settings → [Your Name] → iCloud → ZenSurf.

Subscriptions and In-App Purchases

If ZenSurf offers a paid tier and you choose to subscribe, the purchase is processed by Apple's App Store. Apple shares with us a non-personally-identifying transaction receipt so that we can unlock the paid features on your device. We use RevenueCat to verify and manage these subscription receipts. RevenueCat receives an anonymous user identifier generated on your device (not tied to your name or email), the subscription status, and the country / device language of the purchase, so it can tell ZenSurf whether to enable paid features.

See revenuecat.com/privacy for RevenueCat's own privacy policy. Apple's App Store privacy practices are described at apple.com/legal/privacy.

Notifications

If you grant notification permission, ZenSurf schedules local notifications on your device (daily check-in reminder, weekly report, lapse follow-up, streak milestone, weekly values review). These are scheduled by iOS on your device and never leave it. There are no remote push notifications from us.

Siri Shortcuts, Widgets, Live Activities, Action Button

ZenSurf integrates with Apple system features (Siri Shortcuts, Lock Screen widgets, Home widgets, Control Center, Live Activities, Action Button). All of these run locally on your device and share data only with the operating system and the ZenSurf app itself.

Sharing Your Information

We do not sell, rent, or share your personal information with third parties. The only data that leaves your device is the anonymous subscription identifier described in "Subscriptions and In-App Purchases" above, and only when you make a purchase or restore one.

Data Security

Because your data lives on your device under iOS's standard data-protection and encryption mechanisms, its security depends primarily on your device passcode and your Apple ID protections. Subscription-related calls to Apple and RevenueCat use HTTPS / TLS in transit.

Data Retention and Deletion

• On your device: All ZenSurf in-app records stay on your device until you delete them. You can clear individual entries inside the app. To delete all ZenSurf data at once, uninstall the app — iOS removes all of its Core Data and locally stored preferences when you do.
• On Apple Health: Mindful Minutes written by ZenSurf remain in your Health database under your control. You can delete them in the Health app.
• On iCloud: If you enabled iCloud sync for ZenSurf, deleting the app on all of your devices and removing the data from Settings → [Your Name] → iCloud → Manage Storage will remove the iCloud copies.
• Subscription record: Anonymous subscription records are kept by Apple and RevenueCat per their own retention policies so that paid entitlements continue to work.

Your Rights

You have the right to access, correct, and delete your personal information. Because ZenSurf does not maintain user accounts and your data lives on your own device, you can exercise these rights directly: edit or delete entries in the app, revoke any permission in iOS Settings, or uninstall ZenSurf entirely. To exercise any right that requires our involvement, please contact us at the email below; we will respond within a reasonable time.

Children's Privacy

ZenSurf is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided information through the app, please contact us so we can address it.

Medical Disclaimer

ZenSurf is a wellness and habit-support app. It is not a medical device, does not provide medical advice, diagnosis, or treatment, and is not a substitute for professional medical care. If you are pregnant, have a heart condition, respiratory illness, or any other medical concern, consult a qualified clinician before relying on any breathing exercise, including the 4-7-8 pattern used by this app.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date above.

Contact Us

If you have any questions or concerns about this Privacy Policy, or need help using ZenSurf, please contact us at afforwork@outlook.com. We aim to respond within 2 business days.