Privacy Policy

Last updated: 11/04/2026

At Retempto we understand that users are sharing private data with us. We see this as a huge responsibility on our end, and therefore take steps to not only protect, but also provide transparency to end users about data usage. We also see personal data as a liability, and therefore strive to collect as little as possible.

Cookie Policy

Retempto believes in a web free from tracking. As such, we do not utilize any third party cookies on our site. Retempto does utilize cookies to store session data, but is never used for the purpose of tracking or profiling.

What data we collect

We believe that personal data is sacred, and we strive to only collect information which is strictly necessary to adequetly provide the service. Below is the list of data we collect from you as a user.

IP addresses - Necessary for us to serve our website. These are stored for 30 days, for the purpose of geograpic traffic analysis and prevention of denial of service attacks. IP addresses are not associated with user accounts.
Email address - Used to identify users and account creation. Your email is not shared with third parties. You will only receive emails from us regarding account creation, account recovery and account deletion.
Age bracket - While we are not collecting your birth date, we will ask you to confirm that you are above the age of 18 during account creation. Our service is intended solely for adults aged 18 and over who are seeking to monitor or reduce their nicotine use. We do not provide medical advice, promote nicotine use, or target minors.
Nicotine usage - An integral part of our service, is allowing users to track their nicotine usage. Users record their usage in our web app, which is stored in our servers. This data may be deleted at any time at your discretion.
Urge and mood recordings - An optional feature in our service is allowing you to record urges and mood in freetext and intensity levels. These recordings are stored for the sake of providing this service to you, but may be deleted at any time at your discretion.

Data sharing

Retempto is a free service, relying on optional member donations. We are not serving advertising, and thus have no incentive to share your data with third parties. Your data on Retempto will NEVER be sold to third parties or shared outside the terms outlined in this privacy policy.

Data protection

All data associated with your account is stored in a database with encryption at rest. We utilize TLS encryption to safeguard your data in transit. Your password hashed and salted before storage with modern hashing algorithms, to ensure your password is safe even in the event of a data leak. In the unexpected case that Retempto experiences a data leak, all affected users will be notified via email.

Data requests and deletion

You may at any time request a copy of all data associated with your account, this can be done from account settings. Here you can also delete your account, which will also delete all associated information with your account.

Third party services

Third party	What we use them for	Privacy policy
Resend.com	We use a third-party provider (Resend) to send transactional emails (such as verification and password reset emails). This involves sharing your email address and the content of the email with the provider. The provider may also collect technical data such as IP address and email interaction data (e.g. opens and clicks) to ensure reliable delivery and prevent abuse. Data may be processed outside the EU, including in the United States.	Resend privacy policy
DigitalOcean	We use DigitalOcean to host and manage our web application and user data. Specifically: DigitalOcean App Platform is used to deploy, host, and scale our web application. It handles the execution of our application code, including frontend, backend, and middleware components. DigitalOcean Managed Databases are used to securely store user-related information. These databases run in a private network, with data encrypted both in transit and at rest. Access is restricted to authorized requests only. All infrastructure runs in DigitalOcean's data centers located in Amsterdam, Netherlands (AMS region), ensuring data residency within the European Union. DigitalOcean processes data necessary to operate and maintain the hosting and database services, including application logs, network traffic, and database access patterns. As a data processor, DigitalOcean complies with GDPR and other applicable data protection regulations.	DigitalOcean privacy policy

If you have questions regarding your data or data deletion, please reach out to [email protected].