Privacy Policy

Privacy Policy

Last updated: 15 June 2026

BreathFee LTD (“we”, “us”, “our”), trading as BreathFree, is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use and share it, and what rights you have. We process personal data in accordance with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679) and the Dutch implementing legislation (Uitvoeringswet AVG).

Our registered address is Teststreet 12, 2222TT Amsterdam, the Netherlands. For privacy-related enquiries, contact us at info@rolandb31.com.

1. Who Is the Data Controller?

BreathFee LTD is the data controller responsible for your personal data collected through the BreathFree app and website. Where we engage third-party processors, they act on our instructions and are bound by appropriate data processing agreements.

2. What Data We Collect

2.1 Data You Provide Directly

• Account data: name, email address, password (hashed).
• Profile data: smoking history, quit date, goals, and progress you enter into the app.
• Payment data: billing address and payment method details (processed and stored by our payment provider; we do not store full card numbers).
• Communications: messages you send to our support team.

2.2 Data Collected Automatically

• Usage data: pages viewed, features used, session duration, click-stream data.
• Device data: device type, operating system, browser type, IP address, language settings.
• Log data: server logs, error reports, timestamps.

2.3 Cookies & Similar Technologies

We use cookies and similar tracking technologies on our website and app. See Section 9 (Cookies) for full details.

3. Legal Bases for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

• Contract performance (Art. 6(1)(b)): to provide your subscription, manage your account, and process payments.
• Legitimate interests (Art. 6(1)(f)): to improve our Service, ensure security, prevent fraud, and send relevant service communications.
• Legal obligation (Art. 6(1)(c)): to comply with Dutch tax, financial, and regulatory requirements.
• Consent (Art. 6(1)(a)): for marketing emails and non-essential cookies, where we ask for your explicit consent. You may withdraw consent at any time.

For health-related data you voluntarily share (e.g. smoking habits), we rely on your explicit consent under Article 9(2)(a) GDPR.

4. How We Use Your Data

• To create and manage your BreathFree account.
• To deliver the 21-day quit-smoking programme and personalise your experience.
• To process subscription payments and send billing-related communications.
• To provide customer support.
• To send transactional emails (e.g. receipts, programme reminders).
• To send marketing communications where you have given consent.
• To analyse usage patterns and improve the Service.
• To comply with legal obligations (e.g. bookkeeping, tax reporting).
• To detect and prevent fraud and abuse.

5. Third-Party Processors

We share your data with trusted third-party service providers acting as data processors. These include:

• Payment processors (e.g. Stripe, Mollie or similar): to process subscription payments securely. Payment providers have their own privacy policies and may be independently subject to PCI-DSS standards.
• Email service providers (e.g. Mailchimp, SendGrid or similar): to deliver transactional and marketing emails.
• Analytics providers (e.g. Google Analytics or similar): to help us understand how users interact with our Service. Where applicable, we use IP anonymisation and have signed data processing agreements.
• AI technology providers: we may use AI-powered tools to personalise coaching content or support responses. Any AI processors are bound by data processing agreements and GDPR-compliant safeguards.
• Cloud infrastructure providers (e.g. AWS, Google Cloud or similar): to host and store application data securely.

We do not sell your personal data to third parties. We only share data with processors as necessary to deliver the Service and under appropriate contractual safeguards.

6. International Data Transfers

Some of our third-party processors may be located outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses (SCCs) or reliance on an adequacy decision, in accordance with Chapter V of the GDPR.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this Policy or as required by law:

• Account data: retained for the duration of your subscription and deleted within 12 months of account closure, unless we are required to retain it longer.
• Financial & billing records: retained for 7 years in accordance with Dutch tax law (Belastingdienst requirements under Article 52 AWR).
• Marketing consent records: retained until you withdraw consent and for a reasonable period thereafter as evidence of consent.
• Support communications: retained for up to 2 years after resolution.

8. Your Rights Under GDPR

As a data subject in the Netherlands, you have the following rights:

• Right of access (Art. 15): request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): ask us to correct inaccurate or incomplete data.
• Right to erasure (Art. 17): request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
• Right to restriction of processing (Art. 18): ask us to limit how we use your data in certain circumstances.
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent: withdraw any previously given consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at info@rolandb31.com. We will respond within one month. You also have the right to lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ Den Haag, www.autoriteitpersoonsgegevens.nl.

9. Cookies

We use the following categories of cookies:

• Strictly necessary cookies: essential for the Service to function (e.g. session management). No consent required.
• Analytical/performance cookies: help us understand how users interact with the Service. We obtain your consent before placing these.
• Marketing/tracking cookies: used to show relevant ads or track campaign performance. We obtain your explicit consent before placing these.

You can manage your cookie preferences through our cookie consent banner or your browser settings. Withdrawing consent for non-essential cookies does not affect the functionality of the core Service.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include encryption in transit (TLS), encrypted storage, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

11. Children’s Privacy

BreathFree is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at info@rolandb31.com so we can delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice. The updated Policy will be effective from the “Last updated” date at the top of this page.

13. Contact Us

• Company: BreathFee LTD
• Brand: BreathFree
• Address: Teststreet 12, 2222TT Amsterdam, the Netherlands
• Email: info@rolandb31.com

Disclaimer: This Privacy Policy has been prepared to reflect applicable GDPR and Dutch data protection law as of the date above. It is provided for informational purposes and does not constitute professional legal advice. BreathFee LTD recommends seeking independent legal counsel to ensure full compliance with all applicable privacy laws and regulations.