Tapr
Smoke less, your way
Last updated: April 30, 2026
This Privacy Policy describes how the Tapr mobile application ("Tapr", "the app", "we") handles information when you use it. Tapr is published by Zoran Gojković, an independent developer based in Lazarevac, Serbia, operating under the Fenix label.
Short version. Tapr stores your cigarette logs and plan locally on your phone. The free version sends nothing to any server. The optional Pro features (Cloud Sync, Risk Zones and AI Insights) only upload data that has been encrypted on your device first, or stripped to anonymous statistics — we cannot read individual log entries, and the AI service we use never receives anything that identifies you. We never sell your data and never show ads.
The data controller for the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR is Zoran Gojković, Lazarevac, Serbia. For any privacy matter, contact us at fenixjzdev@gmail.com.
Tapr handles smoking-related habit data. Under GDPR Article 9, behavioural-health information can be considered a special category of personal data. We address this by:
Tapr divides information into five categories.
The following stays on your device and is never transmitted to us:
This data is stored in the app's private SQLite database and SharedPreferences, which other apps on your device cannot access.
For the Stats screen pie chart and the auto-classification feature, Tapr applies a small local heuristic that classifies each cigarette into one of seven categories — morning, coffee, post-meal, work break, evening / social, stress, or other — based purely on the time-of-day and day-of-week of the log entry, plus whether you logged a "gave in" craving session in the same minute. This runs entirely on your device. No data leaves your phone for this feature.
If you grant the location permission, Tapr tags each cigarette log with the GPS coordinates of where you smoked. This is used to spot patterns ("you smoke most often near your office at 17:00") and to power the Pro Risk Zones feature. Coordinates are stored only in the local cigarette log table.
You can revoke the location permission at any time in your phone's system Settings, and Tapr will continue to work with location-tagging disabled. We never receive raw coordinates of individual log entries.
If you enable Cloud Sync, your cigarette log entries, craving sessions and Risk Zone definitions are encrypted on your device using AES-256-GCM with a key derived from your Google Play purchase token. The encrypted blobs are then transmitted to our server, which stores the ciphertext but cannot read its contents. The encrypted blobs are kept so that:
Your purchase token is the only identifier we use to address your encrypted data on the server — there is no email address, no Tapr account, no password. You can disable Cloud Sync at any time from More → Cloud Sync. To request deletion of all server-side encrypted blobs, email us; we will erase them within 30 days.
Risk Zones are circular geofences (50–1000 metre radius) that you create around places where you typically smoke. The geofence centre coordinates and your zone names ("Office", "Coffee shop") are stored on your device, and — if Cloud Sync is enabled — also as encrypted blobs on our server. The server cannot read the zone name or the coordinates. The geofence detection itself runs on your device through Google Play Services Location.
If you use the AI Insights feature, the app builds an anonymous summary of the past 30 days of your activity and uploads it to our server, which then forwards it to OpenAI for analysis. The summary contains only:
The summary contains no timestamps, no GPS coordinates, no zone names, no purchase token, no device identifiers, and no other personal data. It cannot be tied back to you on the OpenAI side.
OpenAI processes the request under its standard API terms, including a 30-day retention window for abuse-monitoring after which they delete the request. We do not train any model on your data and we do not authorise OpenAI to do so.
Generation runs as a once-daily server-side job. The resulting insight text — a short paragraph in your language — is then stored on our server (associated with your purchase token only) and delivered to your app the next time it polls. You can stop using AI Insights at any time and request deletion of all your stored insights and aggregate uploads by emailing us.
The "Export for doctor" feature generates a PDF report on your device summarising your last 30 / 60 / 90 days. The PDF is written to your phone's cache directory and shared via the Android system share sheet at your initiative. The file is not uploaded to our server. Where you choose to send it (email, drive, messaging app) is your decision and outside our control.
Pro is a one-time €19.99 lifetime in-app purchase processed by Google Play Billing. We never see your card details. Google Play sends our server a purchase token that we use to verify the entitlement is still valid and to address your encrypted Cloud Sync blobs. If you request a refund through Google Play and it is granted, the entitlement is automatically downgraded back to free on the next billing-state check (typically within minutes — Google notifies us via Real-Time Developer Notifications).
You can deny any of these and the relevant feature will degrade gracefully. The free app's core (logging, taper plan, stats, craving timer) does not require any of the optional permissions.
Tapr connects to the following third parties:
Tapr does not include any analytics SDK, advertising SDK, crash reporter, or any other third-party tracker. There is no Firebase, no Google Analytics, no Sentry, no Adjust, no Branch.
If you are in the EU, EEA, UK or Switzerland, you have the right to:
To exercise any of these, email fenixjzdev@gmail.com. We respond within 30 days. Because Cloud Sync stores only ciphertext addressed by a purchase token, we may need you to confirm ownership of the token (for example, by sharing the Google Play order ID) before we can act on a deletion or access request.
Tapr is not intended for, and is not directed at, persons under 18 years of age. We do not knowingly process data of minors. The app's onboarding requires you to confirm you are 18 or older, and Pro purchase ratings on Google Play reflect this. If you believe a minor has installed the app and provided data, contact us and we will delete it.
All network traffic uses HTTPS (TLS 1.2+). Cloud Sync payloads, Risk Zone definitions, and craving sessions are encrypted on-device with AES-256-GCM before transit. The encryption key is derived from your Google Play purchase token using HKDF-SHA-256 — neither the key nor the token is stored on our server in clear form.
Server-side, encrypted blobs and Pro entitlement records are stored in a MySQL database on a managed shared-hosting account, accessible only via SSH key authentication and a single per-database account. The app's API key for OpenAI is stored only in our server's PHP configuration file outside the public document root, and is never sent to your device.
We do not store any plaintext cigarette logs, craving sessions, or zone coordinates on the server, ever.
Our hosting provider's servers are located in the United States, and OpenAI's API endpoint is also operated from the United States. By using Pro Cloud Sync or AI Insights you consent to the transfer of encrypted blobs (Cloud Sync) or anonymous aggregates (AI Insights) to those servers. We rely on Standard Contractual Clauses where required.
If we change this policy materially, we will update the "Last updated" date at the top and (for material changes) show an in-app notice the next time you open the app. Continued use after the change means you accept the updated terms.
Questions, requests or complaints — fenixjzdev@gmail.com.