Privacy Policy

Last updated: March 2026

Turn the Leaf is designed for people who want a clearer relationship with cannabis. We understand that the information you share with us is sensitive — we have built our systems specifically to protect it.

1. What we collect

We collect only what the app needs to function. This includes your authentication credential (email address or Apple/Google token), your daily check-in data (mood, craving intensity, context, notes), your consumption method and frequency from onboarding, your approximate spend per session, and your usage of in-app features such as the craving pause tool.

We do not collect your name, date of birth, phone number, or physical location. We do not collect device identifiers or any passive background data.

2. What we never collect

We never collect your location. We never access your contacts. We never collect advertising identifiers. We never collect data outside of your active use of the app. We have no ability to identify the jurisdiction in which you are using Turn the Leaf.

3. How data is stored

Your data is stored on Supabase, a secure cloud database provider, with encryption at rest (AES-256) and in transit (TLS 1.2+). Row-level security means your data is only accessible to your own account — no other user can read your records.

Analytics data (feature usage, screen views) is processed through a self-hosted analytics instance. Your check-in content and consumption data are never sent to analytics systems.

4. Data deletion

You can delete your account and all associated data at any time from Settings → Delete Account within the app. Deletion is permanent and completed within 30 days. If you need to request deletion by email, contact us at the address below.

5. Third-party services

Turn the Leaf uses the following third-party services:

Supabase provides our database and authentication infrastructure. Your data is stored on Supabase servers with encryption at rest and in transit. Supabase receives your authentication credential and check-in data. You can read Supabase's privacy policy at supabase.com/privacy.

RevenueCat manages subscriptions. RevenueCat receives your app user ID and subscription status only — not your check-in data or consumption information. You can read RevenueCat's privacy policy at revenuecat.com/privacy.

PostHog provides product analytics so we can understand how features are used. Analytics data is anonymised and does not include the content of your check-ins. You can opt out of analytics at any time in Settings → Privacy & Data. You can read PostHog's privacy policy at posthog.com/privacy.

6. We do not sell your data

We do not sell, rent, or share your personal data with advertisers or data brokers. Ever. This is a permanent commitment, not a policy subject to future revision.

7. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data. To exercise any of these rights, email us at the address below. We will respond within 30 days.

8. Contact

For privacy questions or data requests: privacy@turntheleafapp.com