Privacy Policy

How Just Stop — this website, the Windows app, and the browser extension — collects, uses, and protects your data, in line with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Last updated: 2 June 2026 · Plain-language summary first, full legal detail below.

Quick summary

We collect as little as possible. On this website, we store only your email address, and only if you join the launch list. In the app and browser extension, if you create an account we store your email and your block settings so they sync across your devices, plus a log of blocked attempts that powers your stats. Your card/IBAN details for payment self-exclusion never leave your device. We use no analytics, advertising, or tracking. Our backend (Supabase) is hosted in the EU (Frankfurt).

1. Controller

The controller responsible for processing personal data (as defined by the GDPR) is:

David Kerscher
Beethovenstraße 11
85101 Lenting, Germany
Email: David@juststop.app

2. What data we collect

2.1 Launch-list email (website)

If you enter your email in the signup form on this site, we store it to send you a single launch announcement. We use double opt-in: after you submit, we email you a confirmation link, and your address only joins the list once you click it. We do not use it for anything else, and we do not share or sell it. The email is stored in our backend (see §3, Supabase).

2.2 Account (app & browser extension)

If you create a Just Stop account, we process your email address and password. Passwords are never stored in plain text — they are hashed and managed by our authentication provider (Supabase Auth).

2.3 Your block settings & activity (app & extension)

So your protection works across devices, we store, linked to your account: the categories and custom sites you block, your daily-access pass state, a log of blocked attempts (the blocked domain and a timestamp) that powers your stats, and a presence signal from the browser extension (a "last seen" timestamp used to detect whether the extension is active).

2.4 Accountability allies (optional)

If you add an "ally," we store the email address you provide for that person and, when you request an unlock, we send them an email with approve/deny links. Please only add an ally who has agreed to this. The ally can ignore the email and is not enrolled in anything.

2.5 Stays on your device — NOT collected by us

Some data is processed only locally on your computer and is never transmitted to us:

2.6 Server log files

Our hosting providers automatically process minimal access data when you use the site or app — including your IP address, browser/client type, the resource requested, and a timestamp. This is standard and necessary to deliver any online service.

2.7 Cookies and local storage (website)

We use exactly two storage items. No analytics, advertising, tracking, or third-party cookies.

Change your cookie preferences anytime via "Cookie settings" in the footer.

3. Processors & recipients

We share data only with service providers who process it on our behalf under a data-processing agreement (Art. 28 GDPR). We do not sell data, and we use no advertising networks.

International transfers: Supabase Inc. is a US-based company, but your data is stored on EU-based infrastructure. Where any provider may process data outside the EU/EEA, this is covered by an Art. 28 data-processing agreement and the European Commission's Standard Contractual Clauses (Art. 46 GDPR).

4. Health-related data

Just Stop is a harm-reduction tool for gambling. The fact that you use it, and your block/activity data, may indirectly reveal information about your health (a "special category" under Art. 9 GDPR). We therefore process this data only on the basis of your explicit consent, keep it to the minimum needed to provide the service, never use it for profiling or advertising, and never share it beyond the processors listed above. You can withdraw consent and delete this data at any time by deleting your account.

5. Your rights under GDPR

You have the following rights regarding your personal data:

To exercise any right, email David@juststop.app. We aim to respond within 30 days.

6. Security

Traffic to this website and between the app and our backend is encrypted with HTTPS/TLS. Your account and settings are stored on Supabase's EU-based infrastructure with access controls (row-level security) so each account can only reach its own data. We apply reasonable technical and organizational measures, but no system can guarantee absolute security.

7. Children

Just Stop is not directed at children. We do not knowingly collect data from anyone under 16. If you believe a minor has provided us data, contact us and we will delete it.

8. Changes to this policy

If we materially change how we handle personal data, we'll update this page and the "last updated" date. For substantial changes affecting people on our launch list or with accounts, we'll also notify by email.