Guide April 04, 2026 5 min read

How to evaluate any recovery app's privacy in 10 minutes

Most people never check an app's privacy before installing it. For a recovery app, where the data is unusually personal, ten minutes of checking before you tap Install tells you almost everything you need to know. Here's the checklist, in order.

Minute 1 — App Store privacy label

Open the App Store page. Scroll to App Privacy → tap See Details.

Three things to check:

"Data Used to Track You" — should be empty for a recovery app. Anything here is a strong red flag.
"Data Linked to You" — what's tied to your real identity. Acceptable: contact info, identifiers (if account-based). Concerning: User Content, Browsing History.
"Data Not Linked to You" — anonymous signals. Reasonable to have something here (usage stats, diagnostics).

Detailed walkthrough of how to read this label.

Minutes 2-4 — privacy policy skim

Tap the privacy policy link on the App Store page. Read with intent — you don't need to understand every word, just answer four questions:

Where is data stored? Search for "server" or "cloud." Should be clearly stated. Vague language like "we use industry-standard practices" without specifying location is a flag.
What data is required vs optional? Most policies say what's required for the service. If sign-up requires more than email, dig in.
Are there third-party SDKs or analytics? Search for "third party" or "analytics provider." Most policies list them. Look for: AppsFlyer, Adjust, Singular, Branch, Meta, Google Analytics. None of these are evil, but they're not what you want next to recovery data.
What happens when you delete the account or app? Should be clearly stated, with a specific timeframe.

Vagueness in the privacy policy is itself data. A policy that's specific about what they collect, why, and how to delete it, is doing the work of being trustworthy. A policy that's vague — even with reassuring marketing language — usually means the answers wouldn't reassure you.

Minute 5 — breach history

Open a new tab. Search: [app name] data breach. Then: [company name] data leak.

If anything comes up: read the news coverage. Was it major? Did the company handle it well? What got exposed? A breach in the past doesn't disqualify an app — breaches happen. But it tells you about the company's posture toward security and disclosure.

Worth specifically checking: did they notify users? Did they downplay or admit? Did they fix the underlying problem?

Try to look at the app's onboarding without committing. Many apps have screenshots showing the sign-up flow on the App Store page or the company website.

Note what's required:

Email only? Reasonable for an account-based app.
Email + name + phone? Already a lot for a recovery tool.
Email + birthdate + gender + country + sexuality? You're being segmented for marketing.

If sign-up requires more than email, every additional field is a privacy cost. The question is whether the app delivers proportionally more value because of those fields.

Some apps offer "sign in with Google" or "sign in with Facebook." Convenient. Also gives those companies a record of your relationship with the recovery app. For a porn-recovery app, this is worth thinking about — Google now knows you have a porn-recovery app account. Most users would prefer they didn't.

Honest read: Apple's "Sign in with Apple" is the privacy-better option (Apple-relayed email, no demographic sharing). Email-only sign-up is the privacy-best option. Avoid Google and Facebook for this category specifically.

Minute 8 — pricing and incentive structure

Quick check: free with ads, free with subscription upsell, freemium with paid features, or paid only?

Free with ads: red flag. Ad networks need to track you to target ads. Recovery apps that monetize via ads are not the right shape.
Subscription-only: reasonable. The company has incentive to retain you, but data is the product, not what they sell.
Freemium with paid features: also reasonable. Free core + paid extras. Make sure the free tier isn't crippled to force upsell.
Paid up-front: rare in this category. Privacy-best from an incentive perspective (no need to retain you for ads), but most users won't pay sight-unseen.

Minute 9 — search the founder / company

If the company is small, the people behind it tell you something. Search the founder's name, the company name, and the team page if there is one.

What to look for:

Real people with traceable history.
Past projects in adjacent or aligned categories.
Public statements on privacy or recovery values.

If the company is anonymous (like Escape's team), the privacy-policy specifics matter more — without named people, you're trusting the structure rather than the personalities.

Minute 10 — gut check

Read the first three reviews on the App Store. Read the marketing copy on the company website. Two questions to ask yourself:

Does this app talk about recovery, or about retention? Apps focused on growing daily-active users tend to engineer for engagement (notifications, streaks, reminders) at the expense of helping you actually leave the app.
Would I be comfortable if a screenshot of this app's home screen showed up on my coworker's screen? Some apps have visual designs that scream their category. Others are subtle by choice.

The 10-minute summary

If you've done all this, you know more about the app's privacy than 99% of users will ever know. You're equipped to decide whether the trade-offs work for you.

For Escape specifically, these answers are: no tracking, no account required, on-device storage, no breach history, no third-party logins, freemium pricing, anonymous team committed to the structural privacy posture, focused on recovery rather than retention. Privacy policy spells out every detail. App Store if you want to download.

For the broader privacy framework, see the privacy pillar.

Escape is a Safari content blocker, a 90-second urge ritual, practice games that retrain how you meet an urge, and 27 short courses on identity and the long arc of recovery. No account, no personal tracking.

← All posts