Legal
Privacy Policy
We believe your personal notes and memories should remain private. Here's exactly how we handle your data — in plain language.
Last updated: January 2025
Effective: January 2025
🔒
"This app is for your memory, not the internet."
We do not sell your data, show you ads, or share your information with third parties for marketing purposes.
1 Information We Collect
Information You Provide
- Account information — your email address, used for authentication only.
- Person entries — names, where and when you met, notes, tags, and photos you choose to add. All of this stays private to you.
Authentication Information
- We use Supabase for authentication, which may collect your email, authentication tokens, and login timestamps.
- If you sign in with Google, your authentication is handled by Google per their Privacy Policy.
Automatically Collected Information
- Device information — device type, OS version, and unique device identifiers.
- Usage data — how you interact with the app, such as features used and actions taken.
2 How We Use Your Information
- Provide and maintain the app — storing and retrieving your person entries.
- Authenticate your account — verifying your identity and securing access to your data.
- Improve the app — understanding how the app is used to improve the experience.
- Communicate with you — sending important updates, responding to inquiries, and providing support.
3 Data Storage & Security
Where your data is stored
- Your data is stored securely using Supabase, a cloud database service.
- All data is encrypted in transit and at rest.
- Your person entries are stored in a private database accessible only through your authenticated account.
Security measures
- Industry-standard security measures are implemented to protect your information.
- All data is user-scoped and isolated using Row Level Security (RLS) policies.
- Secure authentication methods including email/password and OAuth (Google).
Data retention
- Your data is retained as long as your account is active.
- You may delete your account and all associated data at any time through app settings.
- Deleted data is permanently removed from our systems within 30 days.
4 Data Sharing & Disclosure
We do not sell your data. Full stop.
We may share your information only in these limited circumstances:
- Service providers — Supabase and Google OAuth help us operate the app and are bound by confidentiality agreements.
- Legal requirements — if required by law or in response to valid legal requests.
- Business transfers — in the event of a merger or acquisition, your privacy rights will continue to be protected.
5 Your Privacy Rights
You have the right to:
- Access — request the personal information we hold about you.
- Correction — request correction of inaccurate information.
- Deletion — request deletion of your account and all associated data.
- Data portability — request a copy of your data in a portable format.
- Opt-out — opt out of certain data collection practices where applicable.
6 Third-Party Services
Supabase
We use Supabase for authentication and data storage. Their practices are governed by the Supabase Privacy Policy.
Google OAuth
If you sign in with Google, your authentication is handled by Google per the Google Privacy Policy.
7 Children's Privacy
Our app is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have done so, please contact us immediately.
8 International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. By using the app, you consent to the transfer of your information to these countries.
9 California Residents (CCPA)
If you are a California resident, you have additional rights under the CCPA:
- The right to know what personal information is collected, used, shared, or sold.
- The right to delete personal information held by businesses.
- The right to opt-out of the sale of personal information (we do not sell your data).
- The right to non-discrimination for exercising your privacy rights.
10 EU Residents (GDPR)
If you are in the European Economic Area, you have additional rights under GDPR:
- The right to access your personal data.
- The right to rectification of inaccurate data.
- The right to erasure ("right to be forgotten").
- The right to restrict processing.
- The right to data portability.
- The right to object to processing.
- The right to withdraw consent.
11 Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you by posting the new policy in the app, updating the "Last Updated" date, and sending an email notification where applicable.