Privacy Policy

Privacy Policy (Groypin) Effective date: October 15, 2025 Operator: Groypin (“we,” “us,” “our”) Contact (Privacy): support@groypin.com We built Groypin to keep data in-house and avoid ad tracking. This Policy explains what we collect, why, and how you can control it. 1. What We Collect Account & Profile: email, display name, avatar, user ID, timestamps. Content: maps, pins (including coordinates), messages, media, reactions, and metadata you create or upload. Usage & Device: app version, device/OS, language, basic diagnostics/crash logs, pages/screens viewed, features used, timestamps. Network Log Data: IP address, general location inferred from IP (city/region), request headers (for security, rate-limiting, abuse prevention). Location: we store pin/location data you submit. We do not continuously track device GPS unless you explicitly grant and use a feature that needs it. Cookies/Local Storage: session, CSRF/anti-abuse tokens, preferences. 2. How We Use Data Operate and improve the Service (auth, storage, realtime, search, moderation, performance). Show maps, pins, and messages according to visibility (public/private). Prevent spam, abuse, and fraud; ensure security and integrity. Debug, analytics, and quality—focused on technical metrics, not advertising. Communicate with you about changes, security, and support. 3. Legal Bases (EEA/UK) We process data based on: contract (providing the Service), legitimate interests (security, improvement, analytics compatible with your rights), consent (where required, e.g., notifications), and legal obligations (compliance requests). 4. Sharing We do not sell your personal information. We share only with: Service providers acting on our instructions (e.g., email delivery, anti-abuse verification, DNS/CDN). Infrastructure we operate (self-hosted Postgres, Supabase services, object storage, logs). Legal/Compliance: when required by law or to protect users, the public, or the Service. Community Visibility: content you choose to make public is visible to everyone; content in private maps is visible to members and admins/mods of those maps. If we ever use a third party that receives personal data, they must safeguard it and use it only for our stated purposes. 5. Data Retention We keep personal data as long as needed to provide the Service and for legitimate business/legal purposes (e.g., backups, dispute resolution, security). You can request deletion (see Your Rights). Backups and logs roll off on a schedule. 6. Security We use TLS in transit, access controls, role-based permissions, and server-side protections. No system is 100% secure; please use strong passwords and be cautious with what you share. Today we do not provide end-to-end encryption of messages. 7. Your Choices & Rights Access/Correct/Delete: request a copy, correction, or deletion of your personal data. Portability: request a portable copy where applicable. Consent Withdrawal: where processing relies on consent. Objection/Restriction: object to certain processing (e.g., analytics) or request restriction. California (CCPA/CPRA): right to know, delete, correct, and opt out of “sale”/“sharing” (we do not sell). EEA/UK: contact your data protection authority if concerns remain. Contact support@groypin.com to exercise rights. We may verify identity and may be unable to delete data we must keep by law or to run the Service (e.g., audit logs for abuse). 8. Children Groypin is not for children under 13 (or under 16 in some regions). If we learn we collected data from a child under the minimum age, we’ll delete it. 9. International Transfers Data may be processed where we or our service providers operate. We use safeguards (e.g., contractual commitments) as applicable. 10. Changes to This Policy We’ll post updates here with a new effective date. Material changes will be highlighted. Continued use means you accept the updated Policy. Contact (Privacy): support@groypin.com Contact (Legal): support@groypin.com