Popseat logo

Privacy Policy

Effective date: 5 September 2025

1. Summary

Popseat collects the minimum data needed to run a location‑aware social app. We don’t sell your data. You control location sharing via your device settings.

2. Data we collect

  • Account data: email, password (hashed), display name, username, profile photo, settings.
  • Content: posts, photos, captions, likes, follows, messages you send in the app (if applicable).
  • Location: when you enable location, we may collect precise or approximate device location to attach to posts and power the map. We do not collect background location unless your OS setting explicitly allows it.
  • Device & usage: app version, device type, IP address, timestamps, crash/diagnostic logs, cookies or local storage for authentication.
  • Communications: email metadata/content when you contact us; transactional emails (e.g., verification, password reset).

3. How we use data (legal bases)

  • Provide the Services (Contract): create and secure your account; host profiles, posts, media, map features; maintain storage/CDN; enable social graphs (follow/private profiles).
  • Improve & protect (Legitimate interests): debugging, analytics, preventing abuse, enforcing Row Level Security and rate limits.
  • Location features (Consent): using device location for maps and location tags. You can withdraw consent at any time in your device settings.
  • Legal (Legal obligation): comply with law enforcement requests or regulatory obligations.

4. Sharing

  • Service providers: Supabase (database, auth, storage, edge/CDN), email provider (for verification & notifications), optional analytics provider. Providers act on our instructions.
  • Other users: content you choose to make public will be visible to others; private profiles follow your settings.
  • Legal & safety: if required by law or necessary to protect users, our rights, or the Service.

5. International transfers

Your data may be processed in countries outside your own. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) with our providers.

6. Retention

We keep data only as long as needed for the purposes above. You can delete posts, and you can request account deletion; we’ll delete or anonymize your personal data unless we need to keep it for legal reasons or to resolve disputes.

7. Security

We use technical and organizational measures appropriate to the risk, including encrypted transport (HTTPS), role‑based access controls, and Supabase Row Level Security. No system is 100% secure.

8. Your rights

If you are in the EEA/UK/Switzerland, you have rights to access, correct, delete, port, or object/restrict processing. You can withdraw location consent at any time in device settings. To exercise rights: privacy@popseat.me.

9. Children

Popseat is not directed to children under 13 (or the age required in your country). If you believe we collected data from a child, contact us and we’ll delete it.

10. Changes

We may update this Policy; we’ll post the new version here and update the date above. Material changes will be communicated by reasonable means.

11. Contact

Questions about privacy: privacy@popseat.me

← Back to popseat.me