This Privacy Policy describes how JustanIdea! ("the App") collects, uses, and shares information when you use the App. The App is operated by its publisher, based in Switzerland, who acts as the data controller under the Swiss revised Federal Act on Data Protection (revFADP), the European Union General Data Protection Regulation (GDPR) where applicable, and analogous data-protection laws. By creating an account or using the App, you agree to the data handling described here. If you do not agree, do not use the App.
Account: email address and password (passwords are hashed by Supabase before storage). If you sign in with Apple or Google, we receive the OAuth identifier and email associated with that provider. Profile: display name, bio, and avatar photo if you set them. Content: ideas you post (title, description, photos, categories), execution suggestions you write, contact form messages you send, reports you submit, and likes/bookmarks you make. Location (optional, opt-in): when you tag an idea with a location, we use your device GPS to compute the city you're in. The exact GPS coordinates are processed on-device and discarded; only the city name and a city-rounded centroid (~1km precision) are stored. AI usage: when you use the AI chat feature, your idea title, description, and chat messages are sent to Google's Gemini API to generate a response. We currently use Gemini's free tier, under which Google may use these inputs and the generated responses to improve its products and services (including model training) and a limited subset may be read by human reviewers -- so please do not enter confidential information you would not want processed this way in AI chat. Push notifications: we store your Expo push token to send notifications about activity on your ideas. Telemetry: when the App crashes or encounters errors, we send crash details and a fraction of session replays to Sentry.
To operate the App: authenticate you, render the feed, deliver notifications, save your ideas. To moderate content: process reports, hide ideas that violate community guidelines, ban abusive users. To improve the App: aggregate non-identifying metrics, debug crashes via Sentry, refine the AI chat feature based on usage patterns. We do NOT sell your data, share it with advertisers, or use it for behavioural advertising.
Supabase (database, authentication, and storage hosting): all your data is stored on Supabase infrastructure. Sentry (crash and performance telemetry): see Section 5 for details. Google (Gemini API, AI chat only): when you use the AI chat feature, your idea title, description, and chat messages are sent to Google's Gemini API to generate a response. We currently use the free tier, under which Google may use these inputs and outputs to improve its products and services (including model training) and a subset may be reviewed by humans -- see the AI-usage note in Section 2. Apple and Google (OAuth providers): if you sign in with Apple or Google, those providers see the authentication event but not your in-App content. Expo, Apple APNs, and Google FCM (push notification delivery): your Expo push token is used to deliver push notifications via Apple's and Google's official push services.
We use Sentry to capture crash reports and a fraction of session replays so we can debug issues. Sentry receives your IP address, device identifiers, OS version, App version, and the JavaScript stack trace at the time of the error. With session replay enabled, Sentry records UI interactions for 10% of sessions and 100% of sessions that end in an error -- this is intended to help us reproduce bugs. Text input content is masked by Sentry's mobile replay integration on iOS; we are validating equivalent masking on Android. The session replay sampling rates and inclusion of personally identifiable information (the sendDefaultPii: true configuration option) are explicit choices documented in the App's source code (lib/sentry.ts).
Account data is retained until you delete your account. When you delete your account from Settings, your authentication record, profile, ideas, suggestions, contact messages, reports, likes, bookmarks, and push notification tokens are permanently deleted from our active database within 30 days, and your photos are removed from cloud storage within the same period. Encrypted backup snapshots may retain a copy of your data for up to 30 additional days before they are purged on the standard backup-rotation schedule -- this is a precaution against accidental data loss and applies equally to all users. We retain Sentry crash events for the standard Sentry retention period (currently 90 days) -- these may include error context but not personally identifying content beyond IP and device identifiers. To request additional data deletion or export, contact us via the channel listed in Section 11.
You can access and update your profile information at any time from the Settings tab. You can delete your account from Settings, which triggers the cascade deletion described in Section 6. Lawful bases for processing (GDPR Article 6): we process your data on the basis of (a) performance of the contract between you and us (operating your account, delivering content, processing the ideas you post), (b) our legitimate interests in keeping the App secure, debugging crashes, and moderating abusive content, and (c) your consent for opt-in features such as location tagging and push notifications. You may withdraw consent for any opt-in feature at any time from Settings; withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. If you are in Switzerland, the EU/EEA, the United Kingdom, California, or another jurisdiction with data subject rights, you may have additional rights including the right to access your data, rectify inaccuracies, port your data to another service, object to specific processing, and request erasure (the latter is provided in-App via the Delete Account flow). Swiss users may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC). EU/EEA users may lodge a complaint with their local supervisory authority. To exercise any of these rights, contact us via the channel listed in Section 11.
JustanIdea! is intended for users aged 16 and over. We do not verify ages at signup; by creating an account, you confirm that you are at least 16 years old. We do not knowingly collect personal information from anyone under 16. If we become aware that an account belongs to a child under 16 -- for example, through a complaint or a parent or guardian report -- we will delete the account and its associated data. Parents or guardians who believe their child has created an account can contact us via the channel listed in Section 11 to request removal.
Some of our processors -- including Supabase, Sentry, and Google (Gemini API) -- may process your data in the United States and other countries outside Switzerland and the European Economic Area. Where we transfer personal data internationally to a country that does not benefit from an adequacy decision under the relevant law (an FDPIC adequacy decision for transfers from Switzerland; a European Commission adequacy decision for transfers from the EU/EEA), we rely on the Standard Contractual Clauses (SCCs) approved by the relevant authority -- the European Commission's SCCs, adapted with the Swiss FDPIC's appendix where applicable -- as the legal mechanism for that transfer, in line with the requirements that arose from the Schrems II ruling. By using the App you acknowledge these transfers; you can request more information about a specific processor or our SCC arrangements via the channel listed in Section 11.
We may update this Privacy Policy from time to time. The current version and last-updated date are shown at the top of this screen. When we make a material change -- for example, adding a new third-party processor, expanding what data we collect, or changing how we use it -- we will increment the policy's major version number and surface an in-App notice the next time you open the App; you may be asked to re-acknowledge the policy before continuing to use it. Non-material changes (typo corrections, clearer wording, structural reorganisation) increment only the minor version and do not interrupt your use of the App.
For questions about this Privacy Policy, to exercise your data-protection rights, or to report a concern, contact us at faabnoov@gmail.com. The App's publisher, based in Switzerland, is the data controller; we will respond within 30 days of receipt and will acknowledge your request sooner where practical.