Privacy Policy

1. Who we are

rediro is operated by {{LEGAL_NAME}} ("we", "us"), based in {{COUNTRY}}. The data controller for the purpose of GDPR and similar laws is {{LEGAL_NAME}}.

Contact: support@rediro.app.

2. What we collect

We only collect what's needed to make rediro work. There are two collection moments: when you create an account, and when you use the app.

When you create an account

The data we collect depends on the sign-in method you choose:

• Sign in with Apple — Apple sends us a stable user identifier and (if you chose to share it) a private relay email address ending in @privaterelay.appleid.com. We treat the relay address as an internal auth identifier and never display it as your real email or use it for marketing.
• Sign in with Google — we receive your Google email, your Google profile name, and a unique user identifier from Google.
• Email and password — we receive the email you give us. The password is hashed by Supabase Auth (bcrypt) before storage; we never see the plaintext.
• Anonymous — no email or identity is collected. A random recovery key is generated on your device and hashed with SHA-256 before being sent to us. Only the hash reaches our servers. If you lose the key, the account cannot be recovered.

While you use the app

• Your display name — visible to other members of events you join. If a guest user shares your first name in the same event, an optional last initial (e.g. "Mike T.") may be stored to keep the dashboard readable.
• Profile photo (optional) — on iPhone, the photo stays on your device only. We do not upload it to our servers in this version of the app. EXIF location and device metadata are stripped before the photo is saved.
• Push notification token (optional) — if you enable notifications, iOS gives us a token Apple uses to deliver pings. The token identifies your device for Apple's purposes; it can't be used to identify you across other apps.
• Events you create or join — the title, the scheduled start time, an optional free-text location (no GPS), and which other accounts are participating.
• Real-time statuses — your selection of Ready, Push, or Cancel for each event, including timestamps.
• Pings — when one event member nudges another, we record who pinged whom and when, so we can enforce the per-recipient cooldown. The ping record is tied to the event and is deleted when the event ends.
• Cancel votes — in Party-mode events, we record which members voted to cancel (a 2-vote threshold ends the event). Like pings, these records live and die with the event.
• Rate-limit timestamps — for sensitive operations (account recovery, display-name lookup) we record the timestamp of your last attempt to prevent brute-force abuse. No content of the attempt is stored.
• Cumulative counters — the number of events you've attended (used only on your own Profile screen).

What we don't collect

• Your physical location (no GPS access, no IP geolocation).
• Your contacts, calendar, or photo library (beyond the one photo you pick).
• Any cross-app tracking identifier (no IDFA, no IDFV, no device fingerprinting).
• Your activity on other apps or websites.
• Analytics that profile you across services.

3. How we use your data

• To make rediro work — show your events, deliver pings, sync statuses to other members.
• To prevent abuse — server-side rate limits on signup, account recovery, and display-name lookups.
• To respond to you if you contact us at support@rediro.app.
• To comply with the law if we receive a valid legal request.

We do not use your data for advertising, for analytics that profile you across the internet, for sale to third parties, or for training machine-learning models.

4. Who we share it with

We use a small set of service providers ("sub-processors") to run rediro:

• Supabase (Supabase Inc., USA) — hosts our PostgreSQL database, authentication, real-time messaging, and serverless edge functions. Data is stored encrypted at rest on AWS in the United States. Supabase's privacy policy: supabase.com/privacy .
• Expo Push Service (650 Industries Inc., USA) — relays push notifications from our edge function to Apple's push servers. Expo receives your push token and the message body (e.g. "Someone pinged you in rediro") but does not retain message contents. Expo's privacy policy: expo.dev/privacy .
• Apple Push Notification service (Apple Inc.) — delivers notifications to your iPhone. Subject to Apple's privacy policy.
• Apple Sign-In (if you chose this method) — Apple handles authentication and gives us a stable user identifier.
• Google Sign-In (if you chose this method) — Google handles authentication and shares your email + name with us.
• Hostinger (Hostinger International Ltd.) — hosts this marketing website. They see standard web request logs (IP, user agent) but no rediro account data.

We do not sell your data. We do not share it with advertisers, data brokers, or analytics providers.

5. International data transfers

Supabase and Expo both host data in the United States. If you are in the European Economic Area, the United Kingdom, or Switzerland, your data is transferred to the US under Standard Contractual Clauses (SCCs) or an equivalent mechanism that the relevant authority recognizes.

6. How long we keep it

• Your profile: kept until you delete your account.
• Events you created: deleted (cascade) when you delete your account.
• Events you joined (created by other users): your participation row stays, but your identifier is nulled out — your display name becomes a frozen string so historical records remain coherent.
• Pings and cancel votes: deleted along with the event itself (when the host closes or cancels it, or when the 2-hour auto-close window passes).
• Push notification tokens: deleted when you sign out or delete your account.
• Rate-limit timestamps: rolling window; entries older than the throttle window (typically 1 minute) are no longer used.
• Deleted accounts: removed from active systems immediately. Database backups follow our hosting provider's standard retention policy (Supabase's default point-in-time-recovery window). We do not restore deleted accounts from backup; any backup containing your data is overwritten in the normal course of operations.

7. How we protect it

• All network traffic is over HTTPS (TLS 1.2 or later).
• Passwords are hashed by Supabase Auth with bcrypt. We never see the plaintext.
• Anonymous recovery keys are hashed (SHA-256) on your device before transmission; only the hash reaches our servers. The recovery-key generator uses your device's cryptographic random number generator (120 bits of entropy).
• Row-level security in our database means each user can only read or modify their own data and events they're invited to participate in.
• Server-side rate limits on sensitive operations (account recovery, display-name lookup) reduce brute-force surface.

No system is bulletproof. If a breach involves your data, we'll notify you within 72 hours of discovery in line with GDPR.

8. Your rights

You have the right to:

• Access your data — open Profile in the app.
• Edit your display name and avatar at any time from Profile.
• Delete your account — Profile → Delete account. Effective immediately; full backup purge within 30 days.
• Withdraw consent for processing by deleting your account.
• Request a copy of all data we hold about you — email support@rediro.app. We'll respond within 30 days.
• Object to processing or restrict it — email support@rediro.app.

If you're in the European Economic Area, the UK, or California, you also have the right to lodge a complaint with your local data protection authority. To exercise any right, email support@rediro.app.

9. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you specific rights:

• Right to know what personal information we collect, where it came from, why we collected it, and who we share it with — covered in sections 2 and 4 above.
• Right to delete personal information we hold about you — Profile → Delete account.
• Right to correct inaccurate information — edit your display name and avatar in Profile, or email support@rediro.app.
• Right to opt out of sale or sharing — we do not sell or share your personal information with third parties for advertising purposes, so there is nothing to opt out of.
• Right to non-discrimination — we will not deny service, charge different prices, or provide a different level of service if you exercise any of these rights.

To exercise any of these rights, email support@rediro.app with "California privacy request" in the subject line.

10. Children

rediro is not directed at children under 13 (or under 16 in the European Economic Area). We don't knowingly collect data from children. If you're a parent and believe a child has signed up, email support@rediro.app and we'll delete the account.

11. Changes to this policy

If we change anything material, we'll update this page and revise the "Last updated" date at the top. If the change affects how we use already-collected data, we'll notify you in the app before it takes effect.

12. Contact

Questions, requests, or concerns about your data: support@rediro.app. We respond within 5 business days.