Privacy Policy

Last updated: May 17, 2026

This Privacy Policy explains how Trace ("we", "us", or "Trace"), an iOS application developed by Alberto Luján Ruiz, collects, uses, stores, and protects your information. By using Trace, you agree to the practices described here.

Information we collect

Information you provide

• Account: if you sign in with Apple, we receive an opaque user identifier and (optionally, your choice) your name and an email address. If you sign in with email, we store your email and a salted-hashed password handled by Supabase Auth.
• Profile: the first name and (optional) birthday you enter during onboarding. We use the birthday only to surface anniversary-related features inside the app.
• Pairing: the invitation code you generate or accept, so we can link your account to your partner's.
• Photos: the JPEG bytes captured in-app and metadata (the day each photo represents, whether it is a Recovery shot, the time of capture). Photos are stored encrypted in Supabase Storage.
• Subscription: your subscription status as reported by RevenueCat (active / cancelled / expired), plus the months you have paid for.

Information collected automatically

• Device push token: if you allow notifications, we store your APNs device token so we can send you the daily reminders and the "your partner just shot" cross-notification.
• Crash data: we use Sentry to collect anonymised crash reports — stack traces and device model. No personal content (no photos, no messages) is ever included in a crash report.
• Time zone: derived from the device for accurate "shooting window" and "Reveal Day at 20:00 local" logic.

Information we do NOT collect

• We do not access your phone's camera roll or photo library — Trace uses only the in-app camera.
• We do not access your contacts.
• We do not access your precise or coarse location.
• We do not collect your bank or payment details — Apple handles billing.
• We do not sell, rent, or share your data with advertisers.

How we use your data

• To operate the pairing, daily-shooting, Reveal Day, and historical-album features described in the app.
• To send the notifications you opt into.
• To validate your subscription and unlock the months you have paid for.
• To fix bugs and improve stability via anonymised crash data.

How your data is protected

Your photos and account data live in Supabase (Postgres + Storage), protected by row-level security: only the two members of an active couple can read each other's photos, and only after the monthly Reveal has fired. You cannot see your partner's photos before the reveal, and a third party cannot see them at all.

Authentication is handled by Supabase Auth (Sign in with Apple via Apple's OAuth flow, or email + password). We never see plaintext passwords.

Third-party services

• Supabase — database, storage, authentication, edge functions. Privacy policy.
• Apple App Store + Apple Push Notification service — purchases and push delivery. Privacy policy.
• RevenueCat — subscription state. Privacy policy.
• Sentry — anonymised crash reports. Privacy policy.

Your rights (GDPR Articles 15–22)

Access & export

You can export every one of your own photos in their original, unfiltered RAW form from Settings → Export my photos. You cannot export your partner's photos — those are their data, not yours.

Deletion (Article 17 — Right to be Forgotten)

From Settings → Delete my data, you can delete all of your own photos and dissolve your couple. We never allow one user to delete the partner's photos — that would violate the partner's own GDPR rights. To delete your account entirely (including the authentication record), email us at the address below.

Pair dissolution

Either of you can dissolve the pairing unilaterally. Dissolution stops new photos from being added but does not delete existing history — each of you keeps the rolls you already revealed. The bond can be restored within 60 days; after that, it is permanent.

Withdraw consent / opt out

• Disable notifications from Settings inside the app or from iOS Settings.
• Cancel your subscription from your Apple ID settings.
• Sign out from Settings → Sign out.

Data retention

Photos remain in your account until you delete them or close your account. After bond dissolution, both users keep their own copy of the historical album. Paid months stay fully visible forever; unpaid months remain at the limited 13-of-27 view forever.

Children's privacy

Trace is intended for users aged 18 or older. We do not knowingly collect data from users under 18. If you are a parent or guardian and believe your child has provided personal information to us, contact us and we will delete it.

International transfers

Our data is processed in EU-region Supabase infrastructure. Push notification delivery and Apple-related processing may transit Apple's global infrastructure.

Changes to this Policy

We may update this Privacy Policy. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you in the app.

Contact

For any privacy question, request, or complaint, email albertolruiz04@gmail.com. We respond to all GDPR requests within 30 days.