Privacy Policy

• Account information. When you create an account we collect your mobile phone number (used solely for SMS one-time passcode authentication and account recovery), an optional display name, and an optional profile photo. Your phone number is stored in a separate, self-only table that other members of your spaces cannot read; to them, you are your display name and avatar only.
• Content you share. When you participate in a space we store the messages, photos, videos, reactions, wishes, help offers, captions, and any other content you choose to post, together with metadata such as timestamps and which space you posted in.
• Membership and invite data. The list of spaces you belong to, your role within each space (owner, admin, or member), the invitations you send and receive, and basic membership history.
• Subscription and billing data. If you purchase a paid plan, our payment processor (Stripe) collects payment-card and billing-address information directly. We receive a subscription status, plan tier, and a tokenized customer reference — we never see your full card number.
• Device and usage data. We automatically record information about how the Service is used, including IP address, device type, operating system, browser type and version, referring URL, pages or features used, approximate session duration, and diagnostic logs (including error reports collected via Sentry).
• Push and email tokens. If you enable notifications, we store the device push token, browser push subscription, or email address required to deliver the notifications you have asked for.
• Cookies and similar technologies. We use a small number of strictly necessary first-party cookies for authentication and security. We do not use advertising cookies or third-party tracking pixels. See section 7.

• Provide the Service. Authenticate you, deliver messages and photos, route reactions, render your spaces, and store your content so it is available the next time you sign in.
• Maintain and improve the Service. Diagnose performance issues, debug errors, prevent abuse, plan capacity, and decide what to build next based on aggregated, non-identifying usage patterns.
• Communicate with you. Send transactional messages you have asked for (sign-in codes, security alerts, invite notifications, billing receipts) and respond to your support requests.
• Provide AI-assisted features. When you opt to use a feature like “Catch up” chat summaries or AI photo captions, we send the relevant content for that single request to our AI provider (Anthropic) for processing. See section 6.
• Process payments. If you subscribe, we use Stripe to process your payment, charge subscriptions on a recurring basis, and handle refunds, chargebacks, and tax compliance.
• Comply with law and protect rights. Meet our legal obligations, enforce our Terms of Service, investigate suspected abuse, and protect the safety, rights, and property of you, us, and others.

• Performance of a contract — to provide the Service you have signed up for, including authenticating you, delivering your messages and photos, and processing subscriptions you have purchased.
• Legitimate interests — to keep the Service secure, prevent fraud and abuse, debug errors, understand aggregate usage, and improve our product. We balance these interests against your rights and freedoms.
• Consent — to enable optional features such as push notifications, AI-assisted features, or marketing emails. You may withdraw consent at any time.
• Legal obligation — to comply with applicable laws, tax requirements, court orders, and lawful requests from public authorities.

We share personal information only in the limited circumstances described below. We never sell your personal information, and we do not disclose it to third parties for their own marketing purposes.

• With other members of your spaces. Content you post to a space (messages, photos, wishes, help offers, reactions, your display name and profile photo) is visible to the other members of that space. Space owners and admins can see member lists and manage membership.
• With our service providers (sub-processors). See section 6 for the current list. Each provider acts on our behalf under a written data processing agreement that limits their use of your data to providing the contracted service.
• For legal reasons. If we receive a valid subpoena, court order, or other lawful demand, we may disclose information to the extent required by law. Wherever permitted, we will notify the affected user before disclosing.
• To protect rights and safety. We may disclose information when we have a good-faith belief it is necessary to investigate, prevent, or take action regarding suspected illegal activity, abuse, or threats to the safety of any person.
• Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you (by email or in-app) of any change in ownership or control of your personal data and of any choices you have.
• With your direction. We may share your information for any other purpose disclosed to you and with your consent.

• Account data — kept while your account exists. When you delete your account, we delete or de-identify it within 30 days from our production systems and within 90 days from encrypted backups.
• Content you posted into a space — kept for as long as the space exists. When you delete an individual message, photo, wish, or help offer, it is removed from the space immediately and purged from production within 30 days. Note that copies may persist on devices of other members who have already received them.
• Spaces — when an owner deletes a space, all of its content (messages, photos, wishes, help offers, member list) is deleted within 30 days from production and within 90 days from backups.
• Billing records — kept for the period required by tax and accounting law in the relevant jurisdiction (typically up to 7 years).
• Security and abuse logs — retained for up to 12 months in identifiable form for fraud prevention and incident investigation, then aggregated or deleted.

• Encryption of data in transit using TLS 1.2 or higher.
• Encryption of data at rest in our database and object storage.
• Multi-tenant isolation enforced by row-level security policies tying every record to a specific space and an authenticated user.
• Phone numbers stored in a separate, self-only table that not even your fellow space members can read — only you and our service role can ever see your number.
• Realtime channels (presence, broadcast, postgres-changes) gated by membership: simply knowing a space ID is not enough to subscribe.
• Photo/video storage paths bound to your space; cross-tenant URL re-attachment is rejected at the API layer.
• Cryptographically random invite codes (CSPRNG) and short-lived (≤ 10 minute) signed media URLs.
• Stripe webhooks idempotency-checked and replay-protected; webhook payloads (which contain billing PII) are never logged.
• Sentry telemetry scrubbed for phone numbers, OTP codes, JWT/auth tokens, signed-URL tokens, and request cookies; session replays mask all text and inputs.
• Least-privilege access: only a small number of named employees have production access, on principle of need; all access is audited.
• Rate limiting, abuse detection, and continuous error monitoring.
• Regular security review of our infrastructure, dependencies, and third-party providers.

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to correct inaccurate or incomplete data. You can update your display name and profile photo yourself in your account settings.
• Deletion — request that we delete your account and associated personal data. You can delete your account from settings.
• Portability — request that we provide your data in a structured, machine-readable format.
• Restriction or objection — ask us to restrict or object to certain processing, including processing based on our legitimate interests.
• Withdraw consent — withdraw any consent you have given (for example, for push notifications or AI features) at any time. Withdrawal does not affect the lawfulness of past processing.
• Lodge a complaint — complain to your local data protection authority. We would appreciate the chance to address your concerns first.

For California residents (CCPA / CPRA): You have the right to know what personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting it, and the categories of third parties to whom we disclose it. You have the right to request deletion or correction of your personal information, and the right not to be discriminated against for exercising any of these rights. We do not sell or “share” personal information for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes that require an opt-out under California law.

To exercise any of these rights, sign in and use the relevant in-app control, or write to privacy@startakith.com. We may need to verify your identity (typically by confirming control of the phone number on the account). We will respond within the time required by applicable law (generally 30 days under the GDPR and 45 days under the CCPA). An authorized agent may submit a request on your behalf with written proof of authorization.

For privacy questions, data-subject requests, or to reach our privacy team, email us at privacy@startakith.com. For account or billing help, write to support@startakith.com. For legal notices including DMCA takedowns, write to legal@startakith.com.

Postal mail: Real Tech LLC, [Real Tech LLC, business mailing address — TODO].