Privacy Policy

Last Updated: January 2025

SneakerVault ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our iOS application.

1. Information We Collect

1.1 Personal Information

When you use SneakerVault, we collect:

• Apple ID: We use Apple Sign In for authentication. We receive your Apple ID user identifier, and optionally your name and email address.
• Sneaker Collection Data: Information about your sneakers including brands, models, photos, purchase prices, market values, and wear logs.
• Photos: Images of your sneakers that you choose to upload, stored securely in our cloud storage.
• Usage Data: We collect anonymous analytics data about how you use the app to improve our services (you can opt-out in Settings).

1.2 Automatically Collected Information

We automatically collect:

• Device Information: iOS version, device type, and app version for compatibility and debugging purposes.
• Analytics Data: Feature usage, error logs, and performance metrics via PostHog (anonymized and opt-out available).

2. How We Use Your Information

We use your information to:

• Provide and maintain the SneakerVault service
• Sync your sneaker collection across your devices
• Generate AI-powered features (sneaker recognition, reel captions)
• Track market values from StockX for your collection
• Improve our app based on usage patterns and feedback
• Provide customer support
• Comply with legal obligations

3. Data Storage and Security

3.1 Encryption

We take security seriously:

• End-to-End Encryption: Sensitive session data (Instagram, StockX) is encrypted using AES-256-CBC before storage.
• Secure Storage: API keys are stored in iOS Keychain, not in code or plain text.
• HTTPS: All data transmitted between your device and our servers uses TLS/SSL encryption.

3.2 Data Storage Locations

• Local Device: Your data is stored locally on your device using AsyncStorage for offline access.
• Supabase (Cloud): We use Supabase (PostgreSQL + Storage) to sync your data across devices. Supabase is SOC 2 Type 2 certified.
• Google Cloud Run: Video generation for Instagram reels is processed on Google Cloud Run servers (videos are generated on-demand and not permanently stored).

4. Third-Party Services

We use the following third-party services:

4.1 Essential Services

• Apple Sign In: For authentication (Apple's Privacy Policy applies)
• Supabase: For data storage and synchronization
• Google Gemini 2.0 Flash: For AI-powered sneaker recognition and text generation
• StockX: For market value data (we fetch publicly available pricing data)

4.2 Optional Services

• PostHog: For analytics (you can opt-out in Settings)
• Instagram: For automated posting (only if you enable Instagram automation and provide your session)

5. Data Sharing and Disclosure

We do not sell your personal information. We only share your data in these situations:

• With Your Consent: When you explicitly choose to share data (e.g., posting to Instagram)
• Service Providers: With trusted third-party services that help us operate the app (Supabase, Google Cloud)
• Legal Requirements: If required by law or to protect our rights

6. Your Rights and Choices

You have the following rights:

• Access: View all your data within the app
• Export: Export your collection data as CSV from Settings
• Delete: Delete individual sneakers or your entire account
• Opt-Out: Disable analytics tracking in Settings
• Portability: Export your data in machine-readable format

7. Data Retention

• Active Accounts: We retain your data while your account is active
• Deleted Data: When you delete data, it's permanently removed from our servers within 30 days
• Backups: Backup copies are retained for 90 days for disaster recovery

8. Children's Privacy

SneakerVault is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it immediately.

9. California Privacy Rights (CCPA)

If you're a California resident, you have additional rights:

• Right to know what personal information we collect
• Right to delete your personal information
• Right to opt-out of data sales (we don't sell your data)
• Right to non-discrimination for exercising your rights

10. European Privacy Rights (GDPR)

If you're in the EU/EEA, you have rights under GDPR:

• Right of access and portability
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with your supervisory authority

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Updating the "Last Updated" date
• Displaying an in-app notification
• Sending an email (if you've provided one)

12. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us:

• Email: [email protected]
• Support: [email protected]

13. Your Consent

By using SneakerVault, you consent to this Privacy Policy and our collection and use of information as described.