Privacy Policy – Kiss Map (App + Website)

Effective date: October 10, 2025

Who we are
Controller: Tibbits Consulting Inc. (“we”, “us”, “our”).
Address: (available upon request)
Email: support@tibbits.ca
App: Kiss Map (the “App”)
Website: https://tibbits.ca/kiss-map (the “Site”)

Scope

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the App and the Site. If this Policy conflicts with applicable law, we will follow the law where required.

Information We Collect

We collect the minimum data needed to operate the App:

Account & Authentication
• Email address and password or third‑party auth identifiers (via Supabase Auth).
• User ID and session tokens.
Couple & Content Data
• Couple membership (creator, member, join code association).
• “Kiss” entries you create: latitude/longitude, timestamp, reverse‑geocoded place string, optional notes or title.
• Local data cached on your device that syncs to our cloud backend (Supabase) when you are online.
Location
• Precise device location (only when you choose to drop a kiss and grant permission). The App does not request background location.
Diagnostics & Usage (optional)
• Crash logs, performance metrics, device/OS info, and basic interaction events (e.g., screen opens) to improve reliability.
• If enabled, these are processed by service providers (e.g., Sentry, Expo Updates). We do not collect advertising identifiers.
Support
• Messages you send to support and related metadata.

We do not intend to collect sensitive categories of data. Please do not include sensitive information in notes.

How We Use Information

• Provide the Service: account creation, couple join/creation, map and reverse geocoding, local/cloud sync.
• Security: authentication, fraud prevention, abuse detection.
• Support: respond to requests, fix issues, improve UX.
• Improve & Analyze: aggregate analytics and diagnostics to improve performance and stability.
• Legal: comply with law, enforce Terms, protect rights.

Legal Bases (where applicable)

• Contract: to provide the App you requested.
• Consent: for location access and optional analytics/diagnostics (you may withdraw in device settings where applicable).
• Legitimate Interests: to secure the service and improve performance.
• Legal Obligation: to comply with applicable laws/regulators.

Sharing & Processing

We do not sell your data or share it with third parties for their independent advertising/marketing. We use service providers (processors) that act on our instructions:

• Supabase (database hosting, authentication, storage) — stores account, couple, and kiss data; Row Level Security limits access to authorized users within a couple.
• Google Maps Platform (maps SDKs, geocoding) — processes location/coordinates to render maps and place names.
• Expo (EAS/Updates) — distributes app builds/over‑the‑air updates and may process technical metadata.
• Sentry (optional) — crash/error diagnostics.

These providers may process data in jurisdictions outside your own (e.g., U.S., EU). We use appropriate safeguards as required by law and by each provider’s standard terms.

We may disclose data if required by law, regulation, legal process, or to protect people/property and the integrity of the service.

Data Retention

• Account & couple data: retained while your account is active.
• Kiss entries: retained until you delete them or delete your account.
• Backups/logs: may persist for a limited period after deletion (e.g., backups up to ~30 days; security logs up to ~90 days).
We will retain only as long as necessary for the purposes above or as required by law.

Your Choices & Rights

Depending on your region, you may have rights to: access, correct, delete, export (portability), restrict/opt‑out of certain processing, and withdraw consent (e.g., location). To exercise rights or request account/data deletion, contact support@tibbits.ca. We will verify your identity before acting on requests.

You may disable location at any time in device settings; in that case, some features may not function.

Security

We use reasonable safeguards: encryption in transit (HTTPS), access controls, and database Row Level Security (RLS) to restrict records by user/couple. No system is 100% secure; please use strong, unique passwords and keep your device secure.

Children’s Privacy

The App is intended for individuals 13+. We do not knowingly collect personal information from children under 13. If you believe a child under 13 used the App, contact us to delete the account.

International Transfers

Your data may be processed in countries other than your own. By using the App, you understand that your data may be transferred to and processed in those jurisdictions, subject to appropriate safeguards.

Do Not Track & Third‑Party Signals

The App does not respond to Do Not Track signals. We do not use third‑party advertising SDKs.

Changes to This Policy

We may update this Policy from time to time. We will post the new version with an updated effective date. Material changes may be notified in‑app or on the Site.

Contact

Questions or requests: support@tibbits.ca
Postal address: (available upon request)