FlouMe — Privacy Policy
Effective date: to be set on publication Last updated: to be set on publication
Heads-up before launch: this draft was written for FlouMe specifically (location-locked photo sharing — photos pinned where you took them; friends unlock by visiting the spot). It is not legal advice. Have a lawyer in your operating jurisdiction review and sign off before publishing. Required edits are marked
[LIKE THIS].
1. Who we are
FlouMe ("FlouMe", "we", "us", "our") is a mobile application operated by [LEGAL ENTITY NAME], registered at [REGISTERED ADDRESS] in [COUNTRY OF REGISTRATION]. You can contact us at hello@floume.app.
If you are a resident of the European Union or United Kingdom, our EU/UK representative for GDPR is [REPRESENTATIVE NAME + ADDRESS, optional but recommended if shipping in Europe].
This Privacy Policy explains what personal information we collect when you use the FlouMe app, how we use it, who we share it with, and the choices you have. By using FlouMe, you agree to the practices described here.
2. The data we collect
We collect four broad categories of personal data:
2.1 Account data
Provided by you when you sign up, or imported from your sign-in provider.
| Field | Source | Purpose |
|---|---|---|
| Email address | You / Google Sign-In | Sign-in, password reset, transactional email |
| Password (hashed) | You | Sign-in (we never see the plain password — hashing is performed by Supabase Auth) |
| Google user ID | Google Sign-In | Linking your Google identity to your FlouMe account |
| Apple user ID | Sign in with Apple | Linking your Apple identity to your FlouMe account |
Display name + handle (@) | You | How other users see you |
| Avatar image | You (optional) | Profile picture |
| Bio | You (optional) | Profile description |
| Friend code | Generated | Sharing your profile via QR / friend code |
2.2 Content data
Created by you while using the app.
| Field | Purpose |
|---|---|
| Photos you upload (pins, gifts, profile avatars) | Storage + delivery to friends who unlock them |
| GPS coordinates (latitude, longitude) attached to each pin | Determining when other users have arrived at the spot to unlock the photo |
| Captions, place names, voice notes | Display alongside the photo |
| Gift recipient (when you send a private Pin Gift) | Restricting visibility to that specific recipient |
| Time-lock unlock date (when you schedule a gift) | Holding the photo locked until the scheduled moment |
| Comments + reactions on photos | Display under the photo |
| Friend / follow relationships | Constructing your social graph |
| Photo unlocks (who unlocked which photo, where) | Showing "unlocked by …" on the photo |
| Trip metadata (centroid, share token, visibility) | Auto-clustering pins into trips for the trips view |
| Wishlist + memories | Personal collections inside the app |
| Content reports you submit | Trust and safety review |
2.3 Device + location data
Collected automatically while you use the app.
| Field | Purpose |
|---|---|
| Live GPS (precise latitude + longitude + accuracy) while you have the app open | Centering the map on you + checking whether you are at a pin's spot to unlock |
| Camera or photo-library access (only when you tap to compose a pin) | Letting you pick or capture the photo to upload |
| Microphone access (only when you record a voice note inside a gift) | Recording the voice attachment for the gift |
| Push notification token | Sending push notifications (gift received, friend's photo nearby, etc.) |
| Device model, OS version, app version, Sentry-issued anonymous installation ID | Diagnosing crashes and bugs |
| Server-side EXIF GPS comparison | Audit-only — we compare the GPS coordinates you claim against the GPS metadata embedded in the photo file to deter spoofing. We do not act on this comparison automatically. |
We do NOT collect background location. GPS is read only while the app is in the foreground and you are actively using a feature that needs it (map, pin compose, unlock).
2.4 Diagnostic data
- Crash reports (Sentry): when the app crashes or hits an unhandled error, we send a stack trace, the device's OS + model, the app version, and an anonymous Sentry installation ID. We do not include the contents of your photos, captions, or messages in crash reports. We filter out user-cancellation events and offline-network blips before submission.
- Logs kept by Supabase for up to 30 days: API request logs (timestamp, route, user ID, HTTP status) used for debugging service problems.
3. Why we collect it (lawful bases)
| Purpose | Lawful basis under GDPR |
|---|---|
| Creating your account, signing you in, delivering core features (pinning, unlocking, gifts) | Contract performance (Article 6(1)(b)) |
| Sending you push notifications about gifts, friend requests, and unlocked photos | Contract performance + your consent (Article 6(1)(a) + 6(1)(b)) |
| Anti-spoofing (server-side EXIF GPS comparison) | Legitimate interests in preventing fraud (Article 6(1)(f)) |
| Crash reporting (Sentry) | Legitimate interests in keeping the app stable (Article 6(1)(f)) |
| Responding to support emails | Contract performance + legitimate interests |
| Complying with law (subpoenas, takedown notices) | Legal obligation (Article 6(1)(c)) |
If you are in California, you have additional rights under the CCPA / CPRA — see §10.
4. Who we share it with
We share data only with the following categories of recipients:
4.1 Other FlouMe users
- Your public profile (display name, handle, avatar, bio) is visible to other FlouMe users.
- Photos you pin become visible to your friends (or to a specific recipient if you send a Pin Gift) — but only after they physically arrive at the spot AND (for gifts) any time-lock you set has elapsed.
- Comments, reactions, and unlocks are visible to other FlouMe users who can see the photo.
4.2 Service providers (data processors)
We use third-party services to run FlouMe. Each of them processes your data on our instructions and is bound by a data-processing agreement.
| Provider | What they process | Where | More |
|---|---|---|---|
| Supabase (Supabase Inc.) | Account data, content data, push tokens, photo storage. This is our primary backend. | Central EU (Frankfurt) | supabase.com/privacy |
| Google Cloud / Google Sign-In | OAuth identity (if you use Google Sign-In) | Multi-region | policies.google.com/privacy |
| Apple Sign in with Apple | OAuth identity (if you use Apple Sign-In) | Apple | apple.com/legal/privacy |
| Sentry (Functional Software Inc., d/b/a Sentry) | Crash reports, anonymous installation IDs, device metadata | European Union | sentry.io/privacy |
| Expo / Expo Push Notifications | Push notification tokens + payload metadata (NOT the body of your messages — only the type and a photo ID) | United States | expo.dev/privacy |
| Apple Push Notification Service / Firebase Cloud Messaging | Push delivery layer below Expo | United States / Apple infrastructure | Apple / Google policies |
We do not sell your personal data. We do not share it with advertising networks. FlouMe contains no third-party ad SDKs.
4.3 Legal compliance
We may disclose data when we have a good-faith belief it is necessary to (i) comply with applicable law, subpoena, or court order; (ii) protect the rights, property, or safety of our users or the public; or (iii) investigate fraud or abuse. We will notify you of legal requests where we are legally permitted to do so.
4.4 Business transfers
If FlouMe is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you (e.g. via in-app notice or email) before any such transfer takes effect.
5. International transfers
Your data may be processed in the European Union, the United States, and other countries where our service providers operate. When data leaves the EU/UK, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms with each processor.
6. How long we keep it
| Category | Retention |
|---|---|
| Account data (email, profile) | Until you delete your account |
| Photos + captions + comments | Until you delete the photo, or you delete your account |
| Friend / follow / unlock graph | Until you remove the relationship, or you delete your account |
| Push notification tokens | Until you uninstall the app or sign out; stale tokens are pruned automatically |
| Content reports | 2 years from submission, for trust-and-safety review |
| Crash reports (Sentry) | 90 days (Sentry retention default) |
| API logs (Supabase) | 30 days |
When you delete your account (Settings → Delete Account, which requires typed confirmation), we cascade-delete:
- your account row, profile, photos (including storage objects), friendships, follows, comments, reactions, push tokens, unlocks, trips, wishlist, memories, content reports you authored.
Some derived metadata kept by service providers (e.g. anonymised crash counts in Sentry) may persist beyond account deletion in aggregate, non-identifying form.
7. Your rights
Depending on where you live, you have some or all of the following rights:
- Access — request a copy of the data we hold about you.
- Rectification — correct inaccurate or incomplete data (most fields are editable directly in the app).
- Deletion / Right to be Forgotten — delete your account via Settings → Delete Account, or by emailing hello@floume.app.
- Restriction / Objection — limit or object to processing for legitimate-interests purposes.
- Portability — receive your data in a machine-readable format (request via hello@floume.app).
- Withdraw consent — revoke camera, photo-library, microphone, location, or notification permissions in iOS Settings at any time. Some features (pinning, unlocking, voice gifts) will not work without the corresponding permission.
To exercise any of these rights, email hello@floume.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority — for EU residents, see edpb.europa.eu; for UK, see ico.org.uk.
8. Children
FlouMe is not intended for children under 13 (or under 16 in EU member states that have set the digital consent age at 16). We do not knowingly collect data from children under that age. If you believe we have collected data from a child, please email hello@floume.app and we will delete it.
9. Security
We use industry-standard measures to protect your data:
- All traffic between the app and our servers is encrypted with TLS.
- Passwords are hashed by Supabase Auth (never stored or transmitted in plain).
- Photo bytes are served via short-lived signed URLs that expire within minutes.
- Database access is enforced by row-level security policies that scope every read and write to the requesting user's account.
- Our server-side functions require an authenticated session token; destructive operations (
delete_account) require an additional typed-confirmation token.
No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the relevant authorities within the timeframes required by applicable law (72 hours under GDPR).
10. California residents (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect (see §2).
- Request deletion of your personal information (§7).
- Know with whom we share it (§4) and opt out of "sale" or "sharing".
FlouMe does not sell or share personal information for cross-context behavioral advertising. We do not knowingly process the personal information of children under 16 for the purpose of sale or sharing.
To exercise CCPA rights, email hello@floume.app.
11. Changes to this policy
We will update this Privacy Policy from time to time. The "Last updated" date at the top tells you when it last changed. Material changes (e.g. introducing a new category of data, a new processor, or a new purpose) will be announced via in-app notice or email at least 14 days before they take effect.
12. Contact
Email: hello@floume.app
Postal: [REGISTERED ADDRESS]