Privacy Policy

1. Introduction

Welcome to Congra ("we," "our," or "us"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App") available on iOS and Android platforms.

By using Congra, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our App.

2. Data Controller

For the purposes of applicable data protection laws, the data controller is:

3. Information We Collect

We collect information that you provide directly and information collected automatically when you use our App.

3.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, and password.
• Profile Information: Profile photo, display name, and any optional bio or profile details you choose to add.
• User Content: Photos, images, messages, and other content you upload or share through the App.
• Communications: Information you provide when you contact us for support or feedback.
• Connections: Information about your friends and connections within the App when you choose to connect with other users.

3.2 Location Information

• Precise Location: When you check in to a venue, we collect your precise location to identify and display the venue you are at.
• Background Location: With your permission, we collect location data in the background to notify you when you arrive at a venue. This allows the app to prompt you to check in without needing to open the app first.
• Venue Information: The name and location of venues you check in to are stored as part of your check-in history.

Your Control: You can disable background location access at any time in your device settings. The app will still function, but you will need to open the app manually to check in.

3.3 Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers, and mobile network information.
• Usage Data: Features used, actions taken, time and date of use, and interaction patterns within the App.
• Push Notification Tokens: If you enable push notifications, we collect device tokens to deliver notifications.
• Log Data: IP address, access times, and app crash reports for troubleshooting purposes.

3.4 Information We Do NOT Collect

• We do not collect financial or payment information
• We do not collect health or fitness data
• We do not collect contacts from your device address book without explicit permission
• We do not track you across other apps or websites for advertising purposes
• We do not sell or share your location data with third parties for advertising

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide you with our services and fulfill our agreement with you.
• Consent: Where you have given explicit consent for specific processing activities, such as push notifications.
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services and ensuring security, where these interests are not overridden by your rights.
• Legal Obligation: Processing necessary to comply with legal requirements.

5. How We Use Your Information

We use the information we collect to:

• Provide Services: Create and manage your account, enable core app functionality, and allow you to connect with other users.
• Communications: Send you service-related notifications, updates, and respond to your inquiries.
• Push Notifications: Send you notifications about activity relevant to you (with your consent).
• Improvements: Analyze usage patterns to improve and optimize our App.
• Security: Detect, prevent, and address technical issues, fraud, and security threats.
• Legal Compliance: Comply with applicable laws and regulations.

6. Tracking and Advertising

We do not track you for advertising purposes. Specifically:

• We do not use advertising identifiers (IDFA/GAID) to track you
• We do not share your data with advertising networks
• We do not build profiles for targeted advertising
• We do not track your activity across other companies' apps or websites
• We do not sell or share your personal information with data brokers

As required by Apple's App Tracking Transparency framework, we confirm that our App does not engage in tracking as defined by Apple.

7. How We Share Your Information

We do not sell your personal information. We may share your information only in the following limited circumstances:

7.1 With Other Users

Your profile information and content you share may be visible to other users based on your privacy settings and connections within the App.

7.2 Service Providers

We use trusted third-party service providers to help us operate our App. These providers are contractually obligated to protect your data and use it only for the services they provide to us:

• Supabase: Database hosting and authentication services (data stored in secure cloud infrastructure)
• Expo Push Notifications: Delivery of push notifications to your device
• Cloud Hosting: Secure hosting infrastructure for our services

7.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

7.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for 30 days after deletion to allow for account recovery.
• User Content: Retained while your account is active. Deleted within 30 days of account deletion.
• Usage Data: Retained for up to 12 months for analytics purposes, then anonymized or deleted.
• Log Data: Retained for up to 90 days for troubleshooting and security purposes.

We may retain certain information longer if required by law or for legitimate business purposes such as resolving disputes.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Secure authentication mechanisms
• Regular security assessments and updates
• Access controls limiting who can access personal data

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards, including standard contractual clauses approved by relevant authorities, to ensure your data remains protected.

11. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data (see "Account Deletion" below).
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your personal data in certain circumstances.
• Restriction: Request restriction of processing of your personal data.
• Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data.

To exercise these rights, please contact us at privacy@congra.app. We will respond to your request within 30 days.

12. Account Deletion

You can delete your account at any time. When you delete your account:

• Your profile and account information will be permanently deleted within 30 days
• Content you have shared will be removed
• Your connections and friend relationships will be removed
• Push notification tokens will be deleted immediately

How to delete your account:

1. Open the Congra app
2. Go to Settings
3. Select "Account"
4. Tap "Delete Account"
5. Confirm deletion

Alternatively, you can request account deletion by emailing privacy@congra.app from the email address associated with your account.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply.

To exercise your California privacy rights, contact us at privacy@congra.app.

14. Children's Privacy

Our App is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at privacy@congra.app. We will take steps to delete such information from our systems.

15. Push Notifications

With your permission, we may send push notifications to your device. You can manage or disable push notifications at any time:

• iOS: Go to Settings → Notifications → Congra
• Android: Go to Settings → Apps → Congra → Notifications

Disabling push notifications will not affect core app functionality.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, where appropriate, provide additional notice (such as an in-app notification or email). We encourage you to review this policy periodically to stay informed about how we protect your information.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.