Privacy Policy

Effective date: April 6, 2026

Last updated: April 6, 2026

1. Overview

This Privacy Policy explains how Roastify collects, uses, and protects information when you use the app and related services.

2. Information we collect

Account information: email address and authentication identifiers provided through Supabase Auth.

Profile information: optional display name and profile updates you make in the app.

User content: prompts, generated roasts, and optional uploaded images used to generate roasts.

Technical and usage information: device and app metadata, generation events, feature usage, timestamps, and error logs needed to operate and secure the service.

3. How we use information

We use personal data to provide account access, generate and save roasts, maintain history, prevent abuse, troubleshoot issues, and improve reliability and product features.

4. Legal bases (where applicable)

Depending on your region, we process information based on contract performance (providing the service), legitimate interests (security and abuse prevention), consent (where required), and legal obligations.

5. Third-party processors

We use third-party service providers to operate the app. These providers process data only for authorized purposes under their own terms and privacy commitments.

6. Data sharing

We do not sell personal data. We may share data with service providers, when required by law, or to protect rights, safety, and security.

7. Data retention

Roast history records and uploaded roast images are automatically deleted after 5 days from creation.

We may retain limited operational or security logs for a longer period where needed for abuse prevention, debugging, or legal compliance.

8. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict certain processing.

To exercise rights, contact the support channel you publish with your app. Verify your identity before we process sensitive requests.

9. Children's privacy

Roastify is not directed to children below the minimum digital consent age in their jurisdiction. If you believe a child provided personal data without proper consent, contact us so we can investigate and remove data where appropriate.

10. Security

We use reasonable technical and organizational safeguards, but no method of transmission or storage is completely secure.

11. International transfers

Your information may be processed in countries other than your own. Where required, we implement safeguards for cross-border transfers under applicable law.

12. Policy changes

We may update this policy from time to time. Material changes will be reflected by updating the effective date and, where appropriate, providing additional notice.

13. Contact

For privacy requests or questions, contact info.mysticastra@gmail.com.