Privacy Policy

1. Who We Are

er@ is operated by Arty Fishall LLC ("we," "us," or "our"), a company registered in the United States. Our privacy contact is privacy@eravibe.app.

2. What We Collect

We collect only the information necessary to provide the er@ service:

• Account information: Your handle, display name, email address, and password (stored as a hashed value).
• Content you create: Pins you set, era titles and feeling notes, photos you post, captions, and comments.
• Social graph: Accounts you follow and accounts that follow you.
• Device information: Device type, operating system version, and app version — used for performance and crash diagnostics only.
• Usage data: Aggregated, anonymized event data (e.g., screens viewed, features used) collected via PostHog for product improvement.
• Crash logs: Anonymized crash reports collected via Sentry to fix bugs.

We do not collect your GPS location, audio recordings, biometric data, or your device contacts list. If you use our contact-matching feature to find friends, your contacts are hashed locally on your device and the hashes are used for matching only — the raw contact data is never transmitted to or stored on our servers.

3. How We Use Your Information

• To provide, maintain, and improve the er@ service
• To send notifications you've opted into (new followers, reactions, expiry warnings)
• To enforce our Terms of Use and protect users from harmful content
• To process er@+ subscription payments (handled by Apple App Store and Google Play — we never see your payment card details)
• To respond to support requests
• To comply with legal obligations

We do not use your information to serve you advertisements, build advertising profiles, or sell to data brokers.

4. What We Never Do

• Sell your personal data to any third party — ever
• Serve third-party advertisements within er@
• Share your data with advertisers or ad networks
• Store your contacts list
• Collect your GPS location, audio, or biometric data
• Use your content to train AI or machine learning models

5. Photo and Content Retention

• Active photos: Visible to approved followers for 72 hours (or 7 days for er@+ subscribers). After expiry they are removed from feeds immediately.
• Server deletion: Expired photos are permanently deleted from our storage servers within 30 days of expiry.
• Era archive thumbnails: Low-resolution thumbnails used in your era archive are retained while your account is active.
• Safety logs: Content reported for safety violations may be retained for up to 12 months to process the report.

6. Who We Share Data With

We use a small number of trusted service providers to operate er@. Each receives only the data necessary for their specific function:

• Supabase — database and authentication hosting (United States)
• Cloudflare — media storage and CDN (global)
• RevenueCat — subscription management (United States)
• Sightengine — automated image moderation to detect prohibited content (France)
• PostHog — anonymized product analytics (United States/EU)
• Sentry — anonymized crash reporting (United States)
• Branch.io — deep link routing for invite links (United States)
• Apple / Google — push notifications and payment processing

We may disclose your information if required by law, court order, or to protect the safety of our users or the public.

7. Children's Privacy (COPPA)

er@ is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are between 13 and 17, a parent or guardian must review and agree to our Terms of Use on your behalf — we collect this consent at account creation.

If we discover that a user is under 13, we will immediately delete their account and all associated data. If you believe a child under 13 has created an account, please contact us at privacy@eravibe.app.

8. Your Rights

Depending on your location, you may have the following rights:

• Access: View all your content and account information within the er@ app at any time.
• Correction: Update your handle, name, email, and pins within the app.
• Deletion: Delete your account from Settings → Delete Account. All personal data is processed for deletion within 30 days.
• Export: Request a copy of your data by emailing privacy@eravibe.app.
• Opt-out of analytics: Disable analytics data collection in Settings → Privacy Controls.

California residents (CCPA): We do not sell personal information. You have the right to know what data we collect and to request deletion.

EEA/UK residents (GDPR): You have the rights listed above plus the right to restrict processing, object to processing, and data portability. Our legal basis for processing is performance of a contract (providing the service), legitimate interests (safety and fraud prevention), and consent (optional analytics).

9. Security

We use industry-standard security practices including encrypted data transmission (TLS), hashed passwords (bcrypt), row-level security on all database tables, and private (non-public) cloud storage for all user photos. No method of transmission or storage is 100% secure — if you discover a security vulnerability, please email privacy@eravibe.app immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification and by updating the "Last updated" date at the top of this page. Your continued use of er@ after the effective date of any changes constitutes your acceptance of the updated policy.