← Back to TipFit

Privacy Policy

1. Information We Collect

TipFit ("the Company") collects and uses the following information.

• RevenueCat App User ID: an anonymous identifier auto-generated at purchase (account key)
• Automatic: IP address, app usage logs, push token (when permitted)
• User-generated content: design prompts, generated images, display name (auto-generated), and any content you choose to enter

We do not collect direct identifiers such as email, phone number, or real name.

2. Purpose of Use

• Account identification (anonymous auth via RevenueCat App User ID)
• Providing AI nail design generation
• Subscription billing and entitlement management
• Push notification delivery (optional)
• Fraud prevention and security

3. Retention

• While your subscription is active: account info and user content retained
• After expiry/refund: 30-day grace period during which you can view your own content. After that, all data (designs, profile, social relationships) is automatically and permanently deleted
• If you tap "Delete Account": immediate permanent deletion

Payment receipts and other transaction records are retained separately by Apple App Store, Google Play, and RevenueCat as required by applicable laws.

4. Third-Party Processors

• Convex (backend / database hosting)
• Google Vertex AI / Gemini (image generation) — only the design prompt is sent; not used for AI training
• RevenueCat (payment receipt verification, subscription state)
• Apple App Store / Google Play (in-app purchase processing)
• Expo Push Notifications (push delivery — token only)
• PostHog (usage analytics — anonymized events)

5. Your Rights

• Access / correction: edit display name, avatar, etc. on the profile screen
• Deletion: Profile → "Delete Account" for immediate permanent deletion
• Stop processing: revoke push token in OS settings

EU/EEA residents have rights under GDPR Articles 15-22 (access, portability, objection, etc.). California residents have rights under CCPA.

6. Minors

We do not accept service use from children under 14 (under 16 in the EU, under 13 in the US). If we become aware of such data, we delete it immediately upon discovery.

7. Security Measures

• No password storage (anonymous auth via RevenueCat App User ID)
• All communication TLS-encrypted
• Device session token stored in SecureStore (Keychain/Keystore)
• Sensitive identifiers (rcAppUserId) isolated in a separate table; never exposed to the client

8. Contact

Privacy inquiries: help@tipfit.app

Effective Date

This policy is effective from May 6, 2026.