Privacy Policy

Start Doin' ("DOIN'", "we", "us") is operated by an individual developer based in the Republic of Latvia. Contact us at hey@startdoin.com.

• Account data: email address, display name, username, avatar/profile photo, timezone.
• Auth provider data: Google Sign-In and (on our mobile app) Apple Sign-In. We receive only your name and email from OAuth providers.
• Proof photos: images you upload as daily challenge proof. Stored in a private bucket with signed URLs (15-minute expiry). Never publicly accessible.
• Device info: push notification token (OneSignal player ID) if you opt in to notifications on mobile.

We do not currently run analytics or third-party crash reporting. If we add either, we will update this policy before doing so.

Subprocessors we currently use:

• Supabase (EU-West Ireland) — database, authentication, file storage.
• Cloudflare — CDN, DDoS protection, Pages hosting for our web app.
• OneSignal — push notifications on mobile (opt-in only).

Subprocessors we plan to use (not yet integrated):

• Stripe — web payment processing, once we launch paid tiers.
• RevenueCat — mobile in-app purchase management, once we launch paid tiers.

The full authoritative list — including regions, purposes, and what we do NOT use — lives at /subprocessors. We enter into a Data Processing Agreement with each subprocessor where one is required under GDPR Art. 28. Contact us for specifics of any given subprocessor.

All user data is stored in the EU (Supabase EU-West Ireland). Photos are stored in a private Supabase Storage bucket — never publicly accessible. Signed photo URLs expire after 15 minutes. All connections are encrypted via TLS. Server timestamps are enforced server-side and cannot be manipulated by clients.

• Access: request a copy of the data we hold about you.
• Rectification: update your profile information at any time.
• Erasure: request account deletion. Your display name and avatar are anonymised. Challenge records you took part in are retained in anonymised form so other participants' history remains intact. Photos you uploaded are removed within 72 hours of the deletion request.
• Portability: request your data in a machine-readable format.
• Object: opt out of marketing communications at any time.

Requests are handled by email today — we are building automated export and deletion endpoints. To exercise any right, email hey@startdoin.com. We respond within 30 days.

Push notifications (mobile and web browser) are opt-in. We never send without your explicit consent, and every notification we send is logged in our database with a consent-verified flag. Web push notifications are available in supported browsers and can be managed via your browser's notification settings at any time. Mobile push notification preferences can be changed inside the app.

We do not use advertising or third-party tracking cookies. Our web app stores your authentication session in your browser's local storage so you stay signed in between visits. This storage is strictly necessary to provide the service you requested and does not require a cookie consent banner under the ePrivacy Directive. If we add analytics or non-essential storage in future, we will display a granular consent banner first.

Start Doin' is not intended for users under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it immediately.

Active accounts are retained while the account exists. When you delete your account, your display name and avatar are anonymised, your photos are removed within 72 hours, and your challenge history is retained in anonymised form (to preserve other participants' records) for up to 90 days before full soft-delete expires. Proof photos are automatically deleted 90 days after a challenge ends. Your participation record, streak count, and leaderboard position are retained permanently.

We may update this policy. Users will be notified via email for material changes. Continued use of the app constitutes acceptance of the updated policy.

Email: hey@startdoin.com