Privacy Policy

When you create an account or interact with SavedIt, we collect: • Your name, email address, and profile photo (if signing in via Google). • Any additional details you choose to add to your profile (e.g., username, interests, collections, or reminders). 👉 We do not collect sensitive personal data (e.g., financial, biometric, or government identification information).

When you sign in with Google, SavedIt requests the following OAuth scopes with your consent: • openid (ID token) • email (email address) • profile (name and profile image) We also request offline access to obtain a refresh token for continued authentication when you reopen the app.

Through Google's userinfo service, we obtain: • Unique Google identifier (sub) • Name and display name • Email address • Profile image URL 👉 We do not access or store restricted Google data (such as Gmail, Drive, or Calendar) without explicit user consent.

• To authenticate you and create your SavedIt account. • To show your name and profile picture inside the app. • To send essential account-related notifications (e.g., sign-in confirmations or account deletion alerts). • To improve user experience and maintain security. 👉 We do not use Google data for ads, tracking, or resale.

• We store your name, email, and profile image URL in our Supabase database. • We do NOT store Google access or refresh tokens. Instead, these are exchanged server-side for a Supabase session. • Authentication sessions are persisted by the Supabase client using secure app storage. • On iOS, we use the system Keychain (with an App Group) for secure access between the main app and Share Extension. • In development mode (Expo Go), secure fallback storage is used. • All communication with Google and Supabase is encrypted in transit (TLS) and at rest.

When you use the app, we may collect non-identifiable data such as: • Device type and OS version • App performance metrics and crash reports 👉 This information helps us debug and improve SavedIt. We do not use cookies or analytics tracking for advertising.

We work with trusted providers to operate SavedIt: • Supabase (database, authentication, storage) • Vercel (web hosting and serverless infrastructure) 👉 These partners are bound by confidentiality and process data only to support SavedIt's functionality.

• We do not sell or rent your personal data. • During sign-in, our server calls Google's userinfo endpoint solely to verify your identity and fetch basic profile information. • We only share limited data with verified subprocessors under data-processing agreements.

• We retain your Google-derived account data while your SavedIt account is active. • You can delete your account at any time via the app's Settings. • Once deleted, all associated data (including Google-linked identifiers) is permanently removed within 30 days. • Currently, SavedIt does not support unlinking a Google account without deleting the SavedIt account. 👉 Exceptions: Data may be retained where required by law or for security/anti-abuse reasons.

You have the right to: • Access and correct your personal data • Request deletion of your account and all data • Withdraw your consent for Google Sign-In at any time via https://myaccount.google.com/permissions

• We implement industry-standard encryption for all data in transit and at rest. • Access to your data is restricted to authorized systems and staff. • We audit our systems regularly to detect unauthorized access or disclosure. 👉 No online service is 100% secure, but we use strong measures to protect your information.

If you have any questions about this Privacy Policy or how we handle Google user data, please contact us at: 📧 contact.savedit@gmail.com