Privacy Policy

• Friends-only by default. Every usual you save is private or friends-only unless you choose otherwise.
• We don't sell your data. We show non-intrusive ads in the feed through Google AdMob, but we don't sell your data and we don't share your usuals, friends, or messages with advertisers.
• You control your data. View it in-app, delete your account anytime, opt out of personalized ads, and we'll honor data requests.
• Real humans answer. Email us at [email protected] with any privacy question.

We collect only what we need to make Usuals work.

• Account info — your email or Apple ID, plus any display name and avatar you choose.
• Phone hash — only if you opt in to "Let friends find you." We store a peppered SHA-256 hash of your phone number, never the raw number.
• Location — only when you actively use the map or drop a usual. We don't track you in the background.
• Contacts — only when you tap "Find Friends." We hash phone numbers locally on your device and send only the hashes to look for matches. Raw contact data never leaves your phone.
• Photos — only the photos you attach to usuals you post.
• Push notification tokens — to deliver messages, friend requests, and activity notifications.
• Advertising identifiers and ad interactions — Google AdMob uses your device's advertising identifier (IDFA on iOS, AAID on Android), approximate location, and basic device info to show and measure ads in the feed. See the "Advertising" section below for details and opt-out controls.

To run the app you signed up for — showing you usuals, connecting you with friends, and delivering messages and notifications.

We don't sell your data. We don't share your usuals, friends, messages, contacts, or photos with advertisers.

The third parties we share data with are essential infrastructure (hosting, push delivery, error monitoring) and Google AdMob for showing ads in the feed. Each receives only the minimum it needs to do its job. See the "Advertising" section below for what AdMob specifically receives.

Every usual has one of three visibility levels, enforced server-side at the database layer with PostgreSQL Row-Level Security:

• Public — visible to anyone using Usuals.
• Friends-only — visible only to people you've accepted as friends.
• Just for you — never visible to anyone else.

Friends-only usuals are invisible to non-friends at the database layer — even a shared link from a friend lands on a "this usual is friends-only" card without disclosing details.

Usuals shows occasional ads in the feed through Google AdMob. Ads sit inline as you scroll — you can scroll past them like any other card. We don't interrupt you with pop-ups, video pre-rolls, or full-screen takeovers.

What AdMob receives from your device:

• Your device's advertising identifier (IDFA on iOS, AAID on Android) — a resettable ID that isn't tied to your name
• Approximate location (country / region, from your IP address)
• Basic device and OS info (e.g., "iPhone 14, iOS 17")
• The ads you saw and tapped, so AdMob can measure performance and pay publishers

What AdMob does not receive: your name, email, phone number, contacts, usuals, friends, messages, or photos.

Your controls:

• iOS — the first time you open the app you'll see Apple's App Tracking Transparency prompt. Tap "Ask App Not to Track" to get non-personalized ads. Change later in iOS Settings → Privacy & Security → Tracking.
• Android — turn on "Delete advertising ID" in Settings → Privacy → Ads to get non-personalized ads.
• Google Ad Settings — manage personalization across Google services at adssettings.google.com.
• In the EEA / UK — you'll be asked for consent before personalized ads load. You can withdraw consent any time from Profile → Settings → Ad preferences.
• California residents — Google's ad personalization counts as "sharing" under the CCPA. To opt out of this sharing, use the personalization controls above or email [email protected] with "Do Not Share" in the subject.

Google's handling of this data is governed by the Google Privacy Policy.

Usuals data is stored on Supabase (managed PostgreSQL + object storage), encrypted in transit (TLS 1.2+) and at rest (AES-256). Our primary region is us-east-1.

From inside the Usuals app:

• View your data — every usual, friend, message, and setting is visible in your Profile and Settings.
• Delete your account — Profile → Settings → Delete Account. This is a hard delete: your usuals, photos, and profile are permanently removed.
• Revoke contacts / location access — turn off in iOS / Android settings any time.

For data export or any privacy request, email [email protected] with "PRIVACY" in the subject line.

Usuals is for users 13 years of age and over (16+ in the European Economic Area). We don't knowingly collect data from younger users; if you believe we have, contact us and we'll remove it.

We'll notify you in the app for any material changes to this policy. The "Last updated" date at the top of this page will always reflect the most recent revision.

Privacy or data questions: [email protected]— please mention "PRIVACY" in the subject so it routes correctly.