Privacy Policy

Last Updated: November 18, 2025

1. Introduction

Welcome to SecureStag ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application SecureStag (the "App"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you create an account:

• Email Address: Used for account creation, authentication, and communication
• User ID: Automatically generated unique identifier for your account
• Display Name: Optional name you choose to display in your profile

2.2 Authentication Data

We support multiple sign-in methods:

• Email and Password: Securely hashed and stored using Supabase Auth
• Apple Sign-In: We receive your Apple ID token for authentication
• Google Sign-In: We receive your Google ID token for authentication (when enabled)

2.3 Usage Data

We automatically collect certain information when you use the App:

• Bookmarked Articles: Articles you save for later reading
• Reading History: Articles you've viewed (stored locally on your device)
• App Interactions: Features used, buttons clicked, screens viewed
• Analytics Data: Anonymous usage statistics via Firebase Analytics

2.4 Device Information

We may collect device-specific information including:

• Device type and model
• Operating system version (iOS)
• App version
• Unique device identifiers (for analytics purposes only)

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide Services: Deliver news content, manage your account, and enable bookmarking
• Improve the App: Analyze usage patterns to enhance features and user experience
• Communication: Send important updates, security alerts, and respond to inquiries
• Security: Protect against fraud, unauthorized access, and maintain platform security
• Analytics: Understand how users interact with the App to improve performance

4. Data Storage and Security

4.1 Data Storage

Your data is securely stored using:

• Supabase: A PostgreSQL database hosted on secure cloud infrastructure
• Row Level Security (RLS): Ensures users can only access their own data
• Encryption: All data is encrypted in transit (HTTPS) and at rest

4.2 Security Measures

We implement industry-standard security practices:

• Secure authentication using OAuth 2.0 and JWT tokens
• Password hashing with bcrypt (for email/password sign-in)
• HTTPS/TLS encryption for all network requests
• Regular security updates and vulnerability patching

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We do not sell, trade, or rent your personal information to third parties.

5.2 Third-Party Services

We use the following third-party services that may collect data:

• Supabase: Database and authentication infrastructure (Privacy Policy)
• Firebase Analytics: Anonymous usage analytics (Privacy Policy)
• Apple Sign-In: Authentication service (Privacy Policy)
• Google Sign-In: Authentication service (Privacy Policy)

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

6. Your Data Rights

6.1 Access and Portability

You have the right to:

• Access your personal data stored in the App
• Request a copy of your data in a machine-readable format
• Update or correct your profile information

6.2 Account Deletion

You can delete your account at any time from the Profile tab in the App. Upon deletion:

• Your account will be permanently deleted from our servers
• All your bookmarks and saved articles will be removed
• Your email address and personal information will be deleted
• This action is irreversible

6.3 Data Retention

We retain your data only as long as your account is active. When you delete your account, we delete all associated data within 30 days.

7. Children's Privacy

SecureStag is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

8. International Users

If you are accessing the App from outside the United States, please note that your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the App, you consent to this transfer.

9. Analytics and Tracking

9.1 Firebase Analytics

We use Firebase Analytics to collect anonymous usage data including:

• App opens and session duration
• Feature usage and button clicks
• Article views and categories browsed
• Scroll depth and engagement metrics

9.2 Opt-Out

You can disable analytics tracking in iOS Settings > Privacy > Analytics & Improvements > Share iPhone Analytics (toggle off).

10. Cookies and Local Storage

The App uses local storage on your device to:

• Store authentication tokens for seamless sign-in
• Cache news articles for offline reading
• Remember your preferences and settings
• Store your fortune cookie message

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last Updated" date at the top of this policy
• Posting the new Privacy Policy in the App
• Sending you an email notification for material changes

You are advised to review this Privacy Policy periodically for any changes.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to deletion of personal information
• Right to non-discrimination for exercising your privacy rights

13. European Union Users (GDPR)

If you are in the European Union, you have rights under the General Data Protection Regulation (GDPR):

• Right to access your data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing