Privacy Policy — Chillpy

👋 Overview

Chillpy ("the App") is operated by ZenDevs ("we", "us", or "our"). This Privacy Policy explains what personal information we collect, why we collect it, and how we use and protect it when you use our mobile application and website.

By downloading or using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.

      Short version: We collect only the data necessary to run the app. We do not sell your personal data. You can request deletion of your account and data at any time.
    

📋 Information We Collect

1. Account Information

When you create an account, we collect:

Email address (used for authentication)
Password (stored in hashed form — we never see your plain-text password)
Display name or username (optional)
Your chosen friend tag (e.g., NAME1234)

2. App Usage Data

To provide the core features, we store:

Meditation session records (type, duration, date — no audio content)
Habit and daily ritual completion history
Emotion log entries (mood, triggers, date) that you voluntarily create
Mission progress and reward history (green leaves, golden leaves balances)
Capybara companion state, outfits, and refuge customization
Bond journey progress and "get to know us" answers (if provided)
Streak data and milestone history

3. Social Features Data

If you use social features, we store:

Friend connections (friend tags of users you add)
Greetings, notes, and gifts sent between users
Messages posted on friend refuge walls (visible for 7 days)

4. Purchase & Subscription Data

In-app purchases and subscriptions (Capy Plus) are processed through Apple App Store or Google Play. We receive purchase confirmation and entitlement status from these platforms but do not store your credit card or payment details.

5. Device & Technical Data

Device type, operating system version, and app version
App crash reports and error logs (used to fix bugs)
IP address (used for rate limiting and security, not stored long-term)

6. Data You Do Not Provide

We do not collect:

Real name or phone number
Location data or GPS coordinates
Camera, microphone, or photo library access
Contacts from your device
Browsing history outside the app

🎯 How We Use Your Information

We use collected data exclusively to:

Provide, maintain, and improve the App's features
Authenticate your identity and keep your account secure
Sync your progress across devices
Enable social features (friend connections, gifting)
Process and verify in-app purchases and subscription entitlements
Send you push notifications (only if you grant permission)
Diagnose technical issues and prevent abuse
Comply with applicable legal obligations

We do not use your data for advertising profiling or behavioral tracking.

🤝 Third-Party Services

The App uses the following third-party services, each with its own privacy policy:

Supabase

Our backend database and authentication provider. Your account data and app progress are stored on Supabase-managed PostgreSQL servers. Supabase Privacy Policy

Cloudflare

We route all API requests through a Cloudflare Worker, which acts as a security proxy. Cloudflare may process request metadata (IP, headers) for DDoS protection and rate limiting. Cloudflare Privacy Policy

RevenueCat

Manages our in-app purchase validation and subscription status. RevenueCat receives purchase receipt data from Apple/Google to verify entitlements. RevenueCat Privacy Policy

Apple App Store / Google Play

Handle all payment processing for purchases. We receive only the result of the transaction (success/failure and entitlement). Apple's and Google's own privacy policies govern your payment data.

Expo / React Native

The app is built using the Expo framework. Expo may collect anonymized crash reports to support the framework. Expo Privacy Policy

🔒 Data Security

We take reasonable technical and organizational measures to protect your data:

All API traffic is encrypted with TLS/HTTPS
Authentication tokens are validated using industry-standard JWT (HS256/RS256)
Passwords are hashed and never stored in plain text
Rate limiting is applied to prevent brute-force attacks
Image URLs are signed with short TTLs to prevent unauthorized access
Row-Level Security (RLS) ensures users can only access their own data in the database

No method of transmission over the internet is 100% secure. In the event of a data breach that affects your rights, we will notify affected users as required by applicable law.

👨‍👩‍👧 Children's Privacy

Chillpy is not directed at children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@chillbara.app and we will delete it promptly.

🌍 Data Transfers

Your data may be stored and processed in the United States or other countries where our service providers operate. By using the App, you consent to these transfers. We ensure that third-party providers maintain appropriate safeguards.

✅ Your Rights & Choices

You have the right to:

Access: Request a copy of your personal data we hold
Correction: Update inaccurate or incomplete data through the app settings
Deletion: Request deletion of your account and all associated data. You can do this directly in the app (Settings → Delete Account) or by contacting us
Portability: Request an export of your data in a machine-readable format
Opt-out of notifications: Disable push notifications at any time in your device settings

To exercise any of these rights, email us at support@chillbara.app. We will respond within 30 days.

      Account deletion: When you delete your account, we remove your personal information, habit history, emotion records, and social connections from our servers within 30 days. Aggregated, anonymized analytics data may be retained.
    

🍪 Cookies & Local Storage

The mobile app does not use browser cookies. We use device local storage (AsyncStorage) to cache your session token and app preferences for a faster experience. This data stays on your device and is cleared when you log out or uninstall the app.

Our website (this landing page) does not use tracking cookies or analytics scripts.

📬 Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: support@chillbara.app
Developer: ZenDevs
App bundle ID: com.zendevs.vibebara

🔄 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page and, where appropriate, by sending a push notification or in-app message.

Continued use of the App after changes take effect constitutes your acceptance of the updated policy.