Pijhoon

PIJHOON PRIVACY POLICY

Effective upon public release on the App Store.

1. INTRODUCTION AND SCOPE

1.1 Who we are. Pijhoon is operated by Sida Li, an individual developer enrolled in the Apple Developer Program in the China region, distributing the app globally on the App Store. For the purposes of the EU and UK GDPR, the China PIPL, and similar laws, Sida Li is the data controller for personal information processed through Pijhoon.

1.2 Scope. This policy covers the Pijhoon iOS app and the backend that supports it (hosted on Supabase). It does not cover websites or services that may link to or from Pijhoon.

1.3 Contact. For any privacy question or request, write to hello@pijhoon.com.

2. DATA WE COLLECT

We collect only what we need to run Pijhoon. Items are listed with the legal basis used under GDPR and similar regimes — typically performance of a contract with you, your consent, or our legitimate interest in operating a safe service.

2.1 Account and identity.

• Phone number — required at signup, verified by SMS one-time code. Basis: contract (to create and secure your account).
• Password — stored only as a salted hash by Supabase Auth; we never see your plaintext password. Basis: contract.
• Optional email — you can add and verify an email after signup. Basis: contract / consent.
• Apple ID information — if you sign in with Apple, Supabase stores an identity record and, depending on what you allow Apple to share, your name and a real or relay email address. Basis: contract.

2.2 Profile.

• Display name, optional interests list, optional avatar image URL. Basis: contract (this is what other users see).
• A small audit trail of profile updates (for example previous avatar URL or name) so we can recover from mistakes and respond to abuse reports. Basis: legitimate interest in service integrity.

2.3 Content.

• Plans you create or RSVP to (title, time, location, vibe, invite list).
• Direct messages with friends.
• Group chat messages tied to an event.
• Bomb events, debt entries, and acknowledgements.

Basis: contract (this is the service).

2.4 Device and push.

• APNs device token, associated to your account during your signed-in session and deleted when you sign out.
• Basic device context such as app version and iOS version, used for debugging and compatibility.

Basis: contract and legitimate interest (delivering notifications and supporting the app).

2.5 Location.

• When you open the Create flow or the Discover filter flow, the app reads your foreground location through iOS CLLocationManager to suggest nearby plans. Pijhoon does not track your location in the background. We do not store the raw location reading beyond serving your immediate request, unless you save it as the location of a plan you create — in which case it becomes part of that plan's data.

Basis: consent (you grant location permission in iOS) and contract (to deliver the requested feature).

2.6 Inferred data.

• Aggregated impressions of events you see in Discover and in your feeds, used to rank what we show you next.
• Ranking signals derived from your activity (which plans you tap, which you RSVP to).

Basis: legitimate interest in providing a useful, ranked feed inside the app.

We do not collect precise background location, contacts, photo library beyond what you intentionally attach, microphone, health data, financial data, or government identifiers.

3. HOW WE USE IT

3.1 Run the service. Create and secure your account, authenticate you, send the SMS one-time codes you request, deliver push notifications you opted into, render your feeds, surface plans from friends and friends of friends, and run Discover.

3.2 Community safety. Operate the Bomb accounting, investigate abuse reports, detect and respond to misuse of the Bomb feature, and enforce our Terms and Community Guidelines.

3.3 Improvement and debugging. Diagnose crashes and errors, understand which features are used, and rank Discover events. Ranking signals stay inside Pijhoon and are not shared with advertisers or data brokers.

3.4 Legal and policy. Comply with applicable law (including, where relevant, the laws of the People's Republic of China, the EU, the UK, California, and other jurisdictions where users live) and respond to lawful requests.

3.5 What we do not do. We do not use your data for advertising. We do not run a third-party analytics SDK at this time. We do not profile you for advertising or for targeting outside the in-app ranking. We do not sell your personal information.

4. HOW WE SHARE IT

4.1 Other Pijhoon users. The point of the app is that other users see your plans, chats, and profile in the contexts you choose — friends, friends of friends, group chat participants, public Discover. We share Your Content with those audiences as the product is designed to.

4.2 Service providers (processors). The following third parties process data on our behalf, under their own privacy commitments:

• Supabase — provides authentication, PostgreSQL database, storage, and edge functions. Supabase hosts data on AWS infrastructure that Supabase manages.
• Twilio Verify — delivers SMS one-time codes for phone signup and password reset. Twilio receives the phone number and the code, not your other Pijhoon data.
• Apple Push Notification Service — delivers push notifications. Apple receives device tokens and the encrypted notification payload as required to deliver pushes.
• Sign in with Apple — verifies identity when you choose that login option. Apple's privacy policy governs that flow on Apple's side.

4.3 No sale or behavioural advertising. We do not sell your personal information. We do not share it for cross-context behavioural advertising as those terms are used under California and similar laws.

4.4 Legal disclosures. We may disclose data to comply with applicable law, valid legal process, or enforceable governmental requests, and to protect the rights, safety, and property of Pijhoon, our users, or the public. We will narrow any disclosure to what the specific request requires.

4.5 Business transfers. If the project is ever transferred to another operator (for example if Sida later forms a company that takes over the app), your data may transfer with it, and we will notify you in-app before the transfer takes effect so you can delete your account first if you prefer.

5. INTERNATIONAL TRANSFERS

5.1 Global service. Pijhoon is offered worldwide. Supabase and AWS may store and process your data in regions outside your home country, including regions in Asia, North America, or Europe.

5.2 EU and UK users. Where we transfer personal data out of the EEA or the UK, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) entered into with our processors, plus any supplementary measures reasonable for this kind of service.

5.3 China users. For users in mainland China, we process data in-region where practical. Any cross-border transfer is conducted in line with the Personal Information Protection Law (PIPL), including providing required notices and obtaining separate consent where the law requires it.

5.4 Other regions. For users elsewhere, we rely on the lawful transfer mechanism your local law provides, or on your informed consent.

6. RETENTION

We keep personal data only as long as we need it to run the service or as the law requires.

• Account data (phone, email, password hash, profile): until you delete your account.
• Direct chat messages: kept until you delete them or delete your account.
• Group event chat messages: cleared 24 hours after the event ends.
• Plans and RSVPs: kept while the plan is active and for a reasonable period afterward so participants can review history; removed when you delete your account.
• Bomb debt entries and accounting: kept while the account is active to preserve the integrity of the accountability system; removed when you delete your account.
• APNs device tokens: deleted when you sign out (already wired in the app).
• Recommendation impression history: kept up to 90 days.
• Backups: routine rolling backups maintained by Supabase, typically retained for 7 to 30 days; deleted data ages out of backups within that window.

When the retention period ends, we delete or anonymize the data.

7. YOUR RIGHTS

7.1 Universal. Whatever country you live in, you can ask us to:

• tell you what data we hold about you;
• correct data that is wrong;
• delete your account and the data tied to it;
• export your data in a portable format, where applicable.

To exercise these rights, write to hello@pijhoon.com from the email or phone number on your account, or use any in-app account deletion option we provide. We will respond within the time your law requires (typically 30 days under GDPR, 45 days under CCPA, and the timelines set by PIPL for users in China).

7.2 GDPR and UK GDPR. EU and UK users also have the right to object to or restrict certain processing, to withdraw consent where processing is based on consent, and to lodge a complaint with their local data protection authority — for example the Irish Data Protection Commission, the CNIL, the ICO, or the supervisory authority where you live.

7.3 California (CCPA / CPRA). California residents have the right to know what categories of personal information we collect and the purposes, the right to delete, the right to correct, the right to limit use of sensitive personal information, and the right not to be discriminated against for exercising those rights. We do not sell or share personal information for cross-context behavioural advertising.

7.4 China (PIPL). Users in mainland China have the rights to access, copy, correct, and delete their personal information, to withdraw consent, to ask us to explain our processing rules, and to refuse automated decision-making that produces significant effects. You can also designate someone to exercise these rights on your behalf in the event of death or incapacity.

7.5 Other regions. Users in regions such as Brazil (LGPD), Canada (PIPEDA), Japan (APPI), South Korea (PIPA), Australia (Privacy Act), and similar regimes have the rights granted to them by local law; we will honour them on request.

8. CHILDREN

Pijhoon is not directed at children under 13 (or the higher minimum age that applies where you live). We do not knowingly collect personal information from children below that age. If you believe a child under the applicable minimum age has created an account, write to hello@pijhoon.com and we will delete the account and the associated data.

9. SECURITY

We protect data with measures appropriate to its sensitivity:

• passwords stored as salted hashes by Supabase Auth, never in plaintext;
• transport encryption (TLS) between the app and the backend;
• at-rest encryption provided by Supabase and the underlying AWS infrastructure;
• Supabase row-level security policies that restrict who can read or write which rows;
• APNs device tokens deleted on sign-out so old tokens cannot be reused.

No system is perfectly secure. If we become aware of a personal data breach that affects you, we will notify you and the relevant authority as required by applicable law (for example within 72 hours under GDPR where feasible).

10. CHANGES

We may update this Privacy Policy. The current version is always available in the app, and the Effective date at the top shows when it last changed. Material changes will be surfaced in-app before they take effect. Continued use of Pijhoon after the change takes effect means you accept the updated policy.

11. CONTACT

For privacy questions, rights requests, or complaints: hello@pijhoon.com