Welcome to ArrowPoint! Your privacy is important to us. This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights regarding your data.
By using ArrowPoint, you agree to the collection and use of information as described in this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address (for authentication and account recovery)
- Username (your public display name)
- Password (encrypted and never stored in plain text)
- Profile information (optional: display name, bio, avatar photo, location)
1.2 User-Generated Content
When you use ArrowPoint, we collect content you create:
- Arrowhead photos (uploaded to your vault or shared publicly)
- Social posts and comments (if you choose to share publicly)
- Find details (state, county, finder name, date found, notes, measurements)
- Votes and likes (on posts and comments)
- Reports (when you report content for moderation)
1.3 Location Information
We collect approximate location data only when you choose to provide it:
- State and County (optional, manually selected by you)
- No GPS coordinates are collected
- You control whether location data is shared publicly with your posts
1.4 Photos and Metadata
When you upload photos:
- Photos are processed before storage using image manipulation tools
- EXIF metadata is automatically stripped during processing, including:
- GPS coordinates embedded in photos
- Camera make and model
- Timestamps and other technical data
- Only the processed image is stored, protecting your privacy
1.5 Usage Data
We automatically collect:
- Device information (operating system, app version)
- Push notification tokens (to send you notifications)
- Usage analytics (feature usage, app performance, crash reports)
- Interaction data (what you view, like, comment on, or report)
1.6 Payment Information
If you subscribe to Premium or Pro plans:
- Payment processing is handled by Apple's In-App Purchase system
- We do NOT store your credit card or payment information
- Apple provides us with only your subscription status (active/expired)
2. How We Use Your Information
2.1 Provide Core Services
- Authenticate your account and maintain security
- Store and display your arrowhead collection
- Enable arrowhead identification using AI
- Facilitate social features (posts, comments, follows)
- Send push notifications (new comments, likes, mentions)
2.2 Improve the App
- Analyze usage patterns to improve features
- Fix bugs and optimize performance
- Develop new features based on user behavior
2.3 Ensure Safety and Compliance
- Moderate user-generated content
- Investigate and respond to reports of violations
- Enforce our Terms of Service
- Prevent fraud, spam, and abuse
2.4 Communicate with You
- Send account-related notifications
- Notify you of moderation actions on your content
- Respond to your support requests
3. How We Share Your Information
3.1 Public Information
The following information is publicly visible to other ArrowPoint users:
- Your username, display name, bio, and avatar
- Posts and comments you choose to share publicly
- Vault items you mark as "public" or share to social feeds
- Your follower count and public activity
3.2 Limited Sharing
We may share your information with:
- Service Providers:
- Supabase (database and authentication)
- Cloudflare R2 (image storage)
- Apple (push notifications and in-app purchases)
- OpenAI (AI-powered arrowhead identification - images only, no personal data)
- Legal Obligations: If required by law, court order, or government request
- Safety: To protect the rights, property, or safety of ArrowPoint, our users, or the public
3.3 What We DO NOT Share
- We never sell your personal information to third parties
- We never share your email address publicly
- We never share your password (it's encrypted and hashed)
- We never share stripped EXIF metadata (it's permanently deleted)
4. Data Storage and Security
4.1 Where Your Data is Stored
- User data: Stored on Supabase (PostgreSQL database)
- Photos: Stored on Cloudflare R2 (object storage)
- Servers: Located in the United States
4.2 How We Protect Your Data
- Encryption: All data is transmitted using HTTPS/TLS encryption
- Password Security: Passwords are hashed and salted (bcrypt)
- Access Control: Row-level security policies restrict data access
- Regular Backups: Automatic daily backups
- Monitoring: 24/7 security monitoring for unauthorized access
4.3 Data Retention
- Active accounts: Data is retained as long as your account is active
- Deleted accounts: Data is permanently deleted within 30 days of account deletion
- Moderation logs: Kept for 12 months for safety and compliance
5. Your Privacy Rights
5.1 Access and Control
You have the right to:
- Access your personal data at any time
- Edit your profile, posts, and vault items
- Delete your content (posts, comments, vault items)
- Control visibility (mark vault items as private/public)
- Opt out of location sharing (never required)
5.2 Account Deletion
You can delete your account at any time:
- Navigate to Settings → Account → Delete Account
- All personal data will be permanently deleted within 30 days
- Public posts may remain visible (anonymized) to preserve conversation threads
5.3 Data Portability
You can export your data:
- Contact us at arrowpointapp@gmail.com to request a data export
- We will provide your data in a machine-readable format (JSON)
5.4 Communication Preferences
You can control notifications:
- Push notifications: Toggle on/off in Settings → Notifications
- Email notifications: Unsubscribe from promotional emails anytime
6. Children's Privacy
ArrowPoint is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.
If you believe a child under 13 has created an account, please contact us at arrowpointapp@gmail.com.
7. Third-Party Services
ArrowPoint integrates with third-party services. Please review their privacy policies:
We are not responsible for the privacy practices of these third parties.
8. International Users
ArrowPoint is based in the United States. If you are accessing the app from outside the US, your information will be transferred to, stored, and processed in the United States. By using ArrowPoint, you consent to this transfer.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
- We will update the "Last Updated" date at the top
- We will notify you via push notification or email (if significant changes)
- Continued use of the app after changes means you accept the updated policy
You can always review the latest policy at this URL (will be updated after hosting on GitHub Pages).
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights:
- Right to Know: Request details about what personal information we collect
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
- Non-Discrimination: We won't discriminate against you for exercising your rights
To exercise these rights, contact us at arrowpointapp@gmail.com.
11. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have additional rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing of your personal data
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact us at arrowpointapp@gmail.com.
12. Cookies and Tracking
ArrowPoint does not use cookies for tracking. We use:
- Session tokens: To keep you logged in (stored locally on your device)
- Analytics: To understand app usage (anonymized data only)
You can reset your session by logging out or uninstalling the app.
14. Dispute Resolution
If you have a complaint about our privacy practices, please contact us first. We will investigate and attempt to resolve any complaints within 30 days.
If you are not satisfied, you may:
- File a complaint with the Federal Trade Commission (FTC) in the US
- File a complaint with your local data protection authority (for EU residents)
Summary (TL;DR)
✅ We collect: Email, username, photos, posts, and optional location (state/county only)
✅ We strip: EXIF metadata (GPS, camera info) from all uploaded photos
✅ We protect: All data with encryption, secure passwords, and access controls
✅ We don't sell: Your data to anyone, ever
✅ You control: What you share, who sees it, and you can delete your account anytime
✅ We're transparent: This policy tells you exactly what we do
Thank you for trusting ArrowPoint with your arrowhead collection! 🏹