Privacy Policy

1. Information we collect

Account data

• Email address and authentication details (including third-party sign-in tokens from Apple or Google)
• Display name and profile settings

Service data

• Notes, messages, and recipient contact details you provide
• Check-in history, reminder preferences, and silence window configurations
• Subscription status and plan tier (via RevenueCat; we do not receive or store payment card details)

Technical data

• Device type, operating system, and app version
• IP address and approximate location (country/region level)
• Push notification tokens
• App usage events, crash reports, and performance logs

2. How we use information

We process your data on the following legal bases:

• Contract performance: to operate the Service, manage your account, process note workflows, send check-in reminders, and deliver notes to your configured recipients.
• Legitimate interest: to secure and improve the Service, prevent fraud, and analyse usage trends.
• Legal obligation: to comply with applicable laws, regulations, and legal processes.
• Consent: to send optional marketing communications (you can opt out at any time).

3. Automated processing

The Service uses automated processes to monitor your check-in status and trigger note delivery when a silence window expires. These automated decisions are based solely on your configured settings and check-in activity. You can prevent delivery at any time by checking in, pausing notes, or deleting your account.

4. Sharing and third-party services

We do not sell, rent, or trade your personal information. We share data only with:

• Cloud infrastructure providers (hosting and database services)
• Authentication providers (Apple, Google sign-in)
• Communication services (email delivery, push notifications, SMS gateways)
• Subscription management (RevenueCat, Apple App Store, Google Play Store)
• Analytics and error tracking services

All service providers are contractually required to protect your data and may only process it on our instructions.

5. Recipient data

If you provide contact details for recipients (email addresses, phone numbers), you confirm you have a legitimate basis to share their details with us for the purpose of delivering your notes. Recipients will only be contacted when your note workflows are triggered. We do not use recipient data for any other purpose.

6. International data transfers

Your data may be processed and stored in countries outside your jurisdiction, including Australia and the United States. Where data is transferred internationally, we rely on appropriate safeguards such as standard contractual clauses or the recipient's participation in recognised data protection frameworks.

7. Data retention

• Active accounts: data is retained for as long as your account is active.
• Deleted accounts: User Content is deleted within 30 days of account deletion. Technical logs and anonymised analytics may be retained for up to 12 months for security and service improvement purposes.
• Legal holds: data may be retained longer where required by law or to protect our legal rights.

8. Security

We use industry-standard technical and organisational measures to protect your data, including encryption at rest and in transit, access controls, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.

9. Your rights

Depending on your location, you may have the right to:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data (subject to legal retention requirements).
• Portability: receive your data in a structured, machine-readable format.
• Restriction: request that we restrict processing in certain circumstances.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at support@justincasenote.com. We will respond within 30 days (or as required by applicable law). If you are unsatisfied with our response, you may lodge a complaint with your local data protection authority.

Australian residents

You have rights under the Privacy Act 1988 (Cth) and may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

EU/EEA residents

You have rights under the General Data Protection Regulation (GDPR).

California residents

You have rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.

10. Push notifications and SMS

We send push notifications for check-in reminders and safety alerts. You can manage push notification preferences in your device settings. SMS reminders (available on paid plans) require your explicit opt-in and can be disabled at any time in the app.

11. Children

The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The “Last Updated” date at the top indicates the most recent revision.

13. Contact

Support: support@justincasenote.com