Last updated: 25 May 2026
This Privacy Policy explains how Nazar Verbytskyi ("I", "me", "my") collects, uses, and protects your personal data when you use GreetPop ("the App").
Nazar Verbytskyi
Stanczyka 22, Kraków, 30-126, Poland
Email: verbytskyi.nazar@gmail.com
For users in the EU/UK, I am the data controller responsible for your personal data.
| Data | Why Collected |
|---|---|
| Account info — name, email address | Create and manage your account |
| Sign-in provider data — name and email from Google or Apple when you sign in with those services | Authenticate your account |
| Friends/contacts — name, birthday, phone number, email, relationship label, notes | Power reminders and greeting suggestions |
| Friends' social handles — Instagram, Snapchat, Discord, Telegram, Facebook usernames (optional, only if you add them) | Provide quick-launch links for sending greetings |
| Events — occasion type, date, notes, recurrence settings | Schedule and personalise reminders |
| Greeting history — occasion, channel used, and a short excerpt of the greeting message sent | Show you a memory timeline of past greetings |
| Device contacts (only if you grant permission) | Import friends from your address book; nothing is uploaded until you explicitly tap Import |
| Photos from your library (only if you grant permission) | Add photos to greeting cards you create |
| Local notification data — title, body, delivery time, and read status | Track your notification history in the in-app Notification Centre |
| Subscription status | Unlock premium features |
| Voice data (only if you grant microphone permission) | Process voice commands for the voice assistant (Android) and message dictation; processed entirely on your device and never stored or transmitted |
| Siri shortcuts data | Enable voice-activated reminders (iOS only) |
| Usage analytics — events and user properties (see Section 4) | Understand how the App is used to improve it |
| Device identifiers — iOS Vendor ID (IDFV) or Android Advertising ID (GAID) | Crash reporting and analytics |
| Error and crash data (see Section 4 — Sentry) | Monitor app stability, diagnose crashes, and improve reliability |
I do not collect payment card details. Payments are handled entirely by Apple or Google.
I do not store the full text of greeting messages you compose. Only a short excerpt is saved to your greeting history.
I do not access your camera. Photo access is limited to your existing photo library when you choose to add a photo to a card.
For users in the EU and UK:
| Processing Activity | Legal Basis |
|---|---|
| Providing the core app service | Contract (Art. 6(1)(b)) |
| Sending reminders and notifications | Legitimate interest (Art. 6(1)(f)) |
| Analytics and crash reporting | Legitimate interest (Art. 6(1)(f)) |
| Contacting you about your account | Contract (Art. 6(1)(b)) |
| Processor | Purpose | Data Shared | Privacy Info |
|---|---|---|---|
| Supabase | Backend database and authentication | Account info, friends, events, reminders, greeting history, notification log | supabase.com/privacy |
| Apple / App Store | Sign-in, in-app purchases, subscriptions, and app delivery | Apple ID name and email (sign-in); purchase receipts | apple.com/privacy |
| Google / Google Play | Sign-in via Google account; in-app purchases and subscriptions (Android) | Google account name and email (sign-in); purchase receipts (Android) | policies.google.com/privacy |
| Mixpanel | Usage analytics | A user ID, email address (used to link analytics to your account), platform, country, premium status, friend count, and in-app events (e.g. "reminder saved", "card built"). No message content or friend names are sent. Mixpanel processes this data as our data processor under a Data Processing Agreement. | mixpanel.com/legal/privacy-policy |
| Anthropic | AI greeting message generation — when you create a custom occasion, the occasion label (e.g. "Retirement party") is sent to Claude to generate greeting template suggestions. Do not include personal names or private details in occasion labels. No other personal data (names, emails, or contact details) is sent. Generated templates are stored and shared across all users. Anthropic processes occasion labels as our data processor under a Data Processing Agreement. | Occasion label only | anthropic.com/privacy |
| Sentry | Error tracking and crash reporting — to monitor app stability and diagnose errors, we send crash logs, error stack traces, performance data, and session replay video to Sentry, a monitoring service operated by Functional Software, Inc. (US). Data sent includes: your user ID (to link errors to your account), application crash logs and exception stack traces, device information (type, OS version, app version), IP address, a short video replay of the session before the error occurred (sampling ~10% of normal sessions, 100% of error sessions), navigation breadcrumbs (user actions like button taps and screen transitions), and optional custom context. Sentry processes this data as our data processor under a signed Data Processing Agreement (v5.1.0) covering Standard Contractual Clauses for GDPR and UK GDPR compliance. We do not send sensitive or special-category personal data to Sentry. Data is retained for up to 90 days then deleted. | User ID, crash logs, stack traces, device info, IP address, session replay video, breadcrumbs, performance data | sentry.io/privacy · DPA v5.1.0 |
| Facebook (optional) | Birthday import via in-app browser — only if you choose to use this feature | You authenticate directly with Facebook; I receive only the birthday data you approve | facebook.com/privacy |
| Unsplash | Card background images fetched from Unsplash servers | No personal data; HTTP image requests only | unsplash.com/privacy |
I do not sell your personal data to any third party.
Your data is stored on servers which may be located outside your country. Transfers are protected as follows:
For Hong Kong users: transfers outside HK are only made where adequate protection exists or with your consent.
I take reasonable technical and organisational measures to protect your data, including encrypted connections (TLS), Supabase row-level security, and access controls. No method of transmission over the internet is 100% secure, and I cannot guarantee absolute security.
| Data | Retention Period |
|---|---|
| Account data | Retained while your account is active |
| Friends, events, reminders, greeting history | Deleted when you remove them or delete your account |
| After account deletion | All personal data permanently erased within 30 days |
| Crash reports | Retained for up to 90 days, then deleted |
| Sentry error/crash data and session replay video | Retained for up to 90 days, then automatically deleted |
| Analytics data (Mixpanel) | Event data retained for up to 25 months; your identity is reset on account deletion and historical event data is retained in aggregated, anonymised form only |
EU / UK (GDPR / UK GDPR)
Australia (Privacy Act 1988)
Canada (PIPEDA / Quebec Law 25)
New Zealand (Privacy Act 2020)
Singapore (PDPA)
Hong Kong (PDPO)
Brazil (LGPD — Lei Geral de Proteção de Dados)
United States — California (CCPA / CPRA)
All other jurisdictions
Where local law grants you additional privacy rights not listed above, those rights apply and you may exercise them by contacting me.
To exercise any right, email: verbytskyi.nazar@gmail.com. I will respond within 30 days.
The App is not directed at children under 13 (or 16 in the EU/UK). I do not knowingly collect data from children. If you believe a child has provided data, contact me and I will delete it promptly.
If you grant access to your device contacts, I read names, phone numbers, and birthdays only to help you import friends. This data is not uploaded until you explicitly tap Import. You can revoke access at any time in your device Settings.
The card builder lets you add photos from your library to greeting cards. I access your photo library only when you tap to add a photo and only read the image you select. I do not access your camera. You can revoke photo access at any time in your device Settings.
Cards you create can be saved back to your photo library — this requires a separate save-to-photos permission, which you grant separately.
If you grant microphone access, voice input is processed entirely on your device using your device's built-in speech recognition. No audio is recorded, stored, or transmitted to any server. You can revoke microphone access at any time in your device Settings.
Notifications in GreetPop are scheduled locally on your device — no external push server is used. You can disable notifications at any time in your device Settings.
To help us diagnose crashes and improve app stability, Sentry records a short replay video of user sessions before errors occur. This replay captures:
Session replays are sampled at approximately 10% of normal sessions and 100% of sessions with errors. Replays are retained for up to 90 days then permanently deleted. Replay data is encrypted in transit and at rest.
I may update this policy occasionally. I will notify you via the App or email for material changes. The "Last updated" date at the top will always reflect the current version.
Nazar Verbytskyi
Stanczyka 22, Kraków, 30-126, Poland
Email: verbytskyi.nazar@gmail.com