GreetPop

Privacy Policy

Last updated: 25 May 2026

This Privacy Policy explains how Nazar Verbytskyi ("I", "me", "my") collects, uses, and protects your personal data when you use GreetPop ("the App").


1. Who I Am (Data Controller)

Nazar Verbytskyi
Stanczyka 22, Kraków, 30-126, Poland
Email: verbytskyi.nazar@gmail.com

For users in the EU/UK, I am the data controller responsible for your personal data.


2. What Data I Collect

DataWhy Collected
Account info — name, email addressCreate and manage your account
Sign-in provider data — name and email from Google or Apple when you sign in with those servicesAuthenticate your account
Friends/contacts — name, birthday, phone number, email, relationship label, notesPower reminders and greeting suggestions
Friends' social handles — Instagram, Snapchat, Discord, Telegram, Facebook usernames (optional, only if you add them)Provide quick-launch links for sending greetings
Events — occasion type, date, notes, recurrence settingsSchedule and personalise reminders
Greeting history — occasion, channel used, and a short excerpt of the greeting message sentShow you a memory timeline of past greetings
Device contacts (only if you grant permission)Import friends from your address book; nothing is uploaded until you explicitly tap Import
Photos from your library (only if you grant permission)Add photos to greeting cards you create
Local notification data — title, body, delivery time, and read statusTrack your notification history in the in-app Notification Centre
Subscription statusUnlock premium features
Voice data (only if you grant microphone permission)Process voice commands for the voice assistant (Android) and message dictation; processed entirely on your device and never stored or transmitted
Siri shortcuts dataEnable voice-activated reminders (iOS only)
Usage analytics — events and user properties (see Section 4)Understand how the App is used to improve it
Device identifiers — iOS Vendor ID (IDFV) or Android Advertising ID (GAID)Crash reporting and analytics
Error and crash data (see Section 4 — Sentry)Monitor app stability, diagnose crashes, and improve reliability

I do not collect payment card details. Payments are handled entirely by Apple or Google.

I do not store the full text of greeting messages you compose. Only a short excerpt is saved to your greeting history.

I do not access your camera. Photo access is limited to your existing photo library when you choose to add a photo to a card.


3. Legal Basis for Processing (GDPR / UK GDPR)

For users in the EU and UK:

Processing ActivityLegal Basis
Providing the core app serviceContract (Art. 6(1)(b))
Sending reminders and notificationsLegitimate interest (Art. 6(1)(f))
Analytics and crash reportingLegitimate interest (Art. 6(1)(f))
Contacting you about your accountContract (Art. 6(1)(b))

4. Third-Party Services

ProcessorPurposeData SharedPrivacy Info
Supabase Backend database and authentication Account info, friends, events, reminders, greeting history, notification log supabase.com/privacy
Apple / App Store Sign-in, in-app purchases, subscriptions, and app delivery Apple ID name and email (sign-in); purchase receipts apple.com/privacy
Google / Google Play Sign-in via Google account; in-app purchases and subscriptions (Android) Google account name and email (sign-in); purchase receipts (Android) policies.google.com/privacy
Mixpanel Usage analytics A user ID, email address (used to link analytics to your account), platform, country, premium status, friend count, and in-app events (e.g. "reminder saved", "card built"). No message content or friend names are sent. Mixpanel processes this data as our data processor under a Data Processing Agreement. mixpanel.com/legal/privacy-policy
Anthropic AI greeting message generation — when you create a custom occasion, the occasion label (e.g. "Retirement party") is sent to Claude to generate greeting template suggestions. Do not include personal names or private details in occasion labels. No other personal data (names, emails, or contact details) is sent. Generated templates are stored and shared across all users. Anthropic processes occasion labels as our data processor under a Data Processing Agreement. Occasion label only anthropic.com/privacy
Sentry Error tracking and crash reporting — to monitor app stability and diagnose errors, we send crash logs, error stack traces, performance data, and session replay video to Sentry, a monitoring service operated by Functional Software, Inc. (US). Data sent includes: your user ID (to link errors to your account), application crash logs and exception stack traces, device information (type, OS version, app version), IP address, a short video replay of the session before the error occurred (sampling ~10% of normal sessions, 100% of error sessions), navigation breadcrumbs (user actions like button taps and screen transitions), and optional custom context. Sentry processes this data as our data processor under a signed Data Processing Agreement (v5.1.0) covering Standard Contractual Clauses for GDPR and UK GDPR compliance. We do not send sensitive or special-category personal data to Sentry. Data is retained for up to 90 days then deleted. User ID, crash logs, stack traces, device info, IP address, session replay video, breadcrumbs, performance data sentry.io/privacy · DPA v5.1.0
Facebook (optional) Birthday import via in-app browser — only if you choose to use this feature You authenticate directly with Facebook; I receive only the birthday data you approve facebook.com/privacy
Unsplash Card background images fetched from Unsplash servers No personal data; HTTP image requests only unsplash.com/privacy

I do not sell your personal data to any third party.


5. International Data Transfers

Your data is stored on servers which may be located outside your country. Transfers are protected as follows:

For Hong Kong users: transfers outside HK are only made where adequate protection exists or with your consent.


6. Data Security

I take reasonable technical and organisational measures to protect your data, including encrypted connections (TLS), Supabase row-level security, and access controls. No method of transmission over the internet is 100% secure, and I cannot guarantee absolute security.


7. Data Retention

DataRetention Period
Account dataRetained while your account is active
Friends, events, reminders, greeting historyDeleted when you remove them or delete your account
After account deletionAll personal data permanently erased within 30 days
Crash reportsRetained for up to 90 days, then deleted
Sentry error/crash data and session replay videoRetained for up to 90 days, then automatically deleted
Analytics data (Mixpanel)Event data retained for up to 25 months; your identity is reset on account deletion and historical event data is retained in aggregated, anonymised form only

8. Your Rights

EU / UK (GDPR / UK GDPR)

Australia (Privacy Act 1988)

Canada (PIPEDA / Quebec Law 25)

New Zealand (Privacy Act 2020)

Singapore (PDPA)

Hong Kong (PDPO)

Brazil (LGPD — Lei Geral de Proteção de Dados)

United States — California (CCPA / CPRA)

All other jurisdictions

Where local law grants you additional privacy rights not listed above, those rights apply and you may exercise them by contacting me.

To exercise any right, email: verbytskyi.nazar@gmail.com. I will respond within 30 days.


9. Children's Privacy

The App is not directed at children under 13 (or 16 in the EU/UK). I do not knowingly collect data from children. If you believe a child has provided data, contact me and I will delete it promptly.


10. Device Contacts Permission

If you grant access to your device contacts, I read names, phone numbers, and birthdays only to help you import friends. This data is not uploaded until you explicitly tap Import. You can revoke access at any time in your device Settings.


11. Photo Library Permission

The card builder lets you add photos from your library to greeting cards. I access your photo library only when you tap to add a photo and only read the image you select. I do not access your camera. You can revoke photo access at any time in your device Settings.

Cards you create can be saved back to your photo library — this requires a separate save-to-photos permission, which you grant separately.


12. Microphone Permission

If you grant microphone access, voice input is processed entirely on your device using your device's built-in speech recognition. No audio is recorded, stored, or transmitted to any server. You can revoke microphone access at any time in your device Settings.


13. Notifications

Notifications in GreetPop are scheduled locally on your device — no external push server is used. You can disable notifications at any time in your device Settings.


14. Session Replay and Error Monitoring

To help us diagnose crashes and improve app stability, Sentry records a short replay video of user sessions before errors occur. This replay captures:

Session replays are sampled at approximately 10% of normal sessions and 100% of sessions with errors. Replays are retained for up to 90 days then permanently deleted. Replay data is encrypted in transit and at rest.


15. Changes to This Policy

I may update this policy occasionally. I will notify you via the App or email for material changes. The "Last updated" date at the top will always reflect the current version.


16. Contact

Nazar Verbytskyi
Stanczyka 22, Kraków, 30-126, Poland
Email: verbytskyi.nazar@gmail.com