Privacy Policy

Last Updated: May 28, 2025

1. Introduction

Welcome to Rudmo ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the App. By using the App, you acknowledge that you have read and understand this Privacy Policy.

2. Information We Collect

We collect information in several ways, including information you provide directly, information we collect automatically, and information we receive from third parties.

2.1. Personal Data You Provide to Us

We collect personal information that you voluntarily provide to us when you:

• Create an account (e.g., using email and password)
• Sign in via third-party providers (e.g., Google, Apple, Meta)
• Set preferences within the App
• Enable personalization features
• Contact us for support or provide feedback
• Make in-app purchases for premium subscriptions (weekly, monthly or yearly) or one-time lifetime purchases
• Interact with features requiring specific permissions (e.g., granting access to your media library or camera)

This information may include:

• Identity Data: First and last name (if provided directly or via a third-party provider).
• Contact Data: Email address.
• Profile Data: Profile picture (if provided from third-party providers).
• Authentication Data: Authentication tokens from third-party providers (we do not store your passwords from these services).
• User-Generated Content: Any information or content you voluntarily create or share within the App.
• Preferences Data: User preferences, notification settings, personalization settings, and selected categories.
• Transaction Data: Purchase history and subscription status (processed via RevenueCat, see Section 6).

2.2. Usage Data We Collect Automatically

When you access and use the App, we automatically collect certain information about your device and your interaction with our App, including:

• Device Information: Device model, operating system version, unique device identifiers (e.g., IDFA, Android ID), screen resolution, and language settings.
• Connectivity Data: IP address, network information, and approximate location data derived from your IP address.
• App Interaction Data: App usage statistics, features used, engagement metrics, buttons clicked, in-app navigation paths, session duration, and interaction with notifications.
• Performance Data: Error logs, crash reports, and performance metrics (collected via Sentry).

2.3. Information Stored Locally on Your Device

The App stores certain information locally on your device to enhance your experience and ensure functionality:

• AsyncStorage: Used for storing non-sensitive data such as your theme preferences, notification settings, personalization settings, and selected categories.
• SecureStore: Used for storing sensitive data, such as authentication tokens or session identifiers, with an additional layer of security on your device.

2.4. Information Collected via Device Features (with Your Permission)

Certain App features require access to your device's native functionalities. We will only access these features with your explicit permission:

• Notifications (via expo-notifications): To send you relevant updates, reminders, or alerts based on your preferences.
• Media Library Access: To allow you to select images or videos from your device for use within the App (e.g., for a profile picture or content creation). We only access files you specifically select.
• Camera/Image Picker Access: To allow you to take photos or videos directly within the App or select existing ones from your gallery. We only access this feature when you choose to use it.
• Haptics: To provide tactile feedback for certain in-app actions, enhancing user experience. This does not typically involve collecting personal data but rather interacting with a device capability.

3. How We Use Your Information

We use the information we collect for various purposes, including:

• To Provide and Maintain the App: Create and manage your account, process your subscriptions, and deliver the App's services and features.
• To Personalize Your Experience: Tailor content, features, and recommendations to your preferences and usage patterns.
• To Improve the App: Analyze usage data and feedback to understand how users interact with the App, identify areas for improvement, develop new features, and enhance functionality.
• To Communicate With You: Send you service-related announcements, updates, security alerts, and support messages. Send notifications based on your preferences (you can manage these in your settings).
• To Provide Customer Support: Respond to your inquiries, troubleshoot issues, and debug the App.
• To Ensure Security and Prevent Fraud: Monitor for and prevent fraudulent or unauthorized activity and enforce our terms and conditions.
• To Process Transactions: Manage in-app purchases and subscriptions through our third-party provider, RevenueCat.
• For Legal Compliance: Comply with applicable legal obligations, respond to lawful requests, and protect our rights and the rights of our users.

4. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy and to comply with our legal obligations. The retention periods are as follows:

• Account Information (Email, Name, Profile Picture, Third-Party Tokens, Preferences): Retained as long as your account is active or until you request deletion.
• Usage Data (Device Info, IP Address, App Interactions, Analytics): Anonymized or aggregated data may be kept indefinitely for analytical purposes. Identifiable usage data is retained for up to 24 months.
• Error Logs and Crash Reports (via Sentry): Retained for up to 90 days.
• Purchase Records (via RevenueCat): Retained as required by applicable law for financial and tax records (typically 7+ years).
• Locally Stored Data (AsyncStorage, SecureStore): Retained on your device until you clear the App's cache/data or uninstall the App.

Upon request for account deletion, we will delete or anonymize your personal information, unless we are legally required or have a legitimate business reason to retain it.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

5.1. Service Providers

We engage third-party companies and individuals to perform services on our behalf (e.g., data hosting, authentication, analytics, error tracking, payment processing, push notifications). These service providers have access to your personal information only to perform these tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose.

Our key service providers include:

• Supabase (Backend as a Service): Provides data hosting, database management, and email/password authentication services. Session management is also handled through Supabase.
  • Privacy Policy: https://supabase.com/privacy
• Authentication Providers (Google, Apple, Meta): Facilitate sign-in to our App using your existing accounts with these services. We receive basic profile information and authentication tokens.
  • Google: https://policies.google.com/privacy
  • Apple: https://www.apple.com/legal/privacy/
  • Meta (Facebook): https://www.facebook.com/privacy/policy/
• Sentry (Error Tracking and Performance Monitoring): Helps us track app crashes, errors, and performance metrics to improve stability and user experience. This includes device information and event data leading to an error.
  • Privacy Policy: https://sentry.io/privacy/
• Analytics Services (App Usage and Engagement Analytics): We may use services like Vexo Analytics, Google Analytics/Firebase, or similar tools to understand how users interact with our App, which features are popular, and overall engagement. The specific analytics provider may change over time.
  • Vexo Analytics Privacy Policy: https://www.vexo.co/privacy/
  • Google Analytics/Firebase Privacy Policy: https://policies.google.com/privacy
• RevenueCat (Subscription Management): Manages our in-app purchases, subscriptions (weekly, monthly and yearly premium) and one-time lifetime purchases. They process payment information and subscription status.
  • Privacy Policy: https://www.revenuecat.com/privacy
• Expo (App Functionality - specifically Expo Notifications): Enables us to send push notifications to your device based on your preferences.
  • Expo's general approach to privacy can be inferred from their terms and the services they use, but for expo-notifications, it typically interfaces with native platform services (APNS, FCM).

5.2. Legal Requirements and Protection of Rights

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation, subpoena, court order, or other governmental request.
• Protect and defend our rights or property.
• Prevent or investigate possible wrongdoing in connection with the App.
• Protect the personal safety of users of the App or the public.
• Protect against legal liability.

5.3. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice within the App of any change in ownership or uses of your personal information.

6. Data Security

We implement appropriate technical and organizational security measures designed to protect the security of your personal information from unauthorized access, use, alteration, or disclosure. These measures include:

• Encryption: We use encryption protocols such as TLS/SSL for data in transit between your device and our servers. Data at rest stored with our cloud providers (e.g., Supabase) is also encrypted.
• Secure Storage: Sensitive information stored locally on your device (e.g., authentication tokens) is kept in SecureStore, which provides an additional layer of encryption.
• Access Controls: We limit access to personal data to employees and third-party service providers who have a legitimate business need to access it and are bound by confidentiality obligations.
• Payment Information Security: We do not directly collect, store, or process your full payment card details. All payment transactions for subscriptions are managed by RevenueCat, which is PCI-DSS compliant and handles your payment information securely.

However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Your Rights and Choices

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal data. These may include:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Correction (Rectification): You can request that we update or correct inaccuracies in your personal data.
• Right to Deletion (Erasure): You can request the deletion of your personal data, subject to certain legal and contractual obligations. Account deletion can be requested by contacting us.
• Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another service where technically feasible. This typically applies to your account information and preferences.
• Right to Object: You can object to our processing of your personal data in certain situations, such as for direct marketing purposes.
• Right to Withdraw Consent: Where our processing of your personal data is based on your consent, you have the right to withdraw that consent at any time.
• Right to Opt-Out: You can opt-out of marketing communications and manage your notification preferences within the App's settings or through your device settings.

How to Exercise Your Rights: To exercise any of these rights, please contact us at holla@yoylab.com. We may need to verify your identity before processing your request. We will respond to your request within the timeframe required by applicable law.

If you are in the European Economic Area (EEA), UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority if you believe our processing of your personal data infringes applicable law.

Account Deletion and Data Export: You can request the deletion of your account and associated personal data by emailing us at holla@yoylab.com. Upon request, we can also provide an export of your primary account data (such as email, name if provided, and key preferences).

8. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. Our service providers like Supabase, Sentry, and RevenueCat may be located in different countries and process data there.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and that appropriate safeguards are in place for such transfers.

9. Age Restrictions

The App is intended for users who are seventeen (17) years of age or older. We do not knowingly collect personal information from individuals under the age of 17. If you are a parent or guardian and you become aware that your child under 17 has provided us with personal information without your consent, please contact us at holla@yoylab.com. If we become aware that we have collected personal information from an individual under 17 without verification of parental consent, we will take steps to delete such information from our servers and terminate the account.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy. We may also provide notice through the App or via email if the changes are significant.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us at:

Email: holla@yoylab.com

---

By using the Rudmo App, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.