Legal

Privacy
Policy

How we collect, use, and protect your information when you use WAYPOINT.

Effective: 23 April 2026 Last updated: 23 April 2026

We do not sell your personal information. This policy explains exactly what we collect and why — so you can make informed choices about using WAYPOINT.

Contents
01Information We Collect 02How We Use Information 03Legal Bases (EEA/UK) 04Notifications & Permissions 05How & Where Data Is Stored 06Sharing of Information 07Data Retention 08Account Deletion & Your Rights 09International Data Transfers 10Children's Privacy 11Security 12Changes to This Policy 13Contact Us
01

Information We Collect

We collect the following categories of information when you use WAYPOINT:

Account
  • Email address
  • Account credentials (via auth provider)
  • Internal user ID
Profile & Onboarding
  • Name or nickname
  • Recovery start date
  • Onboarding preferences
Wellness Content
  • Daily check-in responses
  • Urge logs (triggers, emotions, notes)
  • Weekly review responses
  • Custom preference lists
Support & Contact
  • In-app contact messages
  • Selected support topic
Subscription Data
  • Subscription status
  • Entitlement metadata
  • Purchase info via app stores
Technical & Usage
  • Device/platform metadata
  • Session-related app state
  • Network/connectivity state
  • Onboarding analytics (when enabled)
02

How We Use Information

We use your information to:

  • Create and secure your account
  • Provide personalized check-ins, recovery workflows, and reminders
  • Save and sync your entries and preferences
  • Generate in-app insights and weekly summaries
  • Process and manage subscriptions and entitlements
  • Respond to support requests
  • Improve app performance, reliability, and onboarding experience
  • Detect misuse and protect the service
03

Legal Bases (EEA/UK, if applicable)

Where required, we process data under one or more of the following legal bases:

Contract performance Legitimate interests Consent Legal obligations

Contract performance applies to providing the app features you request. Legitimate interests cover security, product improvement, and abuse prevention. Consent applies to optional features such as notifications where required by law.

04

Notifications and Permissions

WAYPOINT may request notification permissions to send scheduled reminders such as check-ins and weekly prompts.

On Android, the app may request permissions related to notifications, vibration, and exact alarm scheduling so reminders occur at your chosen time.

You can disable notifications at any time in your device settings.

05

How and Where Data Is Stored

🗄️
Supabase Authentication, database, and backend functions — cloud hosted
💳
RevenueCat Subscription and entitlement management — with Apple/Google billing
📱
Local Device Storage Session persistence and temporary onboarding cache — stored on your device only
06

Sharing of Information

We do not sell your personal information

We share information only as needed with service providers that process data on our behalf:

  • Supabase — authentication, database, and backend operations
  • RevenueCat — subscription and entitlement operations
  • Apple App Store / Google Play — billing and subscription management
  • Expo services — app infrastructure features such as notifications and platform functionality

We may also disclose information if required by law, legal process, or to protect rights, safety, and platform integrity.

07

Data Retention

We retain information for as long as needed to provide the service and for legitimate business and legal purposes, including security and compliance.

Account and app-content data are generally retained until account deletion, or as otherwise required by law.

08

Account Deletion and Your Rights

You can request deletion of your account directly from within the app settings. When deletion is processed, we will delete or de-identify personal information associated with your account, subject to legal or operational retention needs.

Depending on your region, you may have the following rights over your personal data:

Access
Correct
Delete
Restrict
Object
Portability

To exercise any of these rights, contact us at contact@waypointapp.website or via the in-app contact form.

09

International Data Transfers

Your information may be processed in countries other than your own, where our service providers operate.

Where required by applicable law, we implement appropriate safeguards for any such international transfers.

10

Children's Privacy

WAYPOINT is not intended for children under 16 years old. We do not knowingly collect personal information from children below that age.

If you believe we have inadvertently collected data from a child under 16, please contact us immediately.

11

Security

We use reasonable technical and organizational safeguards to protect personal data, including authenticated access controls and encrypted network transport.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last Updated" date and provide notice as required by law.

13

Contact Us

For privacy questions or to exercise your rights, reach out to us:

contact@waypointapp.website Or via the in-app contact form in WAYPOINT