Privacy Policy
1. Who we are
Leave On Time (the "App") is a mobile application operated by [Your Legal Entity Name, address, jurisdiction] ("we", "us", "our"). You can reach us at support@getleaveontime.com.
This policy explains what information we collect, how we use it, and the choices you have.
2. What we collect
| Data | Source | Purpose | Stored where |
|---|---|---|---|
| Email address | You provide it at sign-up | Account auth, optional email reminders | Supabase (US) |
| Display name | You provide it (optional) | Personalize the app | Supabase |
| Profile photo | You upload it (optional) | Avatar in the app | Supabase Storage |
| Calendar events | Read from your device with your permission | Compute when to leave for upcoming events | Read on-device every refresh; event title, start time, and location are temporarily stored on our servers only if you enable email reminders, and only for the reminders that are still pending |
| Saved origins (label + address + coordinates) | You add them | Starting point for travel-time calc | Supabase |
| Coarse location | When-in-use, only if you tap "Use current location" while adding an origin | One-time lookup to pre-fill an address | Not persisted by us — handed off to your device's geocoder |
| Notification permission state and local notification queue | Granted by you | Scheduling on-device reminders | iOS / Android (on-device only) |
| Push notification token | Issued by Apple/Google | Reserved for future server push (not used in v1) | Supabase |
| Subscription and purchase data | RevenueCat | Manage Pro entitlements if you subscribe | RevenueCat |
| Crash reports + performance traces | @sentry/react-native | Diagnose bugs | Sentry |
We do not collect:
- Your contacts
- Your photos other than the avatar you choose
- Your microphone, health, motion, or biometric data
- Advertising IDs (IDFA / GAID)
3. How we use it
- Provide the service. Auth, calendar ingest, travel-time calculation, scheduling reminders, sending emails.
- Compute travel time. When events have a location, our
travel-timeEdge Function calls Google Maps Directions on your behalf. The destination address and event start time are sent to Google for that single call. We do not let Google identify you. - Send email reminders (only if you enable the email channel). We render a reminder email and hand it to Resend for delivery to the address you signed up with.
- Diagnose crashes. Sentry receives stack traces and minimal device context to help us fix bugs.
- Process payments. If you subscribe, RevenueCat verifies your purchase with Apple / Google and tracks your entitlement.
We do not sell your data, use it for advertising, build advertising profiles, or share it with third parties for marketing.
4. Third-party services
| Service | What it does | Privacy policy |
|---|---|---|
| Supabase | Authentication, database, file storage, Edge Function hosting | supabase.com/privacy |
| Google Maps Directions API | Drive-time calculation | policies.google.com/privacy |
| Resend | Email delivery | resend.com/legal/privacy-policy |
| Sentry | Crash + performance monitoring | sentry.io/privacy |
| RevenueCat | Subscription management | revenuecat.com/privacy |
| Apple Push Notification service | Push delivery on iOS | apple.com/legal/privacy |
| Firebase Cloud Messaging | Push delivery on Android (future) | firebase.google.com/support/privacy |
5. Where data is stored and processed
Our infrastructure is hosted in the United States. If you access the App from outside the US, your data will be transferred to and processed in the US. By using the App you consent to this transfer.
6. Retention
- Account data (email, profile, origins, preferences): retained until you delete your account.
- Scheduled reminders: pending reminders are kept while their event is in the future. After an email is sent, we keep the row indefinitely for audit purposes; cancelled or stale reminders are kept indefinitely. You can delete them on demand by deleting your account.
- Crash reports (Sentry): retained per Sentry's default policy (typically 30-90 days).
- Payment records (RevenueCat / Apple / Google): retained per applicable financial-record laws.
7. Your rights
Regardless of where you live, you can:
- See, export, or delete your data. Email support@getleaveontime.com, or use the in-app Account → Delete account option.
- Revoke calendar / notification / location permission at any time in your device's Settings app.
- Turn off email reminders in Settings → Notifications. We immediately cancel all pending reminder emails for your account.
California (CCPA/CPRA) residents: You have the right to know, the right to delete, the right to correct, the right to limit use of sensitive personal information (your calendar data qualifies), and the right not to be retaliated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising.
EU/UK (GDPR/UK GDPR) residents: Our legal basis for processing is your consent (calendar / location / notifications) and the contract between us (auth, preferences, payments). You have rights of access, rectification, erasure, restriction, portability, and objection. You can lodge a complaint with your local data protection authority.
8. Children
Leave On Time is not directed at children under 13 (or 16 in the EU). We don't knowingly collect data from children. If you believe a child has provided us data, email support@getleaveontime.com and we'll delete it.
9. Security
We use TLS everywhere, encrypted-at-rest storage at Supabase, OS-level keychain storage for auth tokens on-device, and row-level security so each user only sees their own rows. No system is perfectly secure — please report vulnerabilities to support@getleaveontime.com.
10. Changes
We may update this policy. Material changes will be announced in the app and via email. The "Last updated" date at the top tracks the most recent revision.
11. Contact
Email: support@getleaveontime.com
Mailing address: [Your address]