Stubgram Privacy Policy
Last Updated: March 26, 2026
Effective Date: March 26, 2026
1. Overview
Stubgram ("Company," "we," "us," or "our") operates the Stubgram mobile application ("App") and related web services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App, including any other media form, media channel, mobile website, or mobile application related, linked, or otherwise connected to it.
NOTE: This is a social networking application focused on sharing moments and connecting with creators, including video meetings. We do not handle financial transactions, payments, or money transfers directly through the app.
2. Information We Collect
2.1 Information You Provide Directly
Account Registration:- Email address
- Phone number
- Username
- Password
- Profile information (name, bio, avatar)
Content:- Posts (text, images, videos)
- Stories
- Comments
- Direct messages
- Audio and Video streams during meetings
Support Communications:- Reports, feedback, and support requests
2.2 Device Permissions and Hardware Access
To provide core functionality, Stubgram requires the following permissions on your device. You can revoke these at any time in your OS settings, but doing so may limit app functionality.
- Camera: Required to capture photos and videos for posts, stories, and live video meetings.
- Microphone: Required to record audio for videos, voice messages, and voice chat in meetings.
- Photo Library & Storage: Required to allow you to select, upload, and save photos, videos, and media files to and from the App.
2.3 Information Collected Automatically
Device Information:- Device type, OS version, hardware model, unique device identifiers (IDFA, Android ID)
- IP address
- Mobile network information
Usage Information:- App interaction patterns
- Features accessed
- Error and crash logs (for debugging production issues)
- Session duration
Cookies & Technology:- Authentication tokens stored securely on your device
- Crash reports (e.g., Sentry)
3. How We Use Your Information
3.1 Primary Uses
- Account Management
- Create and maintain your account
- Authentication and security
- Password reset and account recovery
- Service Delivery
- Display social content (posts, stories)
- Enable audio/video meetings and direct messaging
- Deliver notifications
- Create and store your profile
- Safety & Security
- Detect and prevent fraud
- Monitor for suspicious activity
- Enforce Terms of Service
- Investigate violations
- Comply with legal requirements
- Analytics & Improvement
- Understand app usage trends
- Improve features and performance
- Conduct A/B testing
- Generate performance metrics
3.2 Legal Basis for Processing (GDPR Compliance)
- Consent: You explicitly consent to data processing by using the app and granting device permissions.
- Contract: Processing is necessary to provide the service.
- Legitimate Interests: Fraud prevention, product improvement, and security.
4. Data Security
4.1 Encryption
In Transit:- All communications are encrypted using HTTPS/TLS 1.2+
- No plaintext transmission of passwords or authentication tokens
At Rest:- Database encryption via Supabase
- Sensitive fields encrypted with AES-256
4.2 Storage Security
- Tokens stored in secure device storage (iOS Keychain, Android Keystore)
- NO sensitive data stored in plaintext on the device
- Session tokens expire appropriately
- Logout clears all local credential storage
4.3 Access Controls
- Row-Level Security (RLS) policies govern all user data
- Users can only access their own data or public data explicitly shared
- Backend verification of user permissions
- No client-side data manipulation
5. Information Sharing & Disclosure
5.1 We Share Information With
Essential Service Providers:- Supabase: Database hosting, edge functions, and authentication (https://supabase.com)
- Subject to Data Processing Agreement
- Encrypted and isolated data
- Cloud Infrastructure / Hosting Services: e.g., Render, Vercel, Expo EAS
- Encrypted database backups
Legal Requirements:- Law enforcement if legally required (warrant, subpoena)
- Regulatory bodies for compliance audits
- Court orders
NOT Shared:- Your data is NOT sold to advertisers or third-party data brokers
- Your personal data is NOT shared with marketers
- Your email is NOT shared except as required by law
5.2 Third-Party Links
Our App may contain links to third-party websites. This Privacy Policy only applies to Stubgram. We are not responsible for other sites' privacy practices.
6. Data Retention and Deletion (Google Play Data Safety)
6.1 Retention Schedule
| Data Type | Retention Period | Reason |
|---|
| Account Data | Until deletion | User ownership |
| Login Activity | 90 days | Security monitoring |
| Content (Posts/Stories) | Until deletion | User ownership |
| Inactive Accounts | 2 years | Then deletion |
6.2 User Rights to Deletion
You have the right to request the complete deletion of your account and all associated personal data from our systems.
Permanent Deletion Process:- In-App Method: Navigate to
Settings → Data & Privacy → Delete Account in the Stubgram app. - Web/Out-of-App Method: If you have uninstalled the app and wish to delete your data, please email a deletion request to privacy@stubgram.app.
- Grace Period: 30-day grace period to allow account recovery if requested accidentally.
- All personal data, posts, and media are permanently deleted or anonymized after 30 days.
7. Your Rights & Control
7.1 Data Rights (GDPR/CCPA Compliant)
You have the right to:
- Access: Request all data we hold about you
- Rectification: Correct inaccurate data
- Erasure: Delete your data (subject to legal holds)
- Restriction: Limit how we process your data
- Portability: Receive your data in machine-readable format
- Objection: Object to specific data processing
How to Exercise Rights:- 📧 Email: privacy@stubgram.app
- ⏱️ Response time: 30 days
- 💰 No fees for reasonable requests
7.2 Account Controls
- Privacy Settings: Control content visibility
- Notification Settings: Opt-out of notifications
- Session Management: View and logout from active sessions
- Download Your Data: Export all personal data via app requests
8. Children's Privacy
We do NOT knowingly collect data from children under the age of 13. Given the social nature of Stubgram, the platform is restricted to users who are 13 years of age or older. If we learn a child under 13 has provided information, we will delete it immediately and terminate the account. Parents concerned their child has used the service should contact: privacy@stubgram.app
9. International Data Transfers
Your data may be transferred to and stored in countries other than your country of residence. These countries may have different data protection laws.
Data Location:- Primary: European or North American servers
- Backup: Encrypted offsite backups
We ensure adequate safeguards including:
- Standard Contractual Clauses with all processors
- Data encryption in transit and at rest
- Your explicit consent to international transfer
10. Security Breaches
In the event of a data breach affecting your personal information:
- Notification: You will be notified within 72 hours
- Details: Breach type, affected data, immediate actions
- Transparency: Full incident report available
- Regulator Notice: Required authorities are notified per GDPR Art. 33
11. Contact & Complaints
11.1 Questions or Requests
Privacy Officer: privacy@stubgram.appResponse Time: 30 days
11.2 Regulatory Complaints
If you believe your rights have been violated:
- GDPR Countries: Lodge complaint with local data protection authority
- CCPA (USA): File complaint with California Attorney General
- Other Jurisdictions: Contact local privacy regulator
12. Changes to Privacy Policy
We may update this policy periodically. Changes become effective when posted. If material changes are made, we will notify you via email or prominent in-app notice. Continued use of the App constitutes acceptance of updates.
13. Compliance Certifications
- ✓ GDPR compliant (adequate safeguards)
- ✓ CCPA compliant (US privacy)
- ✓ Google Play Data Safety compliant