Privacy Policy - TowerLite

1. Introduction

This is the official privacy policy for the TowerLite mobile application. This policy is provided by the developer associated with the site at www.towerlite.app.

This Privacy Policy describes how TowerLite ("we", "our", "us", or "Company") collects, uses, discloses, and safeguards your information when you use our mobile application TowerLite (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

            Important: This Privacy Policy applies to all users of TowerLite, regardless of your location. We are committed to protecting your privacy and ensuring compliance with applicable data protection laws.
        

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you use our Service:

Account Information: Email address, username, profile picture
Authentication Data: OAuth tokens from Google and Apple Sign-In
Profile Data: User preferences, notification settings, achievement progress
Contact Information: Email address for account management and support

2.2 Location Information

We collect and process location data to provide our core services:

Primary Location: Your selected primary location for power status reporting
Saved Locations: Locations you save for monitoring
Report Locations: Location data associated with your power status reports
Device Location: Approximate location for location-based features (with permission)

2.3 User-Generated Content

We collect content you create while using our Service:

Power Status Reports: Text descriptions, power status indicators, timestamps
Comments: Text comments on reports, reply chains
Images: Photos shared with reports (stored securely)
Interactions: Likes, saves, and other engagement data

2.4 Technical Information

We automatically collect certain technical information:

Device Information: Device type, operating system, app version
Usage Data: App usage patterns, feature interactions, session duration
Network Information: network type, connection quality
Push Notification Tokens: Device tokens for push notifications
Crash Reports: Error logs and performance data

3. How We Use Your Information

3.1 Primary Uses

Service Provision: To provide and maintain our power status reporting service
User Management: To create and manage your account, authenticate users
Content Display: To show power status reports, comments, and user interactions
Location Services: To provide location-based power status information
Notifications: To send relevant power updates and app notifications

3.2 Improvement and Analytics

Service Improvement: To analyze usage patterns and improve app functionality
Bug Fixes: To identify and resolve technical issues
Feature Development: To develop new features based on user needs
Performance Monitoring: To monitor app performance and stability

3.3 Communication

Account Updates: To notify you of account changes and security updates
Support: To respond to your support requests and inquiries
Legal Compliance: To comply with legal obligations and enforce our terms

4. Information Sharing and Disclosure

4.1 Public Information

The following information is publicly visible to other users:

Your username and profile picture
Power status reports you post
Comments you make on reports
Your achievement progress and level
General location information (area/city level)

4.2 Service Providers

We share information with trusted third-party service providers:

Supabase: Database hosting, authentication, and backend services
Google/Apple: OAuth authentication services
Push Notification Services: For delivering notifications
Analytics Providers: For app usage analytics (anonymized data)

4.3 Legal Requirements

We may disclose your information when required by law:

To comply with legal processes or government requests
To protect our rights, property, or safety
To investigate potential violations of our terms
To prevent fraud or security threats

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to the same privacy protections.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Security

Encryption: All data is encrypted in transit using HTTPS/TLS protocols
Database Security: Secure database access with role-based permissions
Authentication: Secure OAuth flows and token-based authentication
API Security: Protected API endpoints with rate limiting

5.2 Operational Security

Access Controls: Limited access to personal data on a need-to-know basis
Regular Audits: Periodic security assessments and vulnerability testing
Incident Response: Procedures for handling security incidents
Data Backup: Regular secure backups with encryption

            Note: While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
        

6. Data Retention

6.1 Retention Periods

Account Data: Retained while your account is active. Upon a deletion request, your account is permanently deleted within 7 days.
User-Generated Content: Retained while your account is active. Upon a deletion request, your content is removed from public view and permanently deleted after the 7-day recovery period.
Analytics Data: May be retained for up to 2 years in an anonymized form for service improvement.

6.2 Deletion Process

When you request to delete your account:

Your account is immediately deactivated and your content is removed from public view.
We provide a **7-day grace period** during which you can request to recover your account by contacting our support team.
After the 7-day grace period, all your personal information and user-generated content is **permanently deleted** from our active systems.
Anonymized analytics data that is not linked to your personal account may be retained.

7. Your Rights and Choices

7.1 Access and Control

You have the following rights regarding your personal information:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Delete your account and associated data
Portability: Export your data in a machine-readable format
Restriction: Limit how we process your data

7.2 Communication Preferences

Push Notifications: Control notification settings in app settings
Email Communications: Opt out of emails
Location Services: Control location permissions in device settings

7.3 Third-Party Services

You can control third-party data sharing:

Manage OAuth permissions through Google/Apple account settings
Control analytics tracking through device settings
Opt out of certain data collection through app settings

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own:

8.1 Transfer Locations

United States: Our primary servers and service providers
European Union: Some analytics and support services
Other Countries: As required for service provision

8.2 Data Protection

We ensure adequate protection for international transfers:

Use of Standard Contractual Clauses (SCCs) where required
Compliance with applicable data protection laws
Implementation of appropriate security measures

9. Children's Privacy

Our Service is not intended for children under 13 years of age:

We do not knowingly collect personal information from children under 13
If we become aware that we have collected such information, we will delete it immediately
Parents or guardians should contact us if they believe their child has provided personal information
We comply with the Children's Online Privacy Protection Act (COPPA)

10. Cookies and Tracking Technologies

Our mobile app uses certain tracking technologies:

10.1 App Analytics

Usage analytics to improve app functionality
Crash reporting to identify and fix issues
Performance monitoring for app optimization

10.2 Third-Party Tracking

Google Analytics for app usage insights
Firebase for crash reporting and analytics
Supabase for backend services and analytics

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time:

We will notify you of material changes through the app
Updated policies will be posted on this page
Continued use of the Service constitutes acceptance of changes
We encourage you to review this policy periodically

12. Contact Information

If you have questions about this Privacy Policy or our data practices:

            Email: towerliteapp@gmail.com

            Response Time: We aim to respond promptly

            Data Protection Officer: Contact us at the above email for data protection inquiries

12.1 Regulatory Authorities

You have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.

13. Legal Basis for Processing (EU/UK Users)

For users in the European Union and United Kingdom, we process your data based on:

Contract Performance: To provide our services under our terms
Legitimate Interest: To improve our services and ensure security
Consent: For optional features and communications
Legal Obligation: To comply with applicable laws

Privacy Policy for TowerLite