Privacy Policy

Data You Provide

When you use Payback Own, you may choose to provide access to:

1. Google Takeout Archives (ZIP files stored in Google Drive)

• YouTube watch history
• Google Search history
• Chrome browsing history
• Location history (Timeline/Semantic Location)
• Google Maps activity (searches, saved places)
• Google Play Store (app installs)
• Gmail (metadata only, not message content)
• Other Google service data included in your Takeout export

2. Meta (Facebook/Instagram) Exports (Folder structure uploaded to Google Drive)

• Instagram: Posts, stories, likes, saved posts, searches, ad interactions, messages, following list
• Facebook: Posts, comments, friends list, likes, searches, ad interactions, groups, pages
• Detection: Automatic service detection via folder name patterns and content analysis
• Format: JSON files (recommended) or HTML
• Note: Standard export analysis focuses on structured export contents and media metadata. Some user-selected uploads or export files may still include photo/video-related data depending on the feature you use.

Authentication Data

Payback Own supports two sign-in providers — you may use whichever you prefer.

Sign in with Google

• Google OAuth Tokens (Drive): Used for Google Drive access to retrieve your Takeout files. Scope: drive.readonly.
• Google OAuth Tokens (Gmail + Calendar): Used during Instant Analysis to extract behavioral signals. Scopes: gmail.readonly, calendar.readonly.
• Google Profile Information: During sign-in, we may receive your name, email address, Google user ID, and profile photo URL from Google and Firebase authentication services.

Sign in with Apple

• Apple Identity Token: Used to authenticate you. Contains a stable Apple user identifier (the sub claim) that is unique to your Apple ID and to this app.
• Email Address: Apple may share your real email or relay it via a private @privaterelay.appleid.com address — your choice at sign-in. Either form is treated the same way for account identification.
• Name: Apple shares your name only on first sign-in, and only if you choose to share it. We store whatever you provide locally.
• We do not collect Apple passwords, device identifiers, or any other Apple account data beyond the identity token.

On-Device Processing

Most file handling and storage occurs on your device:

• File Selection: Quick Analysis intelligently selects 10–15 high-value files from your export
• File Extraction: Archive files are processed locally; extracted files cached in device storage temporarily
• Data Parsing: Content is parsed on-device using local algorithms; Meta JSON files use custom Unicode parser
• Storage: Analysis results stored in encrypted local SQLite database (payback.db)
• Prompt Preparation: Selected content may be sampled, redacted, and formatted locally before being sent for AI processing
• Cleanup: Temporary files automatically deleted after analysis

Encryption

• At Rest: The local SQLite database is encrypted with SQLCipher 4 (AES-256)
• Master Key: A 256-bit random encryption key is generated on-device via expo-crypto and stored in iOS Keychain / Android Keystore via expo-secure-store. The key is not synced to iCloud or Google Backup.
• In Transit: All connections use HTTPS/TLS 1.3 (Google APIs, Gemini API, Expo/EAS services, backend proxy)
• OAuth Tokens: Stored in encrypted device storage (iOS Keychain / Android Keystore)

Off-Device Processing and AI Analysis

When you use AI-powered features, some data is transmitted off-device:

• Instant Analysis: Gmail and Calendar behavioral signals extracted on-device, such as purchase patterns, vendor summaries, subscription summaries, travel events, destinations, recurring activities, and time-allocation signals.
• Quick Analysis and Freestyle: Selected export or uploaded file contents and metadata may be sent for AI analysis. Depending on what you choose to analyze, this can include search history, browsing history, location history, purchases, contacts or social graph data, messages, photos or videos metadata, health or fitness exports, ad-interaction data, and other user-provided export contents.
• What is NOT sent: Your Google or Meta passwords; payment card or bank account credentials entered outside the app; every file in a connected account by default — processing is limited to the files/signals required for the feature you use.
• Service used: Google's paid Gemini API (model: gemini-2.5-pro) via our secure backend proxy. The paid tier is governed by Google's Cloud Data Processing Addendum and Google's paid-tier usage policy rather than Google AI Studio's free-tier terms.
• Retention by us: We do not intentionally persist full AI request contents on our own servers after request completion, aside from limited operational metadata and logs.
• Retention by Google: Under the paid tier, Google states that prompts, contextual information, and outputs sent to the Gemini API may be retained for up to 55 days for abuse monitoring and are not used to train or fine-tune AI/ML models. See: ai.google.dev/gemini-api/docs/usage-policies

Google Services

• Google OAuth 2.0 / OpenID / Firebase Authentication — Authenticate you, create your app session, and associate synced features with your account. Data shared: authentication tokens, name, email, Google user ID, and profile photo URL (if available). Google's Privacy Policy
• Google Drive, Gmail, and Calendar APIs — Access the Google data sources you choose to connect. Scopes: drive.readonly, gmail.readonly, calendar.readonly. Only files, message signals, and calendar signals required for the feature you invoke are accessed.
• Google Gemini AI (Instant Analysis, Quick Analysis, Freestyle) — AI-powered persona generation, category matching, and behavioral analysis. Model: gemini-2.5-pro (paid API tier). Data shared: behavioral signals and selected file contents/metadata. Prompts may be retained by Google for up to 55 days for abuse monitoring; paid-tier data is not used to train AI/ML models. Google AI Usage Policies · Cloud DPA
• Expo / EAS Insights — Operational usage analytics for app launches and release health. Data shared: EAS client ID, project ID, app version, platform, and OS version. Expo documentation

Apple Services

• Sign in with Apple — Authenticate you using your Apple ID. Data shared: a stable Apple user identifier (sub claim), an email address (your real address or a @privaterelay.appleid.com relay address), and your name (only on first sign-in, only if you choose to share it). Apple does not share other Apple account data with us. Apple's Privacy Policy

Backend Proxy

We operate backend services (Node.js/Express) to:

• Purpose: Securely manage Gemini API keys, authenticate users, process AI requests, and sync account-linked analytics/profile data
• Data processed: AI analysis requests, account/profile metadata, category analytics scores, consent settings, and sync metadata
• AI request retention: We do not intentionally persist full AI request contents after request completion
• Analytics/profile retention: Account-linked analytics and profile sync records may be retained on our backend until you delete them or request deletion, subject to backups
• Security: Per-user rate limiting (5 req/min), global IP rate limiting (100 req/15 min), Google OAuth token verification, dual API key failover
• Deployment: Railway (US)
• Logging: Request metadata and operational metrics emitted as JSON to Railway's platform log stream. Tokens, API keys, and AI payload bodies are redacted by the backend logger automatically. Log retention is governed by Railway's platform log-retention policy.

Data Processing Agreements

We engage third-party processors to deliver authentication, AI analysis, telemetry, and hosting. Each processor handles personal data on our behalf under an applicable Data Processing Agreement (DPA). For users in the EEA, UK, Switzerland, and other jurisdictions with cross-border transfer requirements, our processors maintain transfer safeguards such as the EU Standard Contractual Clauses, the UK International Data Transfer Agreement, or adequacy regulations.

Local Storage

• Location: Your device only (iOS app sandbox or Android app data directory)
• Encryption: SQLCipher 4 (AES-256) encrypted SQLite database
• Retention: Data persists until you delete it

How to Delete Your Data

You have complete control over your data:

• Delete specific analyses: Navigate to Settings > Data Management, then tap "Delete Analysis" for individual reports.
• Delete all data: Navigate to Settings > Data Management, then tap "Delete All Data." Confirms deletion of all profiles, analyses, and cached files.
• Revoke Google Drive access: Visit Google Account permissions and remove "Payback Own" access.
• Uninstall the App: Deleting the App removes all local data from your device.

Ôwn (published as "Payback Own" by Mile High Interface LLC) is a local-first app that analyses your Google and Meta data exports to generate behavioural insights. Most processing happens on your device, but some features also use server-side authentication, AI processing, analytics sync, and app-launch telemetry services.

Option 1 — Delete directly inside the app (instant)

• Open the Ôwn app
• Tap the Settings tab (bottom navigation bar)
• Scroll to Data Management
• Tap Delete All Data
• Confirm when prompted

What this deletes immediately:

• All analysis results, reports, and personas stored in the encrypted local database (payback.db)
• All behavioural signals extracted from your Google Takeout and Meta exports
• All AI-generated insights and cached results
• All checkpoints and temporary files

Option 2 — Submit a deletion request by email

Option 3 — Delete synced analytics and account-linked backend data

• In-app: Settings > Analytics > Delete My Data
• API: DELETE /api/v1/analytics/user/:userId (authenticated)
• By email: hello@anappidea.llc

What Data Is Deleted vs. Retained

We do not intentionally retain full raw export files, full email bodies, or full calendar event descriptions on our own servers after request completion.

Retention Periods After Deletion

• On-device data: Deleted immediately when you use the in-app delete function or uninstall the app.
• Account/profile sync and analytics data: Deleted within 30 days of a confirmed deletion request.
• Automated database backups (Railway): Purged within 90 days in accordance with Railway's backup retention policy.
• AI request data (Gemini): Google states prompts, contextual information, and outputs may be retained for up to 55 days for abuse monitoring.

No Cross-App Tracking

Payback Own does not use your data to track you across apps or websites owned by other companies.

• We do not use IDFA
• We do not share data with data brokers
• We do not use collected data for third-party advertising
• We do not place App Tracking Transparency (ATT) tracking SDKs in the app

Account-Linked Analytics and Profile Sync

When you sign in and use synced features, we may collect and store:

• User identifiers: Google user ID or account ID
• Contact/profile data: email address and display name
• Category analytics: category match scores, confidence values, tiers, synthesis version, and sync history
• Consent/settings metadata: analytics consent state and related timestamps

These records are used for app functionality, product personalization, and understanding aggregate category distribution, sync health, and feature usage. You can request access to, export, or delete this backend data from Settings or by emailing hello@anappidea.llc.

Operational Telemetry

The app uses Expo / EAS Insights for launch telemetry and release-health monitoring. This may include EAS client ID, project ID, app version, platform and OS version, and app launch events. We do not currently run a separate crash-reporting or session-replay SDK beyond this operational telemetry.

Ôwn (Payback Own) is not intended for users under 13 years of age (or under 16 in the EEA, or under 18 in India). We do not knowingly collect data from children. If you believe a child has used the App, please contact us at hello@anappidea.llc.

• Encryption: AES-256 (SQLCipher 4) for data at rest, TLS 1.3 for data in transit
• Secure Storage: iOS Keychain and Android Keystore for sensitive credentials
• Session Management: 30-minute inactivity timeout, automatic logout
• Code Security: Regular security audits, dependency vulnerability scanning
• Local-First Storage: Most user-facing analysis data remains in the app's encrypted local database rather than a general-purpose cloud store

General Rights (All Users)

• Right to Access: View all data stored in the App (Settings > Data Management)
• Right to Delete: Delete all data at any time (Settings > Data Management)
• Right to Portability: Export your persona data (Settings > Export Data)

GDPR Rights (EEA Users)

If you are in the European Economic Area, you have additional rights under GDPR:

• Right to Rectification: Correct inaccurate data (delete and re-analyze)
• Right to Restriction: Limit processing (disable AI analysis)
• Right to Object: Object to processing (opt out of AI features)
• Right to Lodge Complaint: Contact your local data protection authority

CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

• Right to Know: What data is processed (detailed in this policy)
• Right to Delete: Delete all data (Settings > Data Management)
• Right to Opt-Out: Opt out of AI analysis (Settings > Privacy)

UK GDPR Rights (United Kingdom Users)

If you are in the United Kingdom, you have rights under the UK GDPR as retained in UK law by the Data Protection Act 2018:

• Right to Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate personal data (delete and re-analyze)
• Right to Erasure: Request deletion (Settings > Data Management)
• Right to Restriction: Limit how your data is processed (disable AI analysis)
• Right to Object: Object to processing based on legitimate interests (opt out of AI features)
• Right to Portability: Receive your data in a machine-readable format (Settings > Export Data)
• Right to Lodge a Complaint: Contact the UK Information Commissioner's Office (ICO): ico.org.uk/concerns · 0303 123 1113

DPDP Rights (India Users)

If you are in India, you have rights under the Digital Personal Data Protection Act, 2023:

• Right to Information: Know what personal data is collected, why it is processed, and which third parties it is shared with (detailed in this policy)
• Right to Correction and Erasure: Request correction of inaccurate data or deletion of your personal data (Settings > Data Management, or email hello@anappidea.llc)
• Right to Grievance Redressal: Lodge a grievance with our Grievance Officer; we will acknowledge within 48 hours and resolve within 30 days
• Right to Nominate: Nominate another individual to exercise your data rights on your behalf in the event of death or incapacity

• Local Processing: Many file-selection, parsing, and storage operations occur on your device.
• Server-Side Processing: Account/profile sync data may be processed on our backend infrastructure and databases in the United States.
• AI Requests: When you use AI-backed features, selected signals or file contents/metadata are sent to our backend and then to Google Gemini via encrypted HTTPS.
• Operational Telemetry: App launch telemetry may be processed by Expo / EAS services.
• Safeguards: Third-party providers apply their own contractual and technical safeguards. Please review their privacy documentation for details.

United Kingdom: Data transferred outside the UK is subject to UK GDPR transfer requirements. We rely on appropriate UK-approved transfer mechanisms (such as the UK International Data Transfer Agreement or adequacy regulations) for these international data flows.

India: Data transferred outside India is subject to the DPDP Act's provisions on cross-border personal data transfers. We only transfer data to jurisdictions or entities that maintain adequate data protections consistent with the DPDP Act. By using the App, you consent to the transfer of your personal data to the United States and other countries where our service providers operate, subject to the protections described in this policy.

We may update this Privacy Policy periodically to reflect changes in legal requirements, new features or services, or improved security practices. We will notify you of material changes via in-app notification on next launch, the updated "Last Updated" date at the top of this policy, and email (if you've provided contact information for support). Continued use of the App after changes constitutes acceptance of the updated policy.

In the unlikely event of a data breach affecting our backend proxy, we will notify affected users within 72 hours with details including the nature of the breach, data affected, and remediation steps. We will report to relevant authorities as required by law, including the UK Information Commissioner's Office (ICO) for UK users and India's Data Protection Board (DPB) for Indian users.

• GDPR — General Data Protection Regulation (EU/EEA)
• UK GDPR / Data Protection Act 2018 — United Kingdom
• DPDP Act — Digital Personal Data Protection Act, 2023 (India)
• CCPA — California Consumer Privacy Act (California, USA)
• COPPA — Children's Online Privacy Protection Act (USA)
• Apple App Store Guidelines — Section 5.1.1 (Data Collection and Storage)
• Google Play Store Policies — User Data policies