Privacy Policy

Moments ("the App") is developed and operated by Yazh Studio ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use Moments.

1. Information We Collect

1.1 Account Information

When you sign in with Google, we receive and store:

• Your name and email address
• Profile photo URL (from your Google account)
• A unique user identifier (UID)

You may edit your display name within the App at any time.

1.2 Content You Create

When you use Moments, we store the content you and your contributors provide:

• Moment details: titles, descriptions, occasion types, event dates, and personal messages
• Contributor information: names and email addresses of people you invite
• Receiver information: the name and email address of the person receiving the moment
• Contributions: text messages, photos, and videos uploaded by contributors
• Thank-you notes submitted by receivers

1.3 Occasions Data

If you save occasions (birthdays, anniversaries, etc.) for reminders, we store:

• Occasion name, date, and type
• Recurrence settings (yearly, monthly)
• Reminder preferences (timing and enabled/disabled status)

1.4 Device & Technical Information

• FCM tokens: We store Firebase Cloud Messaging device tokens to deliver push notifications. Tokens are removed automatically when they become invalid.
• Device identifiers: For reveal and view tokens, we generate random device IDs to manage authorized device sessions. These are not advertising identifiers and cannot be used to track you across apps.
• Local storage: We store drafts, preferences, and cached data on your device using IndexedDB, localStorage, and Capacitor Preferences.

1.5 Information We Do NOT Collect

• We do not collect location data
• We do not collect contacts or address book data
• We do not use advertising identifiers
• We do not use analytics or third-party tracking SDKs

2. How We Use Your Information

• Provide the service: Create moments, deliver invitations, collect contributions, and reveal moments to receivers
• Authentication: Verify your identity and manage your account
• Notifications: Send push notifications about contributions, invitations, reveals, thank-you notes, and occasion reminders
• Security: Manage device sessions, verify access tokens, and prevent unauthorized access
• Token management: Generate, validate, and revoke access tokens for contributors and receivers

3. How We Store Your Data

All data is stored securely using Google Cloud services. This includes your profile information, moments, contributions, uploaded media, and notification data. All data is encrypted at rest and in transit.

4. Who Can See Your Data

4.1 Moments You Create

• Only you (the creator) can see the full moment details and contributor status
• Contributors can only see the moment title, receiver name, and their own contribution
• The receiver can see all contributions only after the moment is revealed

4.2 Contributions

• Contributions are visible to the moment creator at all times
• After reveal, contributions are visible to the receiver and all contributors with view access
• Contributors may choose to submit anonymously if the creator enables this option

4.3 Thank-You Notes

Thank-you notes from the receiver are shared with the creator and all contributors who participated.

5. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes.

We share data only with:

• Google Firebase: As our infrastructure provider for storage, authentication, and messaging
• Other users: Only the content you explicitly choose to share through moments (as described in Section 4)

6. Push Notifications

We use Firebase Cloud Messaging to send push notifications. You can:

• Disable push notifications in your profile settings within the App
• Disable notifications at the system level in your device settings

When push is disabled in the App, we still create notification records (visible in your in-app notifications list) but do not send device push messages.

7. Data Retention

• Active accounts: Data is retained for as long as your account is active
• Deleted accounts: When you delete your account, your user profile is marked as inactive. Moments you created and contributions you made remain accessible to other participants
• Expired tokens: Access tokens expire after 2 months. Expired tokens are no longer functional but may remain in our database
• Invalid FCM tokens: Push notification tokens that fail delivery are automatically removed from your profile

8. Your Rights

You have the right to:

• Access: View your profile information and content within the App
• Edit: Update your display name and notification preferences at any time
• Delete: Delete individual notifications, drafts, and occasions
• Account deletion: Request deletion of your account by contacting us
• Data export: Request a copy of your data by contacting us

9. Children's Privacy

Moments is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided personal information, we will take steps to delete it.

10. Security

We implement the following security measures:

• Token-based access control with automatic expiration
• Email OTP verification for new device sessions
• Rate limiting on verification code requests
• Server-side Firebase ID token verification for authenticated endpoints
• Automatic revocation of tokens when contributions are locked
• Firebase security rules restricting direct database access

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes through the App or via email. Your continued use of Moments after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: