Privacy Policy
Last updated: April 4, 2026 ยท Effective: April 4, 2026
๐ The Short Version
Winkidoo ("we", "us", "our") is operated by Winkidoo. This policy explains what data we collect, why, and your rights over it. By using the app you agree to this policy.
๐ What We Collect
| Data | Why | Stored where |
|---|---|---|
| Email address | Account creation & authentication | Supabase (encrypted) |
| Display name | Profile display | Supabase |
| Profile photo / avatar | Profile display | Supabase Storage |
| Surprise content* | Core app functionality | Supabase (E2E encrypted) |
| Battle chat messages | AI judge scoring via Gemini API | Supabase + Gemini (transient) |
| Device push token | Push notifications | Firebase / Supabase |
| Purchase history | Subscription management | RevenueCat |
| App activity (aggregate) | Streak & XP calculations | Supabase |
* Surprise content (messages, photos, voice notes) is encrypted client-side. We store only the ciphertext.
๐ค Third-Party Services
- Supabase โ database, authentication, storage (privacy policy)
- Google Firebase โ push notifications, crash reporting (privacy policy)
- Google Gemini API โ AI judge responses (battle chat text only, not surprise content)
- RevenueCat โ subscription and in-app purchase management (privacy policy)
- Google Sign-In / Apple Sign-In / Facebook Login โ optional OAuth authentication
๐ซ What We Don't Do
- We do not sell your personal data to anyone
- We do not read your surprise content (it's encrypted)
- We do not use your data for advertising targeting
- We do not share your data with third parties except those listed above
๐ Push Notifications
We use Firebase Cloud Messaging to send push notifications (battle updates, surprise unlocks, partner activity). You can disable notifications at any time in your device settings. Notification tokens are stored securely and never shared.
๐ณ Subscriptions (Wink+)
Wink+ subscriptions are processed by Google Play Billing and managed by RevenueCat. We do not store your payment card details. Purchases are subject to Google Play's terms. For refund requests, contact support@winkidoo.app.
โฑ๏ธ Data Retention
- Account data โ retained while your account is active
- Auto-delete surprises โ deleted immediately after unlock if the creator enabled auto-delete
- Deleted accounts โ all personal data purged within 30 days of deletion request
- Battle chat โ retained in Treasure Archive unless you delete it
๐ถ Children's Privacy
Winkidoo is intended for users aged 17 and older. We do not knowingly collect data from children under 13. If you believe a child has provided us personal data, contact us immediately at privacy@winkidoo.app.
๐ Your Rights (GDPR / CCPA)
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your account and data
- Object to or restrict certain processing
- Data portability
To exercise any right, email privacy@winkidoo.app. We respond within 30 days.
๐ Changes to This Policy
We may update this policy from time to time. We'll notify you in-app for material changes. The "Last updated" date above will always reflect the most recent version.
๐ฌ Contact Us
Questions about this policy?
- Email: privacy@winkidoo.app
- Support: support@winkidoo.app