TL;DR
We collect the info needed to run PikTag (account, profile, tags, photos, and optional contacts/location), use trusted providers like Supabase, Sentry, and PostHog to operate the service, and never sell your data. You can delete your account anytime at pikt.ag/delete-account.
1. Information We Collect
PikTag Inc. ("we", "us", "our") collects the following information when you use our app:
- Account information: email, phone number, name, username, profile photo
- Profile data: bio, headline, social links, biolinks, tags
- Photos: images you upload to your tags or attach to content within the app
- Contacts: with your permission, we access your device contacts to help you find friends on PikTag
- Precise location: with your permission, your precise device location is used to power the Friends Map and nearby features
- Device identifiers: Firebase Cloud Messaging (FCM) push notification tokens and anonymous install identifiers used to deliver notifications and prevent abuse
- Crash reports: crash logs, stack traces, and device state captured by Sentry to diagnose and fix app errors
- Diagnostic and analytics data: event logs, feature usage, and app performance metrics captured by PostHog to understand how the app is used and improve it
- User-generated content: tags you create, biolinks text, notes, and other content you post or share in the app
- Usage data: interactions, QR scans, and tag activity
2. How We Use Your Information
- Provide, operate, and improve PikTag services
- Connect you with other users through tags and QR codes
- Send notifications about friend activity and reminders
- Generate AI-powered tag suggestions (using anonymized data)
- Diagnose crashes and measure app performance
- Ensure safety, prevent abuse, and enforce our Terms
3. Information Sharing
We do NOT sell your personal information. We share data only:
- With other PikTag users according to your privacy settings (public / friends / close friends / private)
- With service providers who process data on our behalf (see Section 4)
- When required by law, legal process, or to protect rights and safety
4. Third-Party Services
We use the following service providers to operate PikTag. Each is bound by its own privacy policy, linked below:
- Supabase — database, authentication, and edge functions. https://supabase.com/privacy
- Sentry — crash and error reporting. https://sentry.io/privacy/
- PostHog — product analytics (event logs, feature usage, app performance). https://posthog.com/privacy
- Google Sign-In — OAuth authentication for Google accounts
- Apple Sign-In — OAuth authentication for Apple accounts
- Firebase Cloud Messaging (FCM) — push notifications on Android
- Google Maps / Geocoding — map rendering and location lookups for the Friends Map
5. Your Privacy Controls
- Each social link / contact has 4 visibility levels: Public, Friends, Close Friends, Only Me
- Tags can be set as public or private
- Hidden tags on connections are visible only to you
- You can block and report users at any time. We commit to reviewing and responding to user reports within 24 hours. Confirmed violations will result in content removal and/or account suspension.
- You can revoke location or contacts permission at any time in your device settings
6. Your Rights
Subject to applicable law, you have the following rights with respect to your personal information:
- Right to access — request a copy of the personal data we hold about you
- Right to correct / update — fix inaccurate or incomplete information directly in the app or by contacting us
- Right to export — request your data in a portable format (data portability)
- Right to delete — permanently delete your account and associated data at https://pikt.ag/delete-account
- Right to withdraw consent — revoke permission for optional features (such as precise location or contacts access) at any time in your device settings
To exercise any of these rights, email privacy@pikt.ag. We will respond within the timeframes required by applicable law.
7. Data Retention
We retain your data while your account is active. You can deactivate or delete your account at any time from Settings or at pikt.ag/delete-account. Specific retention windows:
- Account and profile data: removed within 30 days after deletion
- Crash and diagnostic logs: retained for up to 90 days
- Anonymized analytics: retained indefinitely for product and trend analysis
- Backups: purged within 90 days of account deletion
- Anti-fraud and abuse records: retained as required to prevent banned users from re-creating accounts
- Legal compliance records: retained as required by applicable law
8. International Data Transfers
Your data is stored and processed primarily in Supabase's cloud infrastructure, which may include servers in the United States and other regions. Our service providers (Sentry, PostHog, Google, Apple, Firebase) may also process data in the United States and elsewhere. By using PikTag, you consent to the transfer of your data to these regions, which may have data protection laws that differ from those in your country.
9. Security
We use industry-standard encryption and security measures. Data is stored on Supabase (PostgreSQL) with Row Level Security policies, transport is encrypted via TLS, and access to production systems is restricted. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.
10. Children's Privacy
PikTag is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact privacy@pikt.ag and we will promptly delete it.
11. Changes
We may update this policy from time to time. We will notify you of significant changes through the app or by email, and the "Last updated" date at the top of this page will always reflect the latest revision.
12. Contact
PikTag Inc.
Email: privacy@pikt.ag
