Privacy Policy for ChataBubble

Effective Date: April 30, 2025

Welcome to ChataBubble! This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Effective Date" of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the App includes:

A. Personal Data:

• Account Information: When you register, we collect personally identifiable information, such as your email address. If you register using Apple Sign-In, we receive the information provided by Apple (which may include your email address and name, subject to your Apple settings). We store your user ID provided by our authentication provider (Supabase Auth).
• Profile Information: You may voluntarily provide additional information in your user profile, such as your username (optional), native language, languages you are learning, and your proficiency level in those languages. We also store settings related to your app usage, such as whether you have completed the onboarding process.
• Password: When using email/password authentication, your password is processed by our authentication provider (Supabase Auth) for login verification. We do not store your plain text password.

B. Chat Data:

• Messages: We collect the content of the messages you send ("original" text) and the responses generated by the AI assistant within your chat sessions. We also generate and store translations of these messages.
• Encryption: The content (original and translated) of your chat messages is encrypted locally on your device before being saved to our database (Supabase). While we strive to protect your data, please be aware that the current encryption method may have limitations, and we are working on enhancing its security.
• Session Metadata: We collect information about your chat sessions, including the scenario used, source and target languages, start time, last updated time, status (active, saved, completed), and associated user and scenario IDs.

C. Usage Data:

• Interaction Metrics: We automatically collect data about your interactions with the App, such as the number of chat sessions started, completed, or saved, the number of messages sent per session, and the date of your last practice session. This data is associated with your user profile and stored in our database (Supabase).
• Daily Message Count: To manage API usage for our free service, we track the number of messages you send each day and the date you last sent a message. This information is stored in your user profile in our database (Supabase).

D. Device and Network Data:

• Device Information: Our backend service provider (Supabase) and authentication providers (Supabase Auth, Apple) may automatically collect standard device information, such as your device type, operating system, and potentially unique device identifiers necessary for authentication and security purposes.
• Network Information: We may check your network connection status (via @react-native-community/netinfo) to manage data synchronization.

E. Local Storage Data:

• Authentication Tokens: Secure tokens provided by Supabase Auth are stored locally on your device using AsyncStorage to keep you logged in.
• Encryption Keys: Your unique encryption key is generated and stored locally on your device using AsyncStorage. Losing this local key (e.g., by clearing app data or reinstalling the app) will result in the inability to decrypt your past message history.
• Session Data & Cache: We store active chat session data, including potentially encrypted messages and metadata, locally using AsyncStorage for offline access and performance improvements.
• Sync Queue: Information about data that needs to be synchronized with our backend may be temporarily stored locally using AsyncStorage.

2. How We Use Your Information

Having accurate information permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the App to:

• Create and manage your account.
• Authenticate you and secure your account.
• Provide the core chat functionality, including generating AI responses and translations.
• Personalize your app experience based on your profile information (e.g., languages, levels).
• Monitor and analyze usage and trends to improve the App and user experience (using aggregated or anonymized data where possible).
• Manage API usage by enforcing daily message limits.
• Facilitate account recovery (e.g., password reset emails).
• Ensure data persistence and synchronization between your device and our backend.
• Maintain the security and integrity of our App and services.
• Comply with legal obligations.

3. How We Share Your Information

We do not sell your personal information. We may share information we have collected about you in certain situations:

A. With Third-Party Service Providers:

We share information with third-party vendors and service providers who perform services for us or on our behalf and require access to such information to do that work. These include:

• Supabase: Our backend-as-a-service provider for database hosting, user authentication, and potentially other backend functions. Supabase stores your profile information, scenario data, and encrypted chat session data.
• OpenAI: Our AI service provider for generating chat responses and performing translations. We send message content (your original message text and potentially previous messages for context) and scenario details (persona, language) to OpenAI's API for processing. While we aim to send only necessary data, the content you chat about is processed by OpenAI.
• Apple (Authentication): If you use Apple Sign-In, information is shared with Apple as part of their authentication process according to their terms and privacy policy.

We require our service providers to safeguard your information and use it only for the purposes for which it was disclosed.

B. By Law or to Protect Rights:

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.

C. Business Transfers:

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

D. Aggregated or Anonymized Data:

We may share aggregated or anonymized information that does not directly identify you for research, analysis, or other purposes.

4. Data Storage and Security

A. Storage:

Your information, including profile data and encrypted chat messages, is stored on servers provided by Supabase. Local data (auth tokens, encryption keys, cached sessions) is stored on your device using AsyncStorage.

B. Security:

We use administrative, technical, and physical security measures to help protect your personal information. These include:

• Encryption: Encrypting chat message content at rest in our database.
• Row Level Security (RLS): Implementing RLS policies in our Supabase database to restrict data access based on user authentication.
• Secure Communication: Using HTTPS for communication between the App and our backend services.
• Secure Authentication: Utilizing Supabase Auth and Apple Sign-In for user authentication.

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information. Crucially, the security of your encrypted messages depends on the security of the encryption key stored locally on your device.

5. Your Data Rights and Choices

A. Account Information:

You may at any time review or change the information in your account (such as username or password) by accessing your profile settings within the App.

B. Access and Correction:

You have the right to access the personal information we hold about you. You can typically view your profile information and session history within the App. For other access requests, please contact us.

C. Account Deletion:

You can request the deletion of your account and associated data via the profile screen in the App. Upon your request, we will deactivate or delete your account and information from our active databases. This includes deleting your profile, chat sessions, and scenarios you created from Supabase, and attempting to remove associated authentication records. Please note that some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use, and/or comply with legal requirements. The deletion process will also remove your local encryption key, rendering any remaining encrypted data unrecoverable.

D. Local Data:

You can typically clear the App's local data (cache, AsyncStorage) through your device's operating system settings. Doing so will delete your locally stored encryption key and you will permanently lose access to your encrypted chat history.

6. Children's Privacy

Our App is not intended for use by children under the age of 13 (or the relevant age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

7. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. Our service providers (Supabase, OpenAI) operate globally. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Effective Date" and the updated version will be effective as soon as it is accessible. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

9. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at: [email protected]