Privacy Policy

Introduction

Welcome to Octy ("we," "our," or "us"), developed by NeoCore Horizons. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services for real-time sports event discovery and participation.

By using our mobile application, website, or services, you agree to the collection and use of information in accordance with this Privacy Policy. This policy applies to the Octy mobile app (Bundle ID: com.sorinnotsorry.octyapp) available on iOS and Android platforms.

Information We Collect

Personal Identification Information

• Email addresses (via Google OAuth, Apple Sign-in, or email/password registration)
• Full names (from OAuth providers or user input)
• Profile photos/avatars (uploaded by user or from OAuth providers)
• User-generated content: Bio, favorite sports, skill levels
• Account identifiers: Unique user IDs, usernames

Location Data

• Precise location: GPS coordinates (latitude/longitude) when using location-based features
• Location permissions: "Always" and "When in use" access for event discovery
• Event locations: Specific venues and addresses for events you create or join
• Map interaction data: Areas you browse and search within the app
• Location caching: Your last 50 viewed events cached locally for performance

Communication & Social Data

• Real-time chat messages within event groups
• Message metadata: Timestamps, read receipts, typing indicators
• Push notification tokens for iOS/Android devices
• Event reminders and confirmations
• Event participation: Events created, joined, left, or completed
• User ratings: 1-5 star ratings given and received
• Follow relationships: Following/follower connections
• Badges and achievements: Gamification milestones
• Post-event feedback: Optional comments on participants

Device & Technical Data

• Device identifiers: iOS/Android device IDs
• App usage patterns: Feature engagement, session duration
• Performance metrics: Load times, error rates, crash reports
• Camera/photo library access for profile picture uploads
• Calendar integration data (optional .ics file exports)
• Operating system version and device model
• Network connection type and quality

How We Use Your Information

Core App Functionality

• Event discovery: Location-based matching and filtering of sports events
• Real-time updates: Live capacity changes, new participants, event modifications
• Communication: Event-specific group chats and direct messaging
• User profiles: Display ratings, badges, participation history
• Push notifications: Event reminders (-3d, -24h, -2h, -60min intervals)
• Social features: Following other users, rating participants

Secondary Processing

• Content moderation: Automated filtering of inappropriate language in chats
• Performance optimization: App speed and reliability improvements
• Feature development: Usage analytics to inform new features
• Security: Fraud prevention and account protection
• Customer support: Resolving user issues and providing assistance
• Legal compliance: Meeting regulatory requirements

Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following circumstances:

• Service Providers: We share data with trusted providers including:
  • Supabase (EU-hosted database and authentication)
  • Google (OAuth authentication and Maps API)
  • Apple (Sign-in authentication)
  • AWS (current infrastructure - transitioning to Supabase)
• Event Participants: Your name and profile are visible to other participants in events you join
• Public Events: Basic event information is visible to all users browsing the map
• Legal Requirements: We may disclose information if required by law or in response to valid legal requests
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction

All third-party service providers are required to maintain the confidentiality and security of your personal information and are located in GDPR-compliant jurisdictions.

Technical Infrastructure

Our app uses the following technical infrastructure:

• Current: AWS Lambda, API Gateway, and S3 (transitioning out)
• Target: Supabase PostgreSQL database hosted in EU for GDPR compliance
• Real-time Features: WebSocket connections for live chat and event updates
• Mobile Platforms: React Native with Expo for iOS and Android
• Data Residency: All user data stored within European Union

Your Rights Under GDPR

If you are a resident of the European Union, you have the following rights regarding your personal data:

• Right to Access: You can request copies of your personal data
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data
• Right to Restrict Processing: You can request limitation of how we process your data
• Right to Data Portability: You can request transfer of your data to another service
• Right to Object: You can object to our processing of your data
• Right to Withdraw Consent: You can withdraw consent at any time

To exercise any of these rights, please contact us using the information provided below.

Data Security

We implement comprehensive security measures specifically designed for mobile applications and real-time communication:

Data Protection

• Encryption in transit: HTTPS/WSS for all API communications
• Encrypted storage: Data encrypted at rest in Supabase and AWS
• Secure tokens: JWT authentication with proper expiration handling
• API authentication: All endpoints require valid user tokens
• Database security: Row-level security policies in PostgreSQL

Mobile App Security

• Granular permissions: Location, camera, notifications require explicit consent
• Secure OAuth: Industry-standard Google and Apple authentication flows
• Local data protection: Sensitive data encrypted in device storage
• Session management: Automatic logout and token refresh

Privacy Controls

• Privacy settings: Optional private profiles and event visibility controls
• Content moderation: Automated filtering of inappropriate content
• User blocking: Ability to block other users and report misconduct
• Data minimization: Location data only stored in relation to events
• Audit trails: Logging of data access and modifications

Data Retention

Active Users

• Profile data: Retained while your account is active
• Event history: Historical participation records for reputation system
• Chat messages: Persistent within event groups for future reference
• Location data: Only stored in relation to events, not continuously tracked
• Performance data: App usage metrics retained for 12 months

Account Deletion

• Profile removal: Complete user data deletion within 30 days
• Event history: Anonymized or removed from event records
• Chat cleanup: Your messages removed from all group chats
• Image deletion: Profile photos permanently deleted from storage
• Third-party cleanup: OAuth connections and permissions revoked

Mobile App Data Storage

As a mobile application, Octy stores data locally on your device and in the cloud:

• Local storage: Event cache, session tokens, and app preferences
• No traditional cookies: Mobile apps use secure token-based authentication
• Analytics: Anonymous usage patterns to improve app performance
• Push tokens: Device-specific identifiers for notifications
• User control: You can clear app data and revoke permissions at any time

Age Restrictions

Octy is intended for users aged 13 and above (or the minimum age required in your jurisdiction):

• We do not knowingly collect personal information from children under 13
• Account creation requires age verification during signup
• Parents/guardians can request deletion of a minor's account
• Enhanced privacy protections for users under 18
• If you discover a child has created an account, please contact us immediately

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us: