Privacy Policy

Last updated: January 2026

Thoughts Mobile ("we", "our", or "the app") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and share information when you use our mobile application, and complies with Google Play's User Data policy and Data safety disclosure requirements.

1. Information We Collect

We collect information necessary to provide the app and improve your experience.

1.1 Account and profile data

• Email address — when you register or sign in.
• Password — stored securely (hashed) by our authentication provider.
• Name / username — if you set a display name or username.
• Profile photo — if you choose to add an avatar.

1.2 Content you create

• Notes — titles, content, category, lock status, reminders, and preferences (e.g. colors).
• Posts and comments — when you use the social feed.

1.3 App usage and device data

• Device identifiers — e.g. for push notifications (Expo push token).
• App preferences — theme (dark/light), notification settings, lock settings.
• Authentication tokens — stored locally in secure storage to keep you signed in.

2. How We Use Your Information

• To create and manage your account and authenticate you.
• To store, sync, and display your notes and content across your devices.
• To provide the social feed (posts, comments, profiles).
• To send you push notifications if you opt in.
• To secure the app (e.g. app lock, encrypted local storage).
• To improve the app, fix errors, and comply with legal obligations.

3. Data Storage and Third-Party Services

We use the following services to operate the app:

• Supabase — account data, notes, profiles, posts, and other content are stored on Supabase (hosted infrastructure). Their privacy practices apply to data processed by Supabase. See Supabase Privacy.
• Expo / EAS — we may use Expo services for builds and push notifications. Device tokens and notification data may be processed by Expo. See Expo Privacy.
• Google Sign-In — if you sign in with Google, we receive your email and basic profile from Google in accordance with Google's policies.
• Apple Sign-In — if you sign in with Apple, we receive the information you choose to share (e.g. email) per Apple's policies.

Sensitive data such as authentication tokens and app-lock PIN are stored locally on your device using Expo Secure Store (encrypted where supported).

4. Data Sharing

We do not sell your personal data. We share data only as follows:

• With the third-party services listed above, to the extent necessary to operate the app.
• If required by law, court order, or government request.
• To protect our rights, safety, or the safety of others, where permitted by law.

5. Data Retention

• Account and content data are retained while your account is active.
• If you delete your account, we delete or anonymize your personal data in line with our internal retention policy and applicable law.
• Some data may be retained in backups or for legal compliance for a limited period before deletion.

6. Your Rights and Choices

Depending on your region, you may have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — update or correct your profile and account data in the app.
• Deletion — delete your account and associated data (e.g. via in-app account deletion).
• Export — request an export of your data where technically feasible.
• Opt out — disable push notifications and manage app permissions in your device settings.

To exercise these rights or ask questions about your data, contact us at the email below.

7. Security

We use industry-standard measures to protect your data, including secure authentication, encryption in transit (HTTPS), and encrypted local storage for sensitive items. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Children

The app is not directed at children under 13 (or the applicable age in your country). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us so we can delete it.

9. International Transfers

Your data may be processed in countries other than your own, including by our service providers. We ensure appropriate safeguards (e.g. contracts, adequacy decisions) where required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy. For material changes, we may notify you in the app or by email where appropriate.

11. Contact Us

For privacy-related questions, requests, or complaints:

Email: inaumanmajeed@gmail.com

We will respond to legitimate requests within a reasonable time, and in any event as required by applicable law.