Privacy Policy

1. Introduction

Welcome to Where The Bleep ("W.T.B," "we," "our," or "us"). We are committed to protecting your privacy and being transparent about how we handle your information. This Privacy Policy explains our practices regarding data collection, use, storage, and disclosure for our mobile application ("the App").

Where The Bleep is a personal item tracking application built with a privacy-first, offline-first architecture. Your item data is stored locally on your device by default, and if you choose to enable optional cloud sync, all data is protected by zero-knowledge end-to-end encryption. We cannot read, access, or decrypt your synced data at any time.

By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App. We encourage you to read this policy in full and contact us at privacy@wherethebleep.app with any questions.

2. Our Privacy Principles

Where The Bleep is built around the following core privacy principles:

• Offline-first: Your data lives on your device in a local SQLite database. The App works entirely without an internet connection.
• Zero-knowledge encryption: If you enable cloud sync, all data is encrypted on your device before it leaves. We never possess the keys to decrypt your data.
• No analytics or tracking: We do not include any analytics SDKs, tracking pixels, or advertising frameworks in the App. We do not track your usage behavior. We use Google Firebase Crashlytics solely for automated crash reporting to improve app stability (see Section 6.6).
• No data monetization: We do not sell, rent, license, or trade your personal information to any third party for any reason.
• User control: You can export, delete, or destroy all of your data at any time. Account deletion is comprehensive and irreversible.

3. Information We Collect

The only personal information we store on our servers is your email address, used solely for authentication if you opt in to cloud sync. Everything else — your items, photos, and locations — stays on your device by default. If you enable cloud sync, all data is end-to-end encrypted before leaving your device. The sections below detail exactly what data is involved.

3.1 Information You Provide Directly

All of the following data is stored locally on your device by default:

• Item data: Names, descriptions, purchase prices, serial numbers, and any other details you enter about items you track.
• Photos: Images you capture with your camera or select from your photo library to identify and catalog items.
• Location data: Names, descriptions, and hierarchical structures of storage locations you create within the App (such as rooms, shelves, drawers, and boxes). This refers to organizational locations you define, not GPS or geolocation data.
• People data: Names of individuals you record as borrowers when tracking item check-ins and check-outs.
• Voice input: Audio from voice search, which is processed on your device using the platform's speech recognition service. We do not record, store, or transmit your voice data.

3.2 Account Information (Optional)

If you choose to create an account to enable cloud sync, we collect:

• Email address: Used solely for authentication with our cloud sync service (Supabase). Your email is the only piece of personally identifiable information stored on our servers.
• Authentication credentials: Your password is hashed by Supabase using bcrypt and is never stored in plaintext. We do not have access to your password.

3.3 Subscription Information

If you subscribe to Where The Bleep Pro, the following information is processed by RevenueCat, our subscription management provider:

• Purchase receipts: Transaction identifiers from Apple App Store or Google Play Store.
• Subscription details: Plan type (monthly or annual), expiration date, and renewal status.
• Anonymous user identifier: A randomly generated identifier used to associate your subscription with your account, not linked to any personal information.

We do not collect or store your payment card details, billing address, or other financial information. All payment processing is handled entirely by Apple or Google through their respective app stores.

3.4 Information We Do NOT Collect

We want to be explicit about what we do not collect:

• GPS or geolocation data
• Device advertising identifiers (IDFA/GAID)
• Browsing history or web activity
• Contacts, call logs, or SMS messages
• Usage analytics or behavioral data
• Telemetry of any kind
• IP address logging (beyond what is inherently processed during network requests)

3.5 Crash and Stability Data

We use Google Firebase Crashlytics to automatically collect crash reports when the App encounters an error. This helps us identify and fix issues to improve app stability. Crashlytics may collect the following:

• Crash stack traces and exception information
• Device model, operating system version, and orientation
• Available memory and disk space at the time of the crash
• A Crashlytics installation UUID to identify unique crash instances (this is not an advertising identifier)
• App version and build number

Crashlytics does not collect the contents of your items, photos, personal data, or any encrypted data. Crash reports are sent to Google's Firebase infrastructure and are used solely for crash analysis and app stability improvement.

4. How We Use Your Information

We use the information described above for the following purposes:

• Core functionality: To allow you to catalog, organize, search, and track your personal belongings within the App.
• Cloud sync (optional): To synchronize your encrypted data across your devices if you create an account and enable sync.
• Authentication: To verify your identity when you sign in to your account.
• Subscription management: To verify your subscription status and unlock Pro features.
• Data export: To generate CSV, JSON, or PDF insurance report exports at your request.
• Encrypted backups: To create encrypted backup archives of your data at your request.
• Customer support: To respond to your inquiries if you contact us.
• Crash reporting: To identify, diagnose, and fix crashes and stability issues using Google Firebase Crashlytics.

We do not use your information for advertising, profiling, automated decision-making, or any purpose not listed above.

5. Data Storage and Security

5.1 Local Storage

By default, all of your item data, photos, locations, and people data are stored exclusively in a local SQLite database on your device. This data never leaves your device unless you explicitly enable cloud sync or use optional AI features.

5.2 Cloud Sync and Zero-Knowledge Encryption

If you choose to enable cloud sync, your data is protected by zero-knowledge end-to-end encryption (E2EE). This means your data is encrypted on your device before being transmitted, and neither we nor our infrastructure providers can decrypt it. Our encryption architecture includes:

• Encryption algorithm: XChaCha20-Poly1305 authenticated encryption, a modern and widely respected cryptographic standard.
• Key derivation: PBKDF2-HMAC-SHA256 with 800,000 iterations and a random 32-byte salt, designed to resist brute-force and hardware-accelerated attacks.
• Sub-key derivation: HKDF-SHA256 is used to derive separate sub-keys for different encryption contexts, ensuring cryptographic isolation between data types.
• Recovery phrase: A BIP39-standard 24-word mnemonic phrase is generated as your master key. This phrase is the sole means of recovering your encryption keys. We do not store it, and if you lose it, your encrypted data cannot be recovered.
• Biometric unlock: Optionally, you can enable Face ID or Touch ID to unlock your encryption keys. The biometric data itself is handled entirely by your device's secure enclave and is never accessible to the App or transmitted.
• Encrypted fields: Individual database columns (such as name, description, and other fields) are encrypted separately. The server only stores and sees encrypted blobs encoded in base64.
• Ciphertext format: Each encrypted value consists of a 24-byte nonce, the ciphertext, and a 16-byte authentication tag (MAC), ensuring both confidentiality and integrity.
• File encryption: Photos and other files are encrypted using streaming XChaCha20-Poly1305 with 64 KB chunks, allowing efficient encryption of large files without loading them entirely into memory.
• Row-Level Security: Our cloud database (Supabase/PostgreSQL) enforces Row-Level Security (RLS) policies, ensuring that even at the infrastructure level, each user can only access their own rows of encrypted data.
• Real-time sync: Bidirectional synchronization is powered by PowerSync, which operates over the encrypted data. Sync occurs over TLS-encrypted connections.

5.3 Backup Encryption

When you create an encrypted backup archive, it is protected with ChaCha20-Poly1305 authenticated encryption. You are responsible for storing your backup files and remembering any backup passwords. We cannot recover backup passwords.

6. Third-Party Services

6.1 Cloud Infrastructure (Optional)

If you enable cloud sync, the following services process your encrypted data:

• Supabase: Provides authentication (email/password) and hosts the PostgreSQL database containing your encrypted data. Supabase never has access to your decryption keys. See Supabase Privacy Policy.
• PowerSync: Provides real-time bidirectional sync between your local database and the cloud. PowerSync transmits only encrypted data. See PowerSync Privacy Policy.

6.2 Subscription Management

• RevenueCat: Manages in-app subscription purchases and receipt validation. RevenueCat receives purchase receipts from Apple or Google, along with an anonymous identifier. See RevenueCat Privacy Policy.

6.3 AI Description Services (Optional)

Where The Bleep offers an optional AI-powered feature that can generate descriptions of your items from photos. This feature is entirely opt-in and requires you to provide your own API key for your chosen provider. Important details:

• Images are sent to the AI provider only when you explicitly tap the AI description button for a specific item.
• You choose and configure which provider to use. We support the following providers: OpenAI, Groq, OpenRouter, Cloudflare Workers AI, Google Gemini, Together AI, Fireworks AI, DeepInfra, and Anthropic Claude.
• Your API key is stored locally on your device and is sent directly from your device to the provider's API. We never receive, store, or proxy your API keys.
• Each provider has its own data handling and retention policies. We encourage you to review the privacy policy of your chosen provider: OpenAI, Groq, OpenRouter, Cloudflare, Google Gemini, Together AI, Fireworks AI, DeepInfra, Anthropic.
• No images are sent to any AI provider unless you explicitly initiate the request.

6.4 Platform Services

• Apple App Store / Google Play Store: Handle all payment processing for subscriptions. Their respective privacy policies apply to payment transactions.
• Apple / Google Speech Recognition: If you use voice search, your device's built-in speech recognition service processes your audio locally. We do not send audio to any server.

6.5 Barcode Lookup Service (Optional)

When you scan a barcode, the app may look up product information using the UPCitemdb API, a third-party barcode database service.

• Barcode lookups are sent only when you explicitly scan a barcode. Only the barcode number is transmitted — no personal information or device identifiers are sent.
• The lookup is performed directly from your device to UPCitemdb's servers. We do not proxy, log, or store any barcode lookup requests.
• See UPCitemdb Privacy Policy.

6.6 Crash Reporting

• Google Firebase Crashlytics: Automatically collects crash reports and stability data to help us identify and fix app issues. Crashlytics collects crash logs, device state information, and a Crashlytics installation UUID. It does not collect advertising identifiers, personal content, or any of your encrypted item data. See Firebase Privacy Information and Crashlytics Terms.

7. Device Permissions

The App may request the following device permissions. Each permission is requested only when needed and only for the stated purpose:

• Camera: To capture photos of items for cataloging. Photos are stored locally and are only transmitted if you use the optional AI description feature or cloud sync (encrypted).
• Photo Library: To allow you to select existing photos for items or to save images from the App to your device.
• Microphone: To capture audio input for voice search. Audio is processed on-device and is not recorded, stored, or transmitted.
• Speech Recognition: To convert your voice search input into text using your device's built-in speech recognition. Processing occurs on-device.
• Biometric Sensors (Face ID / Touch ID): To provide a convenient and secure method of unlocking the App and your encryption keys. Biometric data is handled entirely by your device's secure enclave and is never accessible to the App.

You can revoke any of these permissions at any time through your device's system settings. Revoking a permission will disable the corresponding feature but will not affect the core functionality of the App.

8. Data Sharing and Disclosure

We do not sell, rent, lease, or trade your personal information to any third party. Period.

We may share information only in the following limited circumstances:

• With your explicit consent: If you actively choose to use a third-party AI service, your photos are sent directly from your device to that provider.
• Encrypted cloud data: If you enable cloud sync, your encrypted data (which we cannot read) is stored on Supabase infrastructure.
• Subscription verification: Purchase receipts are shared with RevenueCat to validate and manage your subscription.
• Legal requirements: We may disclose information if required by law, subpoena, court order, or other legal process. However, because your cloud data is end-to-end encrypted and we do not hold decryption keys, we are technically unable to provide the contents of your encrypted data even if compelled to do so.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data would be transferred as part of that transaction. You would be notified of any such change via email (if you have an account) or through an update to this Privacy Policy. The zero-knowledge encryption architecture means that any successor entity would inherit the same inability to access your encrypted data.
• Crash reporting: Crash logs and device state information are automatically sent to Google Firebase Crashlytics for crash analysis. No personal content or encrypted data is included.

9. Data Retention

9.1 Local Data

Data stored locally on your device remains there until you explicitly delete it, delete your account, or uninstall the App. We have no access to or control over locally stored data.

9.2 Cloud Data

If you use cloud sync, your encrypted data is retained on our servers for as long as your account is active. When you delete your account, all cloud data is permanently and irreversibly deleted, including:

• All encrypted files in cloud storage
• All encrypted database records
• Your Supabase authentication account and email

9.3 Subscription Data

RevenueCat retains subscription and purchase receipt data in accordance with their own data retention policies and applicable tax/financial record-keeping requirements.

9.4 No Server-Side Logs of Content

We do not maintain server-side logs of your item data, descriptions, photos, or any content you enter into the App. Standard web server access logs (which may contain IP addresses and timestamps) are retained for a maximum of 30 days for security and operational purposes, then automatically deleted.

10. Your Rights and Choices

10.1 Data Control

You have comprehensive control over your data within the App:

• Access: View all of your data at any time directly within the App.
• Export: Export your data in CSV, JSON, or PDF insurance report formats. You can also create encrypted backup archives.
• Correction: Edit or update any item, location, or person record at any time.
• Deletion: Delete individual items, locations, people, or your entire dataset.
• Account deletion: Permanently delete your account and all associated cloud data (see Section 11).
• Opt-out of optional features: You can choose not to use cloud sync, AI descriptions, or any other optional feature without affecting core App functionality.

10.2 GDPR Rights (European Economic Area Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you. Because we employ zero-knowledge encryption, the only personal data we can provide is your email address (if you have an account) and subscription status.
• Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data. You can update your email address through the App's account settings.
• Right to Erasure (Article 17): You have the right to request deletion of your personal data. You can exercise this right by deleting your account within the App, which permanently removes all cloud data, authentication records, and associated information.
• Right to Restriction of Processing (Article 18): You have the right to request that we restrict processing of your data in certain circumstances. Contact us at privacy@wherethebleep.app to exercise this right.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format. The App provides export functionality in CSV, JSON, and PDF formats to fulfill this right.
• Right to Object (Article 21): You have the right to object to processing of your personal data. Since we do not process your data for marketing, profiling, or automated decision-making, this right is primarily applicable to our processing of your email for authentication purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out prior to withdrawal.

Legal Basis for Processing: We process your personal data on the following legal bases:

• Contract performance (Article 6(1)(b)): Processing your email address for account creation and authentication, and processing subscription data to provide Pro features.
• Legitimate interest (Article 6(1)(f)): Maintaining server infrastructure security and preventing abuse.
• Consent (Article 6(1)(a)): Processing images through third-party AI services when you explicitly opt to use the AI description feature.

Data Protection Officer: For GDPR-related inquiries, contact us at privacy@wherethebleep.app. We will respond to your request within 30 days as required by the GDPR.

Supervisory Authority: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

10.3 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell. This Privacy Policy serves as our disclosure. The categories of personal information we may collect are: identifiers (email address), commercial information (subscription status), and internet or other electronic network activity information (limited to standard server access logs and crash reports collected by Firebase Crashlytics).
• Right to Delete: You have the right to request that we delete your personal information. You can exercise this right by deleting your account within the App or by contacting us at privacy@wherethebleep.app.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. Because we never sell your data, there is no need to opt out.
• Right to Limit Use of Sensitive Personal Information: We do not collect or process sensitive personal information as defined by the CCPA/CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will receive equal service and pricing regardless of whether you exercise your privacy rights.

Do Not Sell or Share My Personal Information: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.

Financial Incentives: We do not offer financial incentives related to the collection, sale, or deletion of personal information.

To exercise any of these rights, contact us at privacy@wherethebleep.app. We will verify your identity before processing your request and respond within 45 days as required by law.

11. Account Deletion

You can delete your account at any time from within the App. Account deletion is comprehensive and irreversible. The deletion process removes:

• All files stored in cloud storage (encrypted photos, backups, and attachments)
• All database records associated with your account (encrypted items, locations, people, check-in/out history)
• Your Supabase authentication account and email address
• Your local database on the device from which you initiate the deletion
• All local files associated with the App on the initiating device
• All data stored in secure device storage (encryption keys, biometric tokens, session data)

To protect against accidental or unauthorized deletion, you must verify your password and type a specific confirmation phrase before deletion proceeds. Once initiated, account deletion cannot be undone, and your data cannot be recovered.

12. Data Export and Portability

We believe you should always be able to take your data with you. The App provides multiple export formats:

• CSV: Comma-separated values for use in spreadsheets and other applications.
• JSON: Structured data format for programmatic access and interoperability.
• PDF Insurance Reports: Formatted reports suitable for insurance documentation and claims.
• Encrypted Backup Archives: Complete encrypted backups of your entire database, protected with ChaCha20-Poly1305 authenticated encryption.

All exports are generated locally on your device. Export files are not transmitted to our servers.

13. Children's Privacy

Where The Bleep is not directed at children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13.

If we become aware that a child under 13 has created an account or provided personal information, we will take immediate steps to delete that account and all associated data.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us at privacy@wherethebleep.app and we will promptly delete the information.

The App may be used by children aged 13 and older (or the applicable minimum age in your jurisdiction) with parental consent. Parents and guardians are responsible for monitoring their child's use of the App.

14. International Data Transfers

If you enable cloud sync, your encrypted data may be stored on servers located in the United States or other countries where our infrastructure providers operate. Because all cloud data is end-to-end encrypted with zero-knowledge architecture, the physical location of the servers does not affect the confidentiality of your data, as it cannot be read or decrypted by anyone other than you.

If you use optional AI description services, your images are sent directly from your device to the AI provider you have selected. These providers may process your images in various jurisdictions depending on their infrastructure. You choose which provider to use and are responsible for reviewing their data handling practices.

For users in the European Economic Area: where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission. The zero-knowledge encryption provides an additional supplementary measure as contemplated by the Schrems II decision, since the data is unintelligible to any party without the decryption keys, which are held solely by you.

15. Security Incident Response

In the unlikely event of a security breach affecting our cloud infrastructure, we will:

• Notify affected users via email within 72 hours of becoming aware of the breach, as required by the GDPR and other applicable laws.
• Provide a clear description of the nature of the breach and the types of data potentially affected.
• Describe the measures taken and proposed to address the breach.
• Report the breach to the relevant supervisory authority where required by law.

It is important to note that due to our zero-knowledge encryption architecture, even in the event of a breach of our cloud infrastructure, your item data, photos, descriptions, and other content would remain encrypted and unreadable to any unauthorized party. The only unencrypted data stored on our servers is your email address and subscription status.

16. Cookies and Tracking Technologies

The Where The Bleep mobile application does not use cookies, web beacons, pixels, or any other tracking technologies. We do not employ fingerprinting or any other mechanism to identify or track users across applications or websites.

The Where The Bleep website (wherethebleep.app) may use essential cookies strictly necessary for website functionality. No analytics or advertising cookies are used on our website.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last updated" date at the top of this page.
• For material changes, we will notify you via email (if you have an account) or through an in-app notification.
• We will provide at least 30 days' notice before material changes take effect, giving you the opportunity to review the updated policy.
• Your continued use of the App after the changes take effect constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Previous versions of this policy are available upon request.

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: privacy@wherethebleep.app

We aim to respond to all privacy-related inquiries within 30 days. For GDPR data subject access requests, we will respond within the legally required timeframe.

If you believe that your privacy rights have been violated, you have the right to lodge a complaint with your local data protection authority.