PackKit Privacy Policy
Effective Date: February 8, 2025
Last Updated: February 8, 2025
Quick Summary
We collect only the data needed to make PackKit work: your account info (email), your inventory items, trip details, and packing lists. We don't sell your data, run ads, or track you. Everything is encrypted and stored securely with Supabase. We will delete your account and all your data on request, at anytime. That's it.
Introduction
Welcome to PackKit ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you use the PackKit mobile application (the "App").
By using PackKit, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the App.
Information We Collect
1. Information You Provide to Us
Account Information:
Email address and password (when you create an account using email)
Name and email address (when you sign in with Google or Apple)
User preferences (such as dark mode settings)
User-Generated Content:
Inventory items (names, categories, icons, notes, liquid status)
Trip information (trip names, destinations, start/end dates, number of travelers, trip status)
Packing lists and templates
Any notes or descriptions you add to items or trips
2. Information Collected Automatically
Device Information:
Device type and operating system (iOS)
App version and platform information
Device language and region settings
Usage Data:
App interaction logs for debugging and error reporting
Session data for maintaining your logged-in state
Push Notification Tokens:
Device tokens necessary to send you trip reminders and notifications (only if you grant notification permissions)
3. Information We Do Not Collect
PackKit does not collect:
Location data or GPS coordinates
Camera or photo library access
Contact lists
Browsing history or web activity
Payment or financial information
Health or fitness data
Behavioral analytics or tracking data
How We Use Your Information
We use the information we collect for the following purposes:
Core Functionality
To create and maintain your user account
To authenticate you when you log in
To store and sync your inventory items, trips, and packing lists
To enable trip planning and packing organization features
To persist your app preferences (like dark mode)
Communication
To send you trip packing reminders (only if you enable notifications)
To respond to your support requests and questions
To send important service announcements or security alerts
App Improvement
To diagnose and fix technical issues
To understand how the App is being used to improve features
To ensure the security and integrity of the App
Legal Compliance
To comply with applicable laws and regulations
To enforce our Terms of Service
To protect the rights, property, or safety of PackKit, our users, or others
Data Storage and Third-Party Services
Google Analytics
We use Google Analytics to collect general traffic analysis data to understand how the App is being used and to improve our features. Google Analytics collects:
General usage patterns and feature interactions
Device and app version information
Aggregated performance metrics
Google Analytics data is anonymized and does not directly identify you. For more information about Google Analytics' data practices, visit: https://policies.google.com/technologies/analytics
Supabase (Backend Infrastructure)
PackKit uses Supabase as our backend database and authentication provider. Supabase is hosted on secure cloud infrastructure and provides:
User authentication and session management
Database storage for your inventory, trips, and packing lists
Data encryption in transit and at rest
Supabase Data Center:
Your data is stored in Supabase's secure data centers. Supabase complies with industry-standard security practices and regulations including GDPR.
Data Transmission:
All data transmitted between the App and Supabase servers is encrypted using HTTPS/TLS protocols.
For more information about Supabase's security and privacy practices, visit: https://supabase.com/privacy
OAuth Providers
When you sign in with Google or Apple:
Google: We receive your name, email address, and profile information from Google's OAuth service. Google's privacy policy applies to their services: https://policies.google.com/privacy
Apple Sign-In: We receive your name and email address (or a private relay email if you choose to hide your email) from Apple's authentication service. Apple's privacy policy applies: https://www.apple.com/legal/privacy/
Expo Services
PackKit is built using Expo, which provides:
Push notification delivery services
App update mechanisms
Development and debugging tools (in development builds only)
Expo's privacy policy: https://expo.dev/privacy
Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
We may share your information only in the following circumstances:
With Service Providers
We share data with trusted third-party service providers (Supabase, Expo) who help us operate the App. These providers are contractually obligated to protect your data and use it only for the services they provide to us.
For Legal Reasons
We may disclose your information if required to do so by law or in response to:
Valid legal requests from government authorities
Court orders or subpoenas
Protection of our legal rights or property
Investigation of fraud, security issues, or illegal activities
Situations involving potential threats to safety
Business Transfers
If PackKit is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the App before your information becomes subject to a different privacy policy.
With Your Consent
We may share your information for any other purpose with your explicit consent.
Data Security
We take the security of your information seriously and implement industry-standard security measures:
Encryption: All data in transit is encrypted using TLS/HTTPS. Data at rest is encrypted in Supabase's secure databases.
Authentication: Secure password hashing (bcrypt) for email/password accounts. OAuth 2.0 for Google and Apple Sign-In.
Session Management: Secure session tokens with automatic refresh and expiration.
Access Controls: Limited employee access to user data, restricted to essential operations only.
Regular Security Audits: We regularly review our security practices and update them as needed.
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.
Your Rights and Choices
You have the following rights regarding your personal information:
Access and Portability
You can access all your data directly within the App. If you need a copy of your data in a portable format, please contact us at the email address below.
Correction and Updates
You can update your account information, inventory items, trips, and preferences directly in the App at any time.
Deletion
You have the right to request deletion of your account and all associated data. To delete your account:
Email us at [email protected] with your deletion request
We will delete your account and associated data within 30 days
Note: Some information may be retained for legal compliance or legitimate business purposes as permitted by law
Notification Preferences
You can enable or disable push notifications at any time through your device's system settings (iOS Settings > Notifications > PackKit)
Regional Privacy Rights
For European Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority
Legal Basis for Processing:
We process your data based on:
Your consent (for optional features like notifications)
Performance of our contract with you (to provide the App's services)
Our legitimate interests (to improve and secure the App)
Legal obligations (to comply with applicable laws)
For California Users (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights:
Right to know what personal information is collected
Right to know if personal information is sold or shared (PackKit does not sell personal information)
Right to access your personal information
Right to request deletion of personal information
Right to opt-out of the sale of personal information (not applicable as we don't sell data)
Right to non-discrimination for exercising your rights
To exercise these rights, contact us at [email protected].
For Other Jurisdictions
Users in other regions may have specific privacy rights under local laws. Please contact us to exercise any rights available to you under your local privacy regulations.
Children's Privacy
PackKit is a general audience app and is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. We will take steps to delete such information from our systems.
If you are under 13 years of age, please do not use PackKit or provide any information through the App.
International Data Transfers
PackKit operates globally and your information may be transferred to and processed in countries other than your own, including the United States, where Supabase's servers are located.
These countries may have data protection laws that are different from the laws of your country. When we transfer your information internationally, we ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.
Data Retention
We retain your personal information for as long as necessary to provide you with the App's services and fulfill the purposes outlined in this Privacy Policy.
Active Accounts: Your data is retained while your account is active.
Deleted Accounts: When you request account deletion, we will delete your personal information within 30 days, except where we are required or permitted to retain it for:
Legal compliance (tax, accounting, or regulatory requirements)
Resolving disputes
Enforcing our agreements
Fraud prevention and security
Backup Data: Deleted data may persist in our backup systems for up to 90 days before permanent deletion.
Cookies and Tracking Technologies
Web Version
If you use PackKit on the web, we may use cookies or similar technologies for:
Session management (keeping you logged in)
Remembering your preferences (like dark mode)
We do not use cookies or tracking technologies for:
Advertising or marketing
Third-party analytics or behavioral tracking
Cross-site tracking
Mobile Apps
The mobile versions of PackKit (iOS) does not use cookies. We use local storage (AsyncStorage) to maintain your session and preferences on your device.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
Update the "Last Updated" date at the top of this policy
Notify you via email or in-app notification if the changes are material
Obtain your consent if required by law
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Your continued use of PackKit after changes are made will constitute your acceptance of the updated Privacy Policy.
Third-Party Links
PackKit may contain links to third-party websites or services (such as OAuth providers). We are not responsible for the privacy practices or content of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: [email protected]
We will respond to your inquiry within 30 days.
Your Acceptance of These Terms
By using PackKit, you acknowledge that you have read this Privacy Policy and agree to its terms. If you do not agree with this Privacy Policy, please discontinue use of the App.
PackKit - Smart packing for better travels.
Document Version: 1.0