PackKit Privacy Policy

Effective Date: April 24, 2026
Last Updated: May 10, 2026

We collect only what's needed to run PackKit: your account info, your packing data, subscription status, and anonymized usage analytics. We don't sell your data or run ads. Everything is encrypted. To request account deletion, email [email protected].

Introduction

Welcome to PackKit ("we," "our," or "us"). We take your privacy seriously. This policy explains what we collect, how we use it, and what rights you have when using the PackKit app (the "App") or visiting packkit.me (the "Website").

By using PackKit, you agree to the data practices described here. If you don't agree, don't use the App or Website.

Information We Collect

1. Information You Provide

Account Information:

  • Email address and password (email sign-up)
  • Name and email address (Google or Apple sign-in)
  • Preferences such as dark mode settings

Your Content:

  • Inventory items (names, categories, icons, notes, liquid status)
  • Trip details (names, destinations, dates, traveler count, status)
  • Packing lists and templates
  • Notes or descriptions on items or trips

2. Information Collected Automatically

Device Information:

  • Device type and operating system
  • App version and platform
  • Device language and region

In-App Usage Analytics (PostHog):

  • Anonymized events like paywall viewed, trial started, and feature limits reached. These help us understand how the app is used.
  • Interaction logs for debugging
  • Session data to keep you logged in

Website Analytics (Google Analytics):

  • When you visit packkit.me, Google Analytics collects aggregated traffic data: pages viewed, session duration, and device or browser type. This data does not identify you personally and is not used in the mobile app.

Subscription Data:

  • Subscription status managed via RevenueCat (see Third-Party Services below)

Push Notification Tokens:

  • Device tokens for trip reminders, only if you grant notification permission

3. What We Don't Collect

PackKit does not collect:

  • Location data or GPS
  • Camera or photo library access
  • Contact lists
  • Browsing history or web activity
  • Payment or financial information
  • Health or fitness data

How We Use Your Information

Running the App

  • Creating and maintaining your account
  • Authenticating you when you log in
  • Storing and syncing your inventory, trips, and packing lists
  • Powering trip planning and packing features
  • Saving your preferences like dark mode
  • Tracking your subscription status to unlock the right features

Communication

  • Sending trip packing reminders (only if you enable notifications)
  • Responding to your support requests
  • Sending service announcements or security alerts

Improving the App and Website

  • Diagnosing and fixing technical issues
  • Understanding how the app and website are used
  • Keeping the app secure

Legal Compliance

  • Meeting applicable laws and regulations
  • Enforcing our Terms of Service
  • Protecting the rights, property, or safety of PackKit, our users, or others

Data Storage and Third-Party Services

Google Analytics (Website)

We use Google Analytics on packkit.me to understand web traffic: pages visited, session duration, and general device or browser info. The data is aggregated and does not identify you personally. It is not used in the mobile app. See Google's Analytics policy.

PostHog (In-App Analytics)

We use PostHog to collect anonymized usage events in the mobile app (paywall views, trial starts, feature limit hits). Events are associated with an internal user ID but do not include your email address or other personally identifiable information. See PostHog's privacy policy.

RevenueCat (Subscription Management)

We use RevenueCat to manage subscriptions. When you subscribe, RevenueCat receives your Apple ID transaction receipts and subscription status. We don't store or see your payment card details. All payments go through Apple. See RevenueCat's privacy policy.

Supabase (Backend)

PackKit uses Supabase for our database and authentication. All data is encrypted in transit (HTTPS/TLS) and at rest. Supabase is GDPR-compliant. See Supabase's privacy policy.

OAuth Providers

When you sign in with Google, we receive your name and email from Google's OAuth service (Google's privacy policy). When you sign in with Apple, we receive your name and email, or a private relay email if you choose to hide it (Apple's privacy policy).

Expo

PackKit is built with Expo, which handles push notification delivery and app updates. See Expo's privacy policy.

Data Sharing and Disclosure

We don't sell, rent, or trade your personal information for marketing. We share data only in these situations:

Service Providers

We share data with our service providers (Supabase, RevenueCat, PostHog, Google Analytics, Expo). Each is required by contract to protect your data and only use it to provide their service to us.

Legal Requirements

We may share information when required by law, court order, or to protect our legal rights or investigate fraud or illegal activity.

Business Transfers

If PackKit is sold or merged, your information may be part of that transfer. We'll notify you by email or in-app notice before your data moves to a different privacy policy.

With Your Consent

We may share your information for other purposes with your explicit consent.

Data Security

Here's how we protect your data:

  • Encryption: All data in transit uses TLS/HTTPS. Data at rest is encrypted in Supabase's databases.
  • Authentication: Passwords are hashed with bcrypt. Google and Apple sign-in use OAuth 2.0.
  • Session Management: Session tokens refresh automatically and expire when not in use.
  • Access Controls: Access to user data is restricted to what's necessary to run the service.

No method of internet transmission is 100% secure. We can't guarantee perfect security, but we take it seriously.

Your Rights and Choices

Access

You can view and edit your data directly in the app. For questions about what we hold on you, reach out at [email protected].

Deletion

To delete your account and all associated data, email [email protected]. We'll handle your request within 30 days. Some data may be kept where the law requires it.

Notifications

You can turn push notifications on or off at any time in your device's settings.

Regional Privacy Rights

European Users (GDPR)

If you're in the EEA, UK, or Switzerland, you have additional rights under GDPR:

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

We process your data to fulfill our contract with you, meet legal requirements, and for our legitimate interest in running and improving the service. To exercise any of these rights, contact us at [email protected].

California Users (CCPA/CPRA)

California residents can request to know what personal information we collect, access or delete it, and opt out of its sale. We don't sell personal information. To exercise your rights, contact us at [email protected].

Other Jurisdictions

Local laws in other regions may give you additional privacy rights. Contact us and we'll help you exercise them.

Children's Privacy

PackKit is not for children under 13. We don't knowingly collect personal information from anyone under 13. If you believe your child has given us their information, email us at [email protected] and we'll delete it promptly.

International Data Transfers

Your data may be processed in countries other than your own, including the US where our service providers operate. When data crosses borders, we take steps to keep it protected under this policy and applicable law.

Data Retention

  • Active accounts: We keep your data while your account is active.
  • Deleted accounts: We delete your personal information within 30 days of a deletion request, except where the law requires otherwise.
  • Backups: Deleted data may remain in backup systems for up to 90 days before it's gone permanently.

Cookies and Tracking Technologies

Website (packkit.me)

Google Analytics may set cookies on packkit.me to collect aggregated traffic data. We don't use cookies for advertising or cross-site tracking. You can opt out of Google Analytics using the Google Analytics opt-out browser add-on.

Mobile App

The app doesn't use cookies. We use local storage (AsyncStorage) to keep your session and preferences on your device.

Changes to This Policy

We may update this policy from time to time. When we do, we'll update the "Last Updated" date at the top of this page. For material changes, we'll notify you by email or in-app notice. Continuing to use PackKit after changes go live means you accept them.

Third-Party Links

PackKit may link to third-party websites or services. We're not responsible for their privacy practices. Check their policies before sharing your information with them.

Contact Us

Questions about this policy or how we handle your data? Email us at [email protected]. We respond within 30 days.

Your Acceptance

By using PackKit, you agree to this policy. If you don't agree, please stop using the app or website.