Privacy Policy

Privacy Policy for SelTopia App

Effective Date: May 2, 2026
Last Updated: May 2, 2026

SelTopia ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, disclose, and protect information when you use the SelTopia mobile application and related services (the "Service").

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to information we collect through the Service, including when you register an account, sign in, use app features such as Daily Sparkle, Answers, Grounding, Echo, and Cora binding via NFC, and interact with our analytics and support systems.

2. Information We Collect

We collect the following categories of information:

2.1 Account and Authentication Information
When you register, sign in, or maintain an authenticated session, we may collect and process:

• Phone number

• Email address

• Authentication identifiers provided through third-party sign-in providers, including Apple Sign In and Google Sign In

• Session-related information, authentication tokens, and similar credentials necessary to maintain login status and secure access

2.2 Information You Create or Enter in the App
When you use certain features, you may enter or generate content within the app.

At this time:

• Information entered through Grounding is stored locally on your device

• Information entered through Echo is stored locally on your device

We do not currently upload or store Echo or Grounding content on our servers.

2.3 Feature Usage and Analytics Data
To understand how the Service is used, improve performance, and troubleshoot issues, we collect event and usage data, including:

• Feature name triggered by the user

• Timestamp of the event

• Step or stage within the flow

• Trigger method, such as Cora or button

This analytics data is collected through our own internal analytics API and stored in our Supabase database.

2.4 Device Interaction Information
When you use Cora binding or related NFC-based interactions, we may process the information necessary to establish, recognize, or manage the connection and trigger the requested function.

2.5 Communications and Verification Data
If you use phone verification, email verification, or receive service-related communications, we may process:

• Phone number for SMS verification or service messages

• Email address for authentication, account-related communication, or transactional email delivery

3. How We Use Information

We use collected information for the following purposes:

• To create and manage user accounts

• To authenticate users and maintain secure login sessions

• To provide app functionality, including Daily Sparkle, Answers, Grounding, Echo, and Cora binding

• To deliver SMS verification and email-based account communications

• To monitor usage, analyze product performance, and improve the Service

• To detect, prevent, and address fraud, abuse, security incidents, and technical issues

• To comply with legal obligations and enforce our terms and policies

4. Local Storage of Echo and Grounding Content

Currently, content entered into or generated through the Echo and Grounding features is stored locally on the user’s device only and is not uploaded to our servers.

Because this content is stored locally:

• It may be lost if the app is deleted, the device is reset, or local app data is cleared

• It may not be recoverable if the device is lost, damaged, or replaced

• It is not currently synchronized across devices

If we introduce cloud backup, syncing, or server-side storage for this content in the future, we will update this Privacy Policy and, where required by applicable law, provide additional notice or obtain consent.

5. Third-Party Services and Service Providers

We use third-party services to support the operation of the Service. These providers may process personal data on our behalf or as independent providers where necessary to deliver their services.

Our current third-party services include:

• Supabase: authentication, backend services, and database storage

• Sanity: content management and related content delivery

• Apple Sign In: user authentication

• Google Sign In: user authentication

• Twilio: SMS verification or phone-related messaging

• Postmark: transactional email delivery

These providers may process personal data such as identifiers, contact information, authentication-related data, and technical data strictly as needed to perform their services.

We encourage users to review the privacy policies of these providers:

• Supabase

• Sanity

• Apple

• Google

• Twilio

• Postmark

6. How We Share Information

We do not sell personal information.

We may share information in the following circumstances:

• With service providers and infrastructure partners that support authentication, communications, database hosting, analytics storage, and content delivery

• With Apple or Google when you choose those sign-in methods

• When required by law, regulation, legal process, or governmental request

• When necessary to protect the rights, property, safety, or security of our users, our company, or others

• In connection with a merger, acquisition, financing, reorganization, sale of assets, or similar corporate transaction, subject to applicable legal requirements

7. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

In general:

• Account and authentication data is retained for as long as your account remains active and as necessary for security and legal compliance

• Analytics and event logs are retained for as long as needed for product improvement, operational monitoring, and security review

• Echo and Grounding content is currently retained locally on the user’s device only, unless the user deletes it or the device/app data is cleared

You may want to add a specific retention period for analytics later, such as 180 days or 12 months, once you finalize your internal policy.

8. Data Security

We implement reasonable administrative, technical, and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, or destruction.

These measures may include:

• Access controls and authentication safeguards

• Secure session management

• Principle of least privilege

• Encryption in transit where applicable

• Logging and monitoring for security and operational purposes

However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

9. Your Rights and Choices

Depending on your location and applicable law, you may have rights regarding your personal data, including the right to:

• Access the personal data we hold about you

• Request correction of inaccurate or incomplete data

• Request deletion of your personal data

• Request restriction of certain processing

• Withdraw consent where processing is based on consent

• Request account deletion

If you would like to exercise any of these rights, please contact us at [Contact Email]. We may need to verify your identity before responding to your request.

10. Children’s Privacy

The Service is not directed to children under the age at which parental consent is required under applicable law, and we do not knowingly collect personal data from children in violation of applicable law.

If you believe that a child has provided personal data to us unlawfully, please contact us, and we will take appropriate steps to investigate and address the issue.

11. International Data Transfers

Depending on where you are located and where our service providers operate, your information may be processed in countries other than your own. Where required, we take appropriate steps to ensure that such transfers are subject to adequate safeguards under applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or the Service itself.

If we make material changes, we will provide notice through the app, by updating the "Last Updated" date above, or by other appropriate means as required by law.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SelTopia
app@seltopia.com