Privacy Policy

1. Overview

Elpis (“we”, “our”, or “the App”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our mobile application.

2. Data Collection

We collect minimal data necessary for the App to function:

• Account information (email, display name) for authentication
• Sobriety/smoking tracking data you voluntarily record
• Community posts and messages you choose to share
• Device information for crash reporting and app optimization

We do NOT collect: location data without explicit permission, health records from external sources, or any biometric data.

3. Data Storage & Security

• All sensitive data is encrypted with AES-256 encryption on your device
• Cloud sync uses Firebase with App Check verification
• Data is stored locally first (offline-first architecture) using RxDB
• Server communication is encrypted via TLS 1.3

4. Third-Party Services

We use the following third-party services:

• Firebase (Google) — Authentication, database, crash reporting
• RevenueCat — Subscription management
• Kakao API — Place search for danger zone detection (Korea only)

Each service operates under its own privacy policy. We encourage you to review them.

5. Your Rights

You have the right to:

• Access, correct, or delete your personal data
• Export your data at any time
• Opt out of analytics and crash reporting
• Delete your account and all associated data

6. Data Sharing

We never sell your personal data to third parties. Data is only shared when:

• You explicitly choose to share in the community
• Required by law or legal process
• Necessary for service operation (e.g., payment processing)

7. Contact

For privacy inquiries, contact us at: chrislee.krh@gmail.com