WayBack ("we", "us", "our") is a social memory app that helps you rediscover shared experiences with friends. We are committed to protecting your privacy and being transparent about how your data is used.

This policy applies to the WayBack mobile application and associated services. WayBack is operated from Copenhagen, Denmark and complies with the EU General Data Protection Regulation (GDPR).

1. Data We Collect

1.1 Account Information

When you sign up via Apple Sign In, we store your name, email address, username, date of birth, and profile photo. Your profile photo is stored in our cloud infrastructure (Supabase).

1.2 Photo Metadata (Local Only)

1.3 Timeline Comparison Data

When you compare timelines with a friend in person, location timestamps are temporarily sent to our database in encrypted form. This data is used only to find matching memories and is deleted immediately after the comparison session ends.

1.4 Interests

If you enable Interest Detection, WayBack automatically identifies your interests based on the types of venues and events in your timeline. Interests are stored locally on your device. If you enable Interest Sharing, a copy of your interests is stored in our cloud database so friends can receive relevant friend recommendations. Your specific interests are never shown to other users.

1.5 Activities & Social Data

Activities you create, friend connections, and activity invitations are stored in our cloud database to enable the social features of WayBack.

1.6 Location

With your permission, we access your device location to show nearby venues and events on the Explore page. Location access is optional and can be revoked at any time.

2. How We Use Your Data

We use your data to provide and improve the WayBack experience, specifically to:

• Build your personal memory timeline from photo metadata
• Enable in-person timeline comparisons with friends
• Detect your interests and personalize venue and event recommendations
• Suggest friends who may enjoy the same venues and events
• Show you nearby places and events on the Explore page
• Send notifications about friend requests, activity invitations, and relevant updates

3. Your Privacy Controls

WayBack gives you granular control over how your data is processed. You can toggle these at any time in the app under Settings → Privacy & Data:

• Photo Analysis — Allow WayBack to analyze your photos locally to detect venues and events
• Interest Detection — Automatically create interests based on the venues you visit (requires Photo Analysis)
• Personalized Recommendations — Use your interests to show relevant venues and events on the Explore page
• Interest Sharing — Let friends see you as a suggested invite for venues matching your interests (requires Personalized Recommendations)

Disabling a toggle immediately stops the associated processing. Disabling Interest Sharing deletes your interests from our cloud database.

4. Advertising & Promotions

The WayBack Explore page may display promoted venues and events from business partners. In the future, businesses may be able to target promotions to users based on proximity, profile match, or previous visits. We will never sell your personal data to advertisers. You will always be able to distinguish promoted content from organic recommendations.

5. Data Storage & Security

Your data is stored using Supabase, a secure cloud platform with data centers in the EU. We use row-level security policies to ensure users can only access their own data. Timeline comparison data is encrypted in transit and at rest, and is deleted after each session.

6. Data Sharing

We do not sell your personal data to any third party. We share data only in these limited circumstances:

• With other WayBack users — Your profile name, username, and avatar are visible to other users. Friends can see activities you create.
• Service providers — We use Supabase (database/storage), Apple (authentication), and Apple MapKit (local geocoding) to operate the service.
• Legal requirements — We may disclose data if required by law or to protect rights, safety, or property.

7. Your Rights Under GDPR

As a user in the EU, you have the right to:

• Access your data — Contact us to receive a copy of all data we hold about you
• Rectify your data — Edit your profile information at any time in the app
• Delete your data — Delete your account in Settings, which permanently removes all your data from our servers
• Restrict processing — Use the privacy toggles to control which features process your data
• Data portability — Request your data in a machine-readable format
• Withdraw consent — Disable any GDPR toggle at any time; processing stops immediately
• Lodge a complaint — You have the right to file a complaint with the Danish Data Protection Agency (Datatilsynet)

8. Data Retention

Your account data is retained for as long as your account is active. Timeline comparison data is deleted immediately after each session. When you delete your account, all associated data is permanently removed from our servers, including your profile, friends, activities, invitations, interests, and stored avatar image.

9. Children's Privacy

WayBack requires users to be at least 16 years old. We do not knowingly collect data from users under 16. If we become aware that a user is under 16, we will delete their account and data.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes through the app or by email. Continued use of WayBack after changes constitutes acceptance of the updated policy.