Privacy Policy

• Account — a unique account created for you to access the Service.
• Application — the Capalation mobile app for iOS and Android.
• Company (“we”, “us”, “our”) — Capalation, operating from British Columbia, Canada.
• Personal Data — any information that relates to an identified or identifiable individual.
• Service — the Application and the Website at capalation.com, together.
• Service Provider — a third party that processes data on our behalf.
• Usage Data — data collected automatically by the Service (for example, device type, IP address, or screen views).
• User Content — photos, comments, votes, theme titles and descriptions, collection names, and any other content you submit.
• You — the individual using the Service.

Account information

When you create an account, we collect:

• Email address (always required).
• Password — stored hashed by our authentication provider; we never see your raw password.
• Display name and username shown on your profile and on photos during the results phase.
• Profile avatar, if you choose to upload one.
• If you sign in with Google, we receive your name, email, and profile picture from Google.
• If you sign in with Sign in with Apple, we receive an Apple-issued identifier and, on first login only, your name and an email address (which may be a private relay address Apple generates for you). Apple only provides this information once, so we store it on first login.

User Content

The Service is built around photo competitions, so we collect content you submit, including:

• Photos you upload as theme cover images, competition entries, or profile avatars — stored in our hosted storage buckets.
• Themes you create — title, description, end date, optional cover image, and visibility settings.
• Collections you create or join — name, description, visibility, membership, role, and join requests.
• Votes you cast on photos during the voting phase.
• Comments you leave on photos during the results phase.
• Saved themes and archive entries, which record themes you have bookmarked or kept past the public results window.

Device permissions

To enable core features, the Application asks permission to access:

• Your device’s camera and photo library, so you can submit photos.
• Push notification tokens, so we can notify you about themes, voting, and results. You can disable these at any time in your device settings.

Usage data

We automatically collect technical information when you use the Service, including IP address, device type and OS, app version, browser type, screens visited, timestamps, and diagnostic data such as crash logs.

Payment information

If you purchase archive credits, payment is processed by Stripe. We do not store your full card details. We receive a transaction record (amount, currency, status, last four digits, and Stripe identifiers) to credit your account and provide receipts. See Section 6 for more.

Cookies and similar technologies

On the Website we use cookies primarily to keep you signed in and remember your preferences. Where required by law, non-essential cookies are only used with your consent. You can manage cookies through your browser settings, though disabling essential cookies may prevent sign-in.

We use Personal Data and User Content to:

• Operate the Service — authenticate accounts, host photos, run themes, count votes, deliver comments, and manage collections.
• Enforce theme phases — submission, voting, results, and archived — and apply visibility rules so submitter identities stay hidden until the results phase.
• Send notifications — push notifications and service emails about themes, voting, results, and account security.
• Process payments for archive credits and provide receipts.
• Prevent abuse — apply rate limits, detect fraud, and respond to Terms violations.
• Improve the Service — diagnose issues, analyze usage, and develop new features.
• Comply with law — meet legal obligations and respond to lawful requests.

We rely on a small number of vetted providers that process data only on our behalf and under contractual security obligations.

• Supabase — authentication, database, file storage, and serverless functions.
• Google — optional OAuth sign-in.
• Apple — optional Sign in with Apple on iOS.
• Stripe — payment processing for archive credit purchases.
• App Store and Google Play — app distribution and in-app purchases.
• Email and push notification providers — transactional emails and push notifications.
• Website hosting and analytics providers.

Capalation is a social product, so some content is visible to other users. Visibility depends on context:

• Public themes — visible to anyone on the Service.
• Collection themes — visible to members of that collection only.
• Shared themes — visible to specific users you have shared with.
• Submitter identity — usernames and avatars on submitted photos are hidden during submission and voting; they become visible only in the results phase.
• Archived themes — hidden from all public listings once the results window ends; accessible only to users who hold an archive entry.

We do not sell your Personal Data. We share it outside the Service only in these limited situations:

• With Service Providers (Section 4).
• To comply with applicable laws or valid legal process.
• To enforce our Terms or protect the rights, safety, or property of Capalation, our users, or the public.
• In connection with a merger, acquisition, or asset sale — we will give notice before your data becomes subject to a different policy.
• With your consent for any other purpose.

Archive credits let you view a theme past the 96-hour public results window. Card payments on the website are handled by Stripe — your card number, CVC, and expiration date go directly to Stripe and never reach our servers. We store only the transaction record (amount, currency, status, last four digits, and Stripe identifiers) to credit your account and provide receipts.

In-app purchases on iOS or Android are processed by Apple or Google under their own terms and privacy policies. We receive only a transaction confirmation.

We retain data only as long as needed to provide the Service, meet legal obligations, and resolve disputes.

• Account information — kept while active and up to 24 months after account closure.
• User Content — retained for the life of the theme and collections that reference it. Archived themes remain available to users holding an archive entry.
• Support correspondence — up to 24 months after the ticket closes.
• Usage and diagnostic data — up to 24 months from collection.
• Payment records — as long as required by tax and accounting law.

When you delete your account from Settings, we initiate deletion of your profile and associated data. Some content tied to shared outcomes (such as votes that affected a public ranking) may persist where deletion would distort other users’ experience. Anonymized data may be retained indefinitely.

Capalation is operated from British Columbia, Canada. Our Service Providers may store and process data in other countries, including the United States. By using the Service you understand that your information may be transferred to jurisdictions with different data protection laws. Where required, we use appropriate safeguards such as standard contractual clauses.

Depending on where you live, you may have rights to access, correct, delete, port, or restrict use of your Personal Data. To exercise them:

• Update most profile information directly in the app.
• Delete your account from the Settings screen.
• Disable push notifications and camera access in your device settings at any time.
• For any other request, contact us at the address in Section 14.

You also have the right to lodge a complaint with your local data protection authority.

We use industry-standard safeguards including encrypted transport (HTTPS), encryption at rest, hashed passwords, row-level security on our database, rate limits on sensitive actions, and a server-calibrated clock to prevent device-clock manipulation of theme phases. No internet transmission or electronic storage is fully secure, and we cannot guarantee absolute security.

Capalation is not directed to children under 13, and we do not knowingly collect Personal Data from anyone under 13. If you believe a child has provided us with Personal Data, please contact us and we will take steps to remove it.

The Service may contain links to websites or services we don’t operate. We are not responsible for their content, privacy policies, or practices. We encourage you to review the privacy policy of every site you visit.

We may update this Privacy Policy from time to time. We will revise the “Last updated” date at the top of this page and, for material changes, provide additional notice (email or in-app message) before the change takes effect. Continued use after the effective date constitutes acceptance.

If you have questions about this Privacy Policy or how your information is handled: