Privacy Policy

01

Who We Are

Aye is operated by Rich Dodzi, an individual based in Ghana. Aye is a mobile application that allows users to ask yes/no questions and receive anonymous responses from a global audience.

For all privacy matters, you may contact us at dev.richdodzi@gmail.com.

02

Information We Collect

Information you provide directly

Data	When collected	Why
Email address	Account registration	Authentication, OTP verification, password reset, service communications
Display name (nickname)	Account registration	Shown on your public profile and questions
Username (@handle)	Account registration	Your unique identifier on the platform
Profile photo	Optional, any time	Shown on your profile and beside your questions
Bio	Optional, any time	Displayed on your public profile
Age group	Optional, post-signup prompt	Improves demographic breakdown data shown to all users
Gender	Optional, post-signup prompt	Same as above
Country	Auto-detected from device locale; can be overridden	Regional demographic breakdowns
Password	Email registration only	Stored as a salted hash; we cannot read it

Information collected automatically

Data	Source	Why
Device type (iOS or Android)	Device at registration	Demographic breakdown feature
Device locale / country code	Device at registration	Regional context for questions and breakdowns
Votes cast	In-app actions	Aggregated to display results; individual votes are private
Questions posted	In-app actions	Displayed on your public profile
Comments posted	In-app actions	Displayed in question threads
Push notification token	Firebase on permission grant	Delivering push notifications
App usage sessions	Supabase backend	Service operation and abuse prevention

Information from social sign-in

If you sign in with Apple or Google, we receive your email address and display name from those providers. We do not receive your password or any other account data. Social sign-in is processed natively on your device - no browser redirect is involved.

What we do not collect: We do not collect phone numbers, precise GPS location, contacts, payment card numbers (handled entirely by Apple App Store / Google Play), or any biometric data.

03

How We Use Your Information

We use the information we collect to:

Create and maintain your account
Verify your email address via one-time password (OTP)
Enable you to post questions, vote, comment, and follow other users
Aggregate votes to display result percentages and demographic breakdowns
Send transactional emails - OTP codes and password reset links only
Deliver push notifications you have opted into (replies, mentions, vote milestones, new questions from followed users)
Process subscription payments where applicable
Moderate content using automated systems to maintain community safety
Detect and prevent abuse, spam, and fraud
Improve and maintain the service

We do not use your information to serve advertisements, build advertising profiles, or sell your data to third parties.

04

How We Share Your Information

Public information

The following information is visible to all users of Aye and may be seen by anyone who uses the app:

Your display name and @username
Your profile photo (if uploaded)
Your bio (if provided)
Questions you have posted (unless set to unlisted)
Comments you have written on public questions
Your total votes received count on your profile

Private information

The following is never shown publicly:

Your email address
How you voted on any question - all votes are permanently anonymous
Your follower count (visible only on your own profile)
Your age group, gender, and country (used only in aggregated, anonymous demographic breakdowns)

Service providers

We share data with trusted third-party service providers solely to operate the service. See Section 5 for the full list.

Legal requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

If Aye is acquired or merges with another entity, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

05

Third-Party Services

We use the following third-party services to operate Aye. Each processes data only as necessary to provide their service.

Provider	Purpose	Data shared
Supabase	Database, authentication, file storage, real-time data	All user data stored in the app
Firebase (Google)	Push notifications	Device push token, notification content
OpenAI	Content moderation - text and images checked for harmful content before publishing	Question text, comment text, image URLs
RevenueCat	Subscription management (when enabled)	Purchase receipts, subscription status
Apple	Sign In with Apple, App Store payments	Apple ID email and name (on first sign-in)
Google	Sign In with Google, Play Store payments	Google account email and name

Links to each provider's privacy policy:

06

Data Retention

We retain your data for as long as your account is active. Specifically:

Account data - retained until you delete your account
Questions - retained until deleted by you or removed for policy violations
Comments - retained until deleted by you, the question creator, or removed for violations
Votes - retained permanently in anonymous aggregated form even after account deletion, as they form part of the permanent public record of a question's result
Rejected moderation content - deleted after 30 days
Push notification tokens - deleted when you uninstall the app or revoke permissions

When you delete your account, all personally identifiable data - your email, display name, username, profile photo, bio, questions, comments, and demographic data - is permanently deleted within 30 days.

07

Your Rights

Regardless of where you are located, you have the following rights regarding your personal data:

Access - request a copy of the personal data we hold about you
Correction - update or correct inaccurate data via your profile settings at any time
Deletion - delete your account and all associated personal data from within the app (Settings → Delete account) or by emailing us
Portability - request your data in a structured, machine-readable format
Objection - object to certain processing of your data
Restriction - request that we restrict processing of your data in certain circumstances
Withdrawal of consent - withdraw consent at any time where processing is based on consent (e.g. push notifications can be disabled in your device settings)

To exercise any of these rights, contact us at dev.richdodzi@gmail.com. We will respond within 30 days.

08

GDPR - European Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and applicable local laws apply to your personal data.

Legal bases for processing

Processing activity	Legal basis
Account creation and authentication	Contract - necessary to provide the service you requested
Sending OTP and password reset emails	Contract - necessary to provide the service
Content moderation	Legitimate interests - to maintain a safe platform
Push notifications	Consent - you can withdraw at any time
Demographic data (age, gender)	Consent - voluntary and can be removed at any time
Subscription processing	Contract - necessary to fulfil your subscription

Data transfers outside the EEA

Some of our service providers (Supabase, Firebase, OpenAI, RevenueCat) are based in the United States. Data transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by the European Commission.

Right to lodge a complaint

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority.

Data Protection Officer

As an individual operator, we are not required to appoint a formal DPO. For all data protection enquiries, contact dev.richdodzi@gmail.com.

09

CCPA/CPRA - California Users

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional rights.

Your California rights

Right to Know - you may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collecting it, and the categories of third parties with whom we share it.
Right to Delete - you may request deletion of personal information we have collected, subject to certain exceptions.
Right to Correct - you may request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing - we do not sell or share personal information for cross-context behavioural advertising. No opt-out is required.
Right to Limit Use of Sensitive Personal Information - we use sensitive personal information (age group, gender) only for the purpose for which it was collected and do not use it for additional purposes.
Right to Non-Discrimination - we will not discriminate against you for exercising your CCPA rights.

Categories of personal information collected (CCPA)

Identifiers (email address, username)
Internet or other electronic network activity (in-app interactions)
Geolocation data (country code only - not precise GPS)
Inferences drawn to create a profile (demographic group data)

To submit a CCPA request, email dev.richdodzi@gmail.com with "CCPA Request" in the subject line. We will respond within 45 days.

10

Children's Privacy

Aye is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at dev.richdodzi@gmail.com and we will delete that information promptly.

For users in the EEA, the relevant age threshold may be higher depending on local law (up to 16 in some member states). We recommend parental supervision for users under 16.

11

Security

We take reasonable technical and organisational measures to protect your personal information, including:

All data in transit is encrypted using TLS/HTTPS
All data at rest is encrypted by our infrastructure provider (Supabase)
Passwords are stored as salted hashes - we cannot read them
Row-level security policies restrict data access at the database level
Email verification via OTP before account activation

No system is completely secure. If you discover a security vulnerability, please disclose it responsibly by emailing dev.richdodzi@gmail.com.

12

International Data Transfers

Aye operates globally. Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our primary service providers are located. These countries may have different data protection laws than your country.

Where we transfer personal data from the EEA, UK, or Switzerland to countries without an adequacy decision, we rely on Standard Contractual Clauses or other appropriate safeguards as required by applicable law.

13

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, sending you a notification through the app or by email.

Your continued use of Aye after changes become effective constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

14

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Rich Dodzi
Email: dev.richdodzi@gmail.com
Location: Ghana
Response time: within 30 days

For EU/EEA users exercising GDPR rights, for California users exercising CCPA rights, or for any urgent privacy concern, please include the relevant regulation in the subject line of your email to help us prioritise your request.