Privacy Policy

Yap ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use the Yap mobile application and related services (the "Service"), how we use it, who we share it with, and what rights you have.

1. Overview

Yap is an async video-messaging app where friends send short videos ("yaps") back and forth. We designed the Service to collect as little information as we need to make it work. This policy covers all information collected through the app and through our website at yapmeback.com.

2. Information We Collect

Information you provide directly:

• Phone number (used for account verification via SMS).
• Profile information: display name, username, first and last name, and avatar.
• Yaps you record and send, including video files, captions, durations, and thumbnails.
• Conversation notes ("talking points") you save for direct messages and groups.
• Friend connections and group memberships you create.
• Reports you file against other users or content.
• Block list and mute list entries.
• Self-attested confirmation that you are 13 or older.

Information collected automatically:

• A push notification token issued by the Expo Push Service so we can deliver new-yap notifications.
• Device type, operating system, and app version (collected by the Expo runtime).
• IP address (logged by our infrastructure providers — Supabase, Cloudflare, Twilio, and Expo Push — during normal operation).
• Playback events (when a recipient watches a yap, the timestamp is recorded so the sender knows it was seen).

Information you may optionally provide:

• Access to your phone's contact list. If you grant access, contact phone numbers are sent to our server only to check which contacts already use Yap. Contact names are never transmitted to or stored on our servers; they remain on your device.

3. How We Use Your Information

We use the information we collect to:

• Create, operate, and maintain your account.
• Send SMS verification codes when you sign up or sign in.
• Deliver yaps to the friends and groups you choose.
• Send push notifications about new yaps (you can disable these in Settings).
• Maintain, secure, and improve the Service.
• Detect, investigate, and prevent abuse, fraud, and violations of our Terms.
• Respond to user reports and support requests.
• Comply with our legal obligations.

4. How We Share Your Information

We do not sell your personal information, and we do not share it with advertisers or data brokers. We share information only as follows:

With other users:

• Yaps you send are delivered to the friends or group members you choose.
• Your profile (display name, username, avatar) is visible to your friends and to anyone who searches for your username.

With service providers that help us operate Yap:

• Supabase (United States) — hosts our database, authentication, and backend functions.
• Cloudflare R2 (United States) — stores video and thumbnail files.
• Twilio (United States) — delivers SMS verification codes; not used for marketing.
• Expo Push Service / Apple Push Notification Service — deliver push notifications to your device.
• Cloudflare — provides DNS and edge networking for our website and APIs.
• Apple (App Store) — distributes the Yap app.

For legal and safety reasons:

• We may disclose information to law enforcement or government authorities when legally required (for example, in response to a valid subpoena or court order) or when we reasonably believe disclosure is necessary to prevent imminent harm.
• We report child sexual abuse material (CSAM) to the National Center for Missing & Exploited Children (NCMEC) when we become aware of it on the Service, as required by U.S. law.

In connection with a corporate transaction:

• If Yap is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. How We Store and Protect Your Information

Your data is encrypted in transit using TLS/SSL and encrypted at rest by our infrastructure providers. Access to user data is restricted via row-level controls in our database, and video files in object storage are accessed only via short-lived signed URLs. We follow the principle of least privilege for internal access. No system is perfectly secure, but we work to maintain industry-standard safeguards.

6. How Long We Keep Your Information

• Yaps in direct messages: replaced when you or your friend sends the next yap. The previous yap is permanently deleted within approximately 30 minutes.
• Group yaps: groups retain a small rotating window (the most recent two or three yaps); older yaps are deleted on the same schedule.
• Account data: retained while your account is active.
• Account deletion: when you delete your account through Settings → Delete Account or by emailing support, all of your data — profile, friendships, group memberships, yaps you sent, reports you filed, push tokens — is permanently deleted within 30 days.
• Operational logs: our infrastructure providers may retain operational logs for security, debugging, and abuse prevention.

7. Your Rights

All users:

• Access your account data through the app.
• Correct your profile through Profile Edit.
• Delete your account through Settings → Delete Account.
• Opt out of push notifications through Settings or your device's notification settings.
• Mute conversations, block users, and report content or users.

California residents (CCPA / CPRA):

• Right to know what personal information we collect.
• Right to request deletion of your personal information.
• Right to request correction of inaccurate personal information.
• Right to request a copy of your personal information.
• Right to opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising).
• Right to non-discrimination for exercising these rights.

EU and UK residents (GDPR / UK GDPR):

• Right to access, rectify, erase, or restrict processing of your personal data.
• Right to object to processing and to data portability.
• Right to withdraw consent where processing is based on consent.
• Right to lodge a complaint with your local supervisory authority.
• Legal bases for processing: performance of a contract (operating the Service), legal obligation, and consent (SMS verification, push notifications).

Brazil (LGPD) and residents of other jurisdictions with comprehensive privacy laws have equivalent rights.

How to exercise your rights:

• Email support@yapmeback.com with the subject "Privacy Request" and the phone number associated with your account.
• To request a copy of your data, email us with the subject "Data Copy Request."
• We will respond within 30 days.

8. Children's Privacy

Yap is not directed to children under 13. We require self-attested age confirmation at signup, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 is using Yap, please contact us at support@yapmeback.com and we will delete the account.

9. SMS and Communications

By providing your phone number, you consent to receive SMS messages from Yap (delivered via Twilio) for account verification and security purposes. Standard message and data rates may apply. We do not send marketing SMS. Push notifications can be disabled in Settings or through your device's notification settings.

10. International Data Transfers

Yap's servers are located in the United States. By using Yap from outside the U.S., you consent to your information being transferred to and processed in the United States, where privacy laws may differ from those of your home country.

11. Third-Party Links and Services

The Service may contain links to or integrate with third-party services (listed in section 4). This Privacy Policy applies only to Yap. Third parties have their own privacy policies and practices, and we are not responsible for them.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in-app at least 30 days before the changes take effect, and we will update the "Last updated" and "Effective date" above. Your continued use of the Service after the effective date constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us at:

Email: support@yapmeback.com