Privacy Policy

Last Updated: February 19, 2026

1. Introduction

SmallWin ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SmallWin mobile application and related services (collectively, the "App").

By using SmallWin, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information You Provide

- Account Information: Name, email address, password (encrypted), and profile avatar

- Victory Data: Victory titles, categories, context, significance levels, tags, and timestamps

- Preferences: Notification settings, timezone, celebration style, privacy level, weekly report schedule

- Support Circle: Email addresses of invited supporters and relationship data

2.2 Automatically Collected Information

- Device Information: Device type, operating system, unique device identifiers

- Usage Data: App interactions, feature usage, error logs

- Analytics: Performance data to improve the App

2.3 AI-Generated Insights

- Victory patterns and trends analyzed to provide personalized insights

- Aggregated, anonymized data for AI feature improvements

3. How We Use Your Information

We use your information to:

- Provide, maintain, and improve the App's functionality

- Authenticate your identity and secure your account

- Generate personalized insights and weekly reports

- Enable social features (sharing victories with your support circle)

- Send notifications (reminders, weekly reports, reactions) based on your preferences

- Respond to your requests and provide customer support

- Analyze usage patterns to enhance user experience

- Export your data upon request

4. Data Sharing and Disclosure

4.1 With Your Consent

- Support Circle: Victory data you choose to share with invited supporters

- You control visibility levels: all victories, big wins only, or weekly summaries only

4.2 Service Providers

We use third-party services that may process your data:

- Supabase: Cloud database and authentication services

- Analytics Providers: Anonymous usage analytics

- Push Notification Services: For delivering notifications

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority.

4.4 Business Transfers

If SmallWin is involved in a merger, acquisition, or asset sale, your information may be transferred with prior notice.

5. Data Security

We implement industry-standard security measures:

- Encryption: All data transmitted via HTTPS/TLS encryption

- Password Security: Passwords are hashed using bcrypt

- JWT Authentication: Secure token-based authentication with refresh tokens

- Rate Limiting: Protection against brute force attacks

- Input Sanitization: XSS protection and input validation

- Access Controls: Role-based access to your data

Note: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Export

You can access and export all your data at any time through the App's export feature.

6.2 Correction and Updates

You can update your profile information, preferences, and victory entries within the App.

6.3 Deletion

You may delete:

- Individual victories

- Your entire account and all associated data

- Support circle connections

Account deletion is permanent and cannot be undone.

6.4 Opt-Out

You can disable:

- Push notifications

- Weekly report emails

- AI insights generation

- Social sharing features

6.5 Offline Mode

The App works offline; data is stored locally and synced when you choose to go online.

7. Data Retention

- Active Accounts: Data retained while your account is active

- Deleted Accounts: All data permanently deleted within 30 days of account deletion

- Backups: Encrypted backups may be retained for up to 90 days for disaster recovery

- Anonymous Analytics: Retained indefinitely in aggregated, non-identifiable form

8. Children's Privacy

SmallWin is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

- Posting the new Privacy Policy in the App

- Sending an email notification for material changes

- Updating the "Last Updated" date at the top of this policy

Your continued use of the App after changes constitutes acceptance of the updated policy.

11. Third-Party Links and Services

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any information.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights including:

- Right to know what personal information is collected

- Right to delete personal information

- Right to opt-out of sale of personal information (we do not sell your data)

- Right to non-discrimination for exercising your rights

13. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights including:

- Right to access your data

- Right to rectification

- Right to erasure ("right to be forgotten")

- Right to restrict processing

- Right to data portability

- Right to object to processing

To exercise these rights, contact us using the information below.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: ouassil.mouncir@gmail.com

Address: 

Response Time: We aim to respond to all inquiries within 48 hours.

15. Consent

By using SmallWin, you consent to this Privacy Policy and agree to its terms.

16. Guest Mode Data Collection

Local Storage Only: When you use SmallWin in "Guest Mode" without creating an account, all your data is stored locally on your device using AsyncStorage. This includes:

- Victory logs (titles, categories, significance levels, context, timestamps)

- Generated insights and patterns

- App preferences and settings

No Cloud Storage: Guest mode data is NOT transmitted to our servers or stored in our database. It remains exclusively on your device.

Data Persistence: Guest data persists only until:

- You register an account (data is then migrated to our secure servers)

- You clear the app's data or cache

- You uninstall the application

- You log out of guest mode

Data Migration: When you create an account from guest mode, your locally stored victories and insights are automatically transferred to your new account and stored on our secure servers with encryption.

No Personal Information: Guest mode does not collect personal information such as name, email, or authentication tokens.

Third-Party Services: Guest mode does not use third-party analytics, advertising, or tracking services. The only external service used is OpenRouter AI for generating insights (if you choose to use that feature), which processes victory data anonymously without user identifiers.

---

⚠️ LEGAL DISCLAIMER: This privacy policy template is provided for informational purposes only and does not constitute legal advice. You should consult with a qualified attorney to ensure compliance with applicable laws (GDPR, CCPA, COPPA, etc.) and to customize this policy to your specific business practices, data handling procedures, and jurisdiction.

Would you like me to adjust any sections or add specific provisions for particular jurisdictions?