Privacy Policy

1. Introduction

apnia ("apnia", "we", "us", or "our") operates the apnia mobile application and the website at apnia.co (together, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices available to you.

By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

2. Who this policy covers

This policy applies to visitors to our website, people who join our beta waitlist, and users of the apnia mobile app on iOS and Android.

The Service is a social platform for freedivers. It lets you create a profile, log personal bests (PBs), post updates, connect with buddies, react and comment on posts, vote on product roadmap items, and receive notifications about activity from people you follow or are connected with.

3. Information we collect

3.1 Account and authentication data

• Account identifier assigned by our authentication provider.
• Email address associated with your account.
• Authentication provider used to sign in (Apple, Google, or Facebook).
• Session tokens and related authentication metadata needed to keep you signed in.

3.2 Profile and user-generated content

• Handle, display name, biography, avatar image, and chosen freediving disciplines.
• Profile visibility setting: public, buddies only, or private.
• Personal bests (discipline, value, unit, notes, and achievement date where provided).
• Posts, comments, reactions, and any images you attach to posts.
• Roadmap feature requests, descriptions, and votes.
• Whether your account has a completed profile and any pro-status flag associated with your account.

3.3 Social and community data

• Buddy requests, accepted buddy relationships, declined requests, and removed buddies.
• Buddies you have muted.
• In-app notifications, including their type, related content references, read status, and timestamps.
• Notification preference settings, including push and email fallback preferences.

3.4 Contact-based buddy discovery

If you choose to import contacts to find buddies, the app requests access to contact email addresses and phone numbers on your device. We do not upload your raw address book. On your device, we normalize and one-way hash those identifiers using SHA-256, then may store only the resulting hashes so we can suggest mutual connections. You can decline contact access and still use the rest of the Service.

3.5 Device permissions and local data

• Photos and media library: used when you choose a profile picture or attach images to posts.
• Contacts: used only if you initiate contact import for buddy suggestions.
• Push notifications: used to deliver alerts about buddy activity, comments, reactions, and related account events if you allow notifications on your device.
• Camera and microphone: requested by the app platform where those capabilities may be used for media features; we only access them when a feature you use requires it.
• On-device storage: we store session preferences, cached profile and buddy data, and other app state locally so the app can load faster and support limited offline use.

3.6 Push notification tokens

If you enable push notifications, we collect and store a device push token, your platform (iOS, Android, or web), and the associated user account so we can deliver notifications you have opted into.

3.7 Website waitlist data

If you join the beta waitlist on our website, we collect the email address you submit and the time of signup.

3.8 Usage, analytics, and technical data

We use PostHog to understand how the Service is used, diagnose problems, and improve reliability. Depending on how you use the Service, this may include:

• Screen or page views, navigation paths, and in-app feature usage events.
• App lifecycle events such as installs, opens, backgrounding, and updates.
• Product interaction events, including sign-in, onboarding, buddy actions, avatar uploads, profile edits, and contact import attempts.
• App version, build number, platform, environment, and client type (mobile app or website).
• On the website, request metadata such as page path, host, HTTP method, referrer, and optional client headers sent by the app.
• On the website, an anonymous analytics identifier stored in a first-party cookie named apnia_anon_id for up to one year to distinguish repeat visits without requiring login.

When you are signed in, analytics may be linked to your account identifier and certain profile attributes such as handle, visibility setting, disciplines, and whether you have added an avatar or bio. We do not use analytics for cross-app advertising tracking, and we do not sell your personal information.

4. How we collect information

• Directly from you when you create an account, complete onboarding, edit your profile, post content, connect with buddies, change settings, or contact us.
• Automatically when you use the app or website, including through analytics SDKs and server-side logging.
• From third-party sign-in providers when you authenticate with Apple, Google, or Facebook.
• From your device when you grant permissions for contacts, photos, notifications, or other supported features.

5. How we use information

We use the information we collect to:

• Provide, operate, maintain, and improve the Service.
• Create and manage your account and authenticate you.
• Display profiles, PBs, posts, comments, reactions, and feeds according to your visibility settings.
• Enable buddy requests, contact-based suggestions, muting, and social notifications.
• Store and deliver avatars, post images, and other media you upload.
• Send push notifications and, where enabled, email fallback notifications.
• Operate the beta waitlist and communicate about early access.
• Monitor performance, debug issues, prevent abuse, and protect the security and integrity of the Service.
• Understand product usage and improve features, including roadmap prioritization.
• Comply with law, respond to lawful requests, and enforce our Terms of Service.

Where required by applicable law, we rely on one or more of the following legal bases: performance of our contract with you, our legitimate interests in operating and improving the Service, your consent, and compliance with legal obligations.

6. How we share information

We do not sell your personal information. We share information only in the circumstances below:

6.1 Other users and the public

Content you publish is shared according to your visibility settings. Public profiles and public content may be visible to anyone, including on public profile pages on our website. Buddies-only content is visible to accepted buddies. Private content is visible only to you.

6.2 Service providers

We use trusted providers to help us run the Service. They process information on our instructions and only as needed to provide their services to us. These providers include:

• Supabase for authentication, database hosting, and related backend infrastructure.
• Cloudflare for website hosting, request processing, and media storage.
• PostHog for product analytics.
• Apple, Google, and Facebook when you choose to sign in with those providers.
• Google Fonts on our website for typography delivery.
• Push notification and device platform services operated by Apple and Google.

6.3 Legal and safety reasons

We may disclose information if we believe it is reasonably necessary to comply with law, regulation, legal process, or governmental request; to protect the rights, property, or safety of apnia, our users, or the public; to detect, prevent, or address fraud, security, or technical issues; or to enforce our terms and policies.

6.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.

7. International data transfers

We and our service providers may process and store information in countries other than the one where you live, including the United States. Those countries may have different data protection laws than your jurisdiction. Where required, we use appropriate safeguards for international transfers.

8. Data retention

We keep information for as long as needed to provide the Service and for legitimate business purposes such as security, dispute resolution, and legal compliance. In general:

• Account, profile, and user-generated content are retained while your account is active.
• Waitlist emails are retained while the waitlist program is active and for a reasonable period afterward.
• Analytics and technical logs are retained for limited periods appropriate to their purpose.
• Contact hashes are retained while you use contact-based discovery or until you delete them or your account.

When you delete your account or request deletion, we delete or anonymize personal information unless we must retain certain data for legal, security, or backup reasons.

9. Security

We use administrative, technical, and organizational measures designed to protect information, including access controls, encrypted transport, and provider security practices. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your choices and rights

Depending on where you live, you may have rights to:

• Access, correct, or delete personal information we hold about you.
• Export a copy of your data.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority.

You can also take the following actions directly in the Service:

• Update your profile, visibility, and notification preferences in the app.
• Decline or revoke device permissions for contacts, photos, or notifications in your device settings.
• Sign out or delete content you have posted, subject to technical and backup limitations.

To exercise privacy rights or request account deletion or data export, contact us at hi@apnia.co. We may need to verify your request before responding.

11. California privacy notice

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete personal information, and the right to correct inaccurate personal information.

We do not sell or share personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes other than providing the Service and as permitted by law.

To submit a California privacy request, email hi@apnia.co with the subject line "California Privacy Request".

12. EEA, UK, and Swiss users

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the rights described in Section 10. Our legal bases for processing include contract performance, legitimate interests, consent, and legal obligation, depending on the activity.

You may contact us at hi@apnia.co with privacy questions or complaints. You also have the right to contact your local supervisory authority.

13. Children's privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are under the age required to consent to online services in your country, you may use the Service only with verifiable parental or guardian consent. If you believe a child has provided us personal information without appropriate consent, contact us and we will take appropriate steps to delete it.

14. Third-party links and sign-in

The Service may link to third-party websites or services, and you may sign in through Apple, Google, or Facebook. Those third parties process information under their own privacy policies. We encourage you to review their policies before using their services.

15. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page and update the "Last updated" date. Your continued use of the Service after changes become effective means you accept the revised policy.

16. Contact us

Questions about this Privacy Policy or our data practices can be sent to hi@apnia.co.