Privacy Policy

Last updated: 2 May 2026

Loocation (“we”, “us”) builds an iOS app that helps people find, rate, and share information about public toilets. This policy explains what we collect, why, and how we handle it. Plain English first; the legal mechanics second.

1. What we collect

• Account info — name, username, avatar, country. Provided when you sign up via Apple, Google, or Facebook.
• Phone number — used only for friend discovery, never shown to other users by default. Stored hashed for matching where possible.
• Email address — for account recovery and product updates.
• Location — your device GPS, used to surface nearby toilets and to drop pins. Foreground use by default; background access is requested only if you opt in to “notify when I return to a rated toilet”.
• Reviews, photos, visits — anything you intentionally post.
• Contacts — only when you tap “find friends from contacts”. Phone numbers are hashed locally and matched server-side; we do not retain the contact list.
• Business verification documents — if you register a business throne, we accept your registration certificate and a photo of an owner ID. These are stored encrypted in a private bucket and seen only by our review team.
• Diagnostics — crash logs and minimal usage telemetry to keep the app working.

2. What we don't collect

• We do not sell or rent your data to anyone.
• We do not run third-party advertising trackers.
• We do not store payment cards (Loocation is currently free).

3. How we use it

• To show toilets near you and let you drop, rate, and discuss them.
• To match you with friends who have your phone number in their contacts (and vice versa, if you opt in).
• To verify business submissions (review team only — not other users).
• To send transactional notifications: friend reviews, business approvals, account events.

4. Service providers

We use a small set of well-known third parties to operate the service. Each receives only the data needed for that role:

• Supabase — auth, database, storage. EU/Global infrastructure.
• Apple, Google, Facebook — sign-in via OAuth.
• Twilio — phone verification SMS.
• Resend — transactional email.
• Apple Push Notification service — notifications.

5. Your rights

• Delete your account at any time from Settings → Delete account. This removes your profile, reviews, photos, visits, friend links, and any business listings you own. Cascade is immediate.
• Export your data — email support@loocationapp.com and we'll send your account JSON within 30 days.
• Correct or restrict any specific item — same email.
• Withdraw consent for optional features (background location, contacts, push) any time from iOS Settings → Loocation.

6. Children

Loocation is not directed at children under 13. We do not knowingly collect data from anyone under 13; if you believe a child has signed up, email us and we'll delete the account.

7. Security

Data is encrypted in transit (TLS) and at rest. Verification documents live in a private bucket gated by row-level security. Admin endpoints require credential auth. We follow the principle of least privilege internally — only the review team can read business verification files, and only via authenticated, logged sessions.

8. Changes to this policy

We'll post the updated text at this URL and update the "Last updated" date above. Material changes get a notice in the app.

9. Contact

Privacy questions, data requests, security reports — support@loocationapp.com.