Privacy Policy

Last updated: [DATE — update before publishing]

This is a starter template. Before launch, have it reviewed by someone qualified (ideally a lawyer familiar with GDPR and CCPA) and update the bracketed placeholders.

1. Who we are

Pizza Challenge (“we”, “our”, “us”) is operated by [LEGAL ENTITY NAME], [ADDRESS]. You can reach us at support@pizzachallenge.app.

2. What we collect

We collect only what the app needs to work. Specifically:

• Account data — email address, display name, and (if you sign in with Google or Apple) the profile photo your provider shares with us.
• Content you create — pizza photos, captions, comments, votes, and reports you submit.
• Device and usage data — device model, OS version, app version, language, anonymised crash reports (via Firebase Crashlytics), and product analytics events (e.g. "signed up", "post created", "voted") collected via Firebase Analytics.
• Push-notification tokens — an anonymous device identifier used only to deliver push notifications you have opted into.

We do not collect location, contacts, microphone, tracking identifiers (IDFA), or financial information.

3. Why we collect it

• To provide the service (running the weekly competition, showing you feeds and leaderboards).
• To keep the service safe (moderating content, responding to reports, preventing abuse).
• To improve the app (understanding which features people use, where it crashes).
• To communicate with you (notifications you opt into, occasional service emails).

Legal basis under GDPR: performance of a contract (service delivery), legitimate interest (safety and improvement), and consent (push notifications).

4. Who else sees your data

We use the following processors, all bound by their own agreements:

• Google (Firebase) — authentication, database, storage, push, analytics, crash reporting. Data is stored in Google Cloud (United States region us-central1).
• Apple — if you use Sign in with Apple, Apple handles that authentication.

We don't sell your data. We don't share it with advertisers.

5. What's public, what isn't

By design, the following are visible to any signed-in user of the app: your display name, profile photo, pizza submissions, comments, badges, and points. The following are never shown publicly: your email address, phone-based identifiers, device data, and push token.

6. How long we keep it

We keep your account data for as long as your account exists. Once you delete your account, we remove your identity from our systems within 30 days. Past submissions and comments are anonymised (attributed to "deleted user") so other users' feeds don't break, but no longer linked to you.

7. Your rights

You can:

• Access, correct, or export your data — contact us at support@pizzachallenge.app.
• Delete your account directly in the app: Settings → Account → Delete Account.
• Opt out of push notifications at any time in your device settings or the app's notification settings.
• Lodge a complaint with your local data-protection authority (for EU residents).

California residents have equivalent rights under CCPA including the right to know and the right to delete.

8. Children

Pizza Challenge is intended for users aged 13 and up (16 in some EU member states). We don't knowingly collect data from younger users. If you believe a minor has created an account, email us and we'll remove it.

9. Security

Data is encrypted in transit (TLS) and at rest via our cloud provider. We restrict access to the small number of people who need it to operate the service.

10. Changes

If we materially change this policy we'll update the "last updated" date and, where appropriate, notify you in the app. Continued use of the service after an update means you accept the new version.

11. Contact

Questions? support@pizzachallenge.app.