Privacy Policy

Last updated: March 14, 2026

At Rawly, we believe privacy is a fundamental right, not a feature. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile application and website (collectively, the "Service").

1. Information We Collect

Account Information: When you register, we collect your username, email address, and phone number. Your password is securely hashed and never stored in plain text.

Profile Data: Your optional profile photo, bio, and display name.

Content: Photos you capture and post through the app, voice comments, and text descriptions. All photos are captured in-app and cannot be uploaded from your device gallery.

Usage Data: We collect anonymized analytics including app interactions, feature usage, and crash reports to improve the Service.

Device Information: Device type, operating system version, and app version for compatibility and security purposes.

Location Data: Only when you explicitly grant permission, we collect location for bounty missions and location-tagged posts. You can revoke this permission at any time.

2. How We Use Your Information

• To create and manage your account
• To display your content on the feed and in challenges
• To facilitate the Jeton economy (earning, spending, gifting)
• To match you with bounty missions based on location
• To send push notifications you've opted into
• To detect and prevent abuse, spam, and fraudulent activity
• To improve and develop new features

3. End-to-End Encrypted Messaging

Direct messages on Rawly are encrypted end-to-end using the Signal protocol. This means:

• Only the sender and recipient can read message content
• Rawly cannot access, read, or decrypt your messages
• Messages are stored as encrypted ciphertext on our servers
• Encryption keys are generated and stored only on your device

4. Data Sharing

We do not sell your personal information. We may share limited data with:

• Service Providers: Cloud hosting, push notification services, and crash analytics — only the minimum necessary data
• Legal Requirements: When required by law, court order, or to protect the safety of our users
• With Your Consent: Any other sharing requires your explicit approval

5. Data Retention

We retain your account data as long as your account is active. You can request deletion of your account and all associated data at any time from the app settings. Upon deletion, your data is permanently removed within 30 days.

6. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS), secure password hashing, device attestation (iOS App Attest), rate limiting, and regular security audits. However, no system is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your account and all associated data
• Export your data in a portable format
• Opt out of non-essential communications
• Revoke location and notification permissions

8. Children's Privacy

Rawly is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we discover that a child under 16 has provided personal information, we will promptly delete their account.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:
Email: privacy@rawly.app