Privacy Policy — Spectre

Contents

Information We Collect
How We Use Your Information
Information Sharing
Location Data
Photos and Content
Data Retention
Your Rights
Children's Privacy
Third-Party Services
Security
Changes to This Policy
Contact Us

Welcome to Spectre ("we," "us," or "our"). Spectre is a community sales discovery app operated under sciphr.ca. This Privacy Policy explains how we collect, use, store and share your information when you use our mobile application and website at spectre.sciphr.ca. By using Spectre, you agree to the practices described in this policy.

Short version: We collect only what we need to make the app work. We don't sell your personal data. Location is used only to show you nearby sales.

01 Information We Collect

Information you provide directly

Account information: email address, display name, and password (or Google OAuth token) when you register.
Sale listings: title, description, address, date/time, categories, phone number (optional), and photos you upload for a listing.
Area preferences: a city or address you choose during onboarding to set your search radius.
Saved sales: the listing IDs you bookmark or favourite inside the app.
Reports: the reason and listing ID when you report a sale as inaccurate or fake.

Information collected automatically

Device location: precise GPS coordinates when you grant location permission, used only to show sales near you and calculate distances. See Section 4 for full details.
App usage data: basic analytics about which screens you visit, search queries you run, and errors the app encounters — collected via Supabase and standard mobile analytics.
Device identifiers: operating system, device model, and app version, used for debugging and crash reporting.
Push notification tokens: if you enable notifications, your device's notification token is stored to deliver sale alerts.

02 How We Use Your Information

We use the information we collect to:

Create and manage your account and authenticate you securely.
Display community sales listings on the map and in the discovery feed.
Calculate distances from your location to nearby sales.
Send push notifications for saved sales you have opted into.
Process boost (promoted listing) purchases through in-app payment.
Review reported listings and take enforcement action.
Improve app performance, fix bugs, and develop new features.
Comply with legal obligations.

We do not use your data to serve third-party advertising, and we do not build advertising profiles.

03 Information Sharing

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Public listing data: the content of a sale you post (title, address, description, categories, photos, dates) is publicly visible to all app users — this is the core function of the service.
Service providers: we use Supabase (database and authentication), Google (OAuth sign-in and Places API), and Apple/Google (push notifications and in-app purchase). These providers receive only the data necessary to perform their services.
Legal requirements: we may disclose information if required by law, court order, or to protect the rights and safety of our users and the public.
Business transfer: in the event of a merger or acquisition, your information may be transferred as part of that transaction, subject to the same protections described here.

04 Location Data

Location is central to what Spectre does. Here is exactly how we handle it:

We request your device's precise location only when you use the app and have granted permission.
Location is used in real time to find sales near you and display distances on cards. It is not continuously tracked in the background.
You can set a manual area (city or address) instead of sharing GPS location — the app works fully without GPS permission.
Your current GPS coordinates are not stored in our database; only the area preference you explicitly save is stored.
Addresses you enter for your own listings are stored and publicly shown as part of the listing.

Note: You can revoke location permission at any time from your device's Settings app. The app will fall back to your saved area preference.

05 Photos and Content

Photos you upload to a listing are stored in Supabase Storage and are publicly accessible via URL — this is how they are displayed to other users.
Do not upload photos that contain sensitive personal information, faces, or identifying details you would not want publicly visible.
You can delete a listing and its associated photos at any time from your Profile tab. Deleted content is removed from public access promptly, though cached copies may persist briefly in CDN infrastructure.
We do not use your photos to train machine learning models.

06 Data Retention

Active accounts and their listings are retained while your account exists.
Listings you delete are removed from the database within 30 days.
If you delete your account, your profile and associated personal data are removed. Anonymized aggregate analytics data (no personally identifying fields) may be retained.
Backup copies may persist for up to 90 days before being purged from backup systems.

07 Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you.
Correction: request that we correct inaccurate data.
Deletion: request that we delete your account and personal data.
Portability: request your data in a machine-readable format.
Objection / restriction: object to certain processing activities or ask us to restrict them.

To exercise any of these rights, please contact us at the address in Section 12. We will respond within 30 days.

Canadian users: we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

08 Children's Privacy

Spectre is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

09 Third-Party Services

Spectre uses the following third-party services. Each is governed by its own privacy policy:

Supabase — database, authentication, and file storage. supabase.com/privacy
Google Places API — address autocomplete during onboarding. policies.google.com/privacy
Google Sign-In — optional OAuth authentication. Subject to Google's privacy policy above.
Apple App Store / Google Play — app distribution and in-app purchases, subject to Apple's and Google's respective privacy policies.

We are not responsible for the privacy practices of these third-party services.

10 Security

We implement reasonable technical and organizational measures to protect your data, including:

All data in transit is encrypted using TLS/HTTPS.
Passwords are never stored in plaintext — authentication is handled by Supabase Auth with industry-standard hashing.
Row-level security policies in Supabase restrict data access so users can only modify their own records.
OAuth tokens are never stored beyond the session.

No system is 100% secure. In the event of a data breach that affects your personal information, we will notify affected users as required by applicable law.

11 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via the app or by email. Your continued use of Spectre after the effective date of the revised policy constitutes your acceptance of the changes.

12 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Privacy Inquiries

Spectre · sciphr.ca

Email: jacobtberry@proton.me

Website: spectre.sciphr.ca

For account deletion requests, you may also delete your account directly within the app via Profile → Settings → Delete Account.