Privacy Policy

Effective April 12, 2026  ·  Version 1.0

Expirify is committed to protecting your privacy. This policy explains what information we collect, how we use it, and the choices you have. We keep things simple: we collect only what we need to run the service, and we never sell your data.

1. Information We Collect

When you create an account, we collect your name and email address. If you sign in with Google or Apple, we receive the same information from those providers.

Within the app, we store the document records you create: names, categories, expiry dates, and any optional notes you add. We do not collect document numbers, passport numbers, government ID numbers, financial account numbers, or any scans or photos of documents.

To deliver push notifications, we use OneSignal as our push notification service. When you enable notifications, your device is linked to your account through an anonymous identifier managed by OneSignal. This is a technical identifier, not personal information. We also store the notification preferences and settings you configure in the app, and any messages you send through the in-app feedback form.

We collect anonymized usage events to understand how the app is used — for example, which features are used and where users encounter friction. This includes actions like completing setup, creating documents, or submitting feedback. We do not log the content of your documents or any personal identifiers beyond your user ID. Session recordings (screen captures) are taken with all text input masked, so we cannot see what you type.

2. How We Use Your Information

We use your information to provide and operate Expirify: storing your document records, sending push and email reminders based on your preferences, and responding to your feedback. We may also use aggregated and anonymized usage data to improve the app over time. We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Third-Party Services

We rely on a small number of trusted services to run Expirify. Each has its own privacy practices:

4. Data Storage and Security

Your data is stored on Supabase's infrastructure, hosted on AWS in the United States. All data is encrypted in transit (TLS) and at rest. At the database level, Row Level Security is enforced so each user can only ever access their own records. No user can read or modify another's data.

We take reasonable technical and organizational measures to protect your information, though no method of transmission over the internet is completely secure and we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, everything associated with it (documents, profiles, notification history, and device tokens) is permanently removed from our systems within 30 days.

6. Your Rights

Depending on your jurisdiction, you may have the right to access the personal data we hold about you, correct inaccurate data, or request that your data be deleted. You can disable push and email notifications at any time through Settings within the app. To make any other data request, reach out to us at support@expirify.app.

7. Children's Privacy

Expirify is not directed at children under the age of 13 and we do not knowingly collect information from minors. If you believe a child has created an account, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy as the service evolves. When we make significant changes, we will update the effective date at the top of this page. Continued use of Expirify after changes are posted constitutes your acceptance of the updated policy.

9. Contact

Questions about this policy or your data? We are happy to help.

© 2026 Expirify.  ·  Terms of Service