Privacy Policy

Effective 9 May 2026 · Last updated 9 May 2026

This Privacy Policy explains how Greenbook ("we", "us") collects, uses, stores, and shares personal information from people who use the Greenbook iOS app and the Greenbook website (collectively, the "Service"). By using the Service you agree to this Policy.

1. Information we collect

1.1 Information you provide

• Account. Email address and a password you choose. You may also provide a display name, profile bio, location, website, and avatar image.
• Content. Travel guides you create — title, body text, tags, city, location, and photos you upload — and comments you write on other users' guides.
• Interactions. Likes, saves, follows, and reports.

1.2 Information collected automatically

• App health metrics. Anonymous lifecycle signals (app launched, signed in, signed up, signed out) to monitor that the app is reachable and working. These signals do not contain your identity, content, or any device identifiers we control.
• Crash and diagnostic data. If a crash occurs, the system records a stack trace. We do not log your messages, photo contents, or other private data in crash reports.
• Network reachability. The app uses iOS network monitoring APIs to show an offline banner when the device cannot reach our servers. This processing is on-device and not transmitted.

1.3 Information we do not collect

• Precise location (we don't request location permission).
• Contacts, calendar, microphone, or HealthKit data.
• Cross-app or cross-website tracking identifiers (no IDFA, no pixels). The app's PrivacyInfo.xcprivacy declares NSPrivacyTracking = false.
• Children under 13 — see Section 7.

2. How we use information

• Provide the core product: render your feed, save and display the guides and comments you post, sync your follows / likes / saves.
• Authenticate you and protect your account (password storage handled by our auth provider; see Section 4).
• Respond to abuse reports and enforce our Terms of Service.
• Monitor app health, error rates, and version adoption.
• Communicate operationally — for example, password reset emails or account deletion confirmations.

We do not sell your information. We do not use your content to train machine learning models. We do not run advertising in the app.

3. How we share information

• Other users. Your display name, avatar, bio, location, website, and any guides or comments you post are visible to other users of the Service. This is the public-facing nature of the product.
• Service providers. We share information with the providers listed in Section 4, strictly as necessary to operate the Service.
• Law enforcement. If we receive a valid legal demand we will respond as required by applicable law. We will challenge overbroad demands when reasonable.
• Business transfers. If the Service is acquired or merged we will notify you and continue to honor this Policy or its successor.

4. Service providers

• Supabase, Inc. Hosts our Postgres database (account, profile, guides, comments, interactions, reports), Storage (uploaded images), and Auth service (email + password sign-in, password reset, session management). Supabase processes data on our behalf under their Privacy Policy.
• TelemetryDeck. Receives anonymous app lifecycle signals as described in Section 1.2. TelemetryDeck operates per their Privacy Policy and does not receive identifiers tied to you.
• Apple, Inc. Distributes the iOS app via TestFlight and the App Store. Apple may collect crash diagnostics under your device-level privacy settings.
• Vercel Inc. Hosts greenbook.asia (this website). Vercel processes routine web server logs (IP, user agent, timestamp, URL) under their Privacy Policy.

Future versions of the Service may add Sign in with Apple and Sign in with Google as authentication options. Until those are released we do not share data with Apple's or Google's identity providers beyond what App Store distribution requires.

5. Data retention

We retain your account and content for as long as you keep an account with us. When you delete your account (Section 6), all your guides, comments, likes, saves, follows, photos, and reports are removed within minutes via a cascading delete in our database and a sweep of your storage prefix.

Reports you have filed against other users' content are removed with your account. Reports filed against content you authored remain in our moderation log with the content reference set to NULL — this is to preserve a moderation history independent of authorship.

Operational logs (Vercel access logs, Supabase audit logs) follow each provider's default retention.

6. Your rights

• Access and correction. Sign in to view or edit your profile, content, and interactions at any time.
• Deletion. Open the iOS app → Settings → Delete account. The deletion is hard, permanent, and non-recoverable. You can also email legal@greenbook.asia if you have lost device access.
• Data export. Email legal@greenbook.asia from the email address on the account. We will respond within 30 days.
• Object / restrict / portability. If you are in a jurisdiction whose law gives you these rights (e.g., EU/UK GDPR, California CCPA), you can exercise them by emailing the address above. We do not discriminate against you for exercising any of these rights.

7. Children

The Service is not directed at children under 13 years of age and we do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it. If you believe a child has signed up, contact legal@greenbook.asia.

8. Security

We use industry-standard practices: TLS in transit, hashed passwords (bcrypt) at rest via Supabase Auth, Row-Level Security on every database table, and a non-interactive Edge Function (with a service role key Apple and we do not share) for account deletion. No system is perfectly secure; we publicly disclose security incidents to affected users and regulators as required by law.

9. International transfers

Greenbook's primary servers are operated by Supabase in regions chosen at project creation. Data is transferred to and processed in those regions. Where applicable, transfers rely on the contractual safeguards each provider offers (Standard Contractual Clauses, etc.).

10. Changes to this Policy

We will update the "Last updated" date at the top of this page when we change the Policy. For material changes we will additionally notify users in-app or by email.

11. Contact

Questions, concerns, or rights requests: legal@greenbook.asia.

This document is provided for transparency. It is a draft generated by the Greenbook team and is not legal advice. The operator is responsible for ensuring it complies with the laws of their jurisdiction before relying on it.