Wishary Privacy Policy

1. Who we are

Wishary is developed and operated by:

The Wishary team (the operator of the Service and the data controller). Contact: hello@wishary.app.

Wishary was built and launched in 2026 by the Wishary team. When this policy says “we”, it means the Wishary team acting as the data controller for your personal data.

2. What Wishary is

Wishary turns everyday chores and wishes into a game inside private rooms: Solo (just you), Duo (couples), Group (friends), and Family (with parent and child roles). You complete tasks, earn coins, and spend them on wish coupons. To make that work, we need to store the data described below.

3. What data we collect

3.1 Account data

When you sign up, we collect:

• Email address — used to identify your account and to contact you about it.

• Name and avatar — either the ones you set yourself, or (if you sign in with Google) the name and profile picture provided by your Google account.

If you sign in with Google, Google shares your email, name, and profile picture with us. We never see your Google password. Google's handling of your data is governed by the Google Privacy Policy (https://policies.google.com/privacy).

3.2 Content you create

Everything you create in the app is stored on our backend so it can sync between your devices and be shared with the other members of your rooms:

• rooms (name, mode, avatar, membership, invite codes);

• tasks and wish coupons (titles, descriptions, rewards, prices, statuses, card colors);

• chat messages and the room event feed;

• photos you attach to tasks or coupons (including photo proofs of completion);

• in-app economy records: coin transactions, balances, statistics, and leaderboard data.

Room content is private. Tasks, coupons, messages, photos, and activity in a room are visible only to the members of that room. There are no public rooms and no public profiles.

3.3 Technical data

• Push notification tokens and basic device information — if you allow notifications, we store a device token (issued by Firebase Cloud Messaging) and the minimal device information needed to deliver pushes to the right device.

• Local data on your device — the app keeps a local copy of your rooms and content on your device so it works offline. This copy stays on your device and is removed when you delete the app or its data.

The mobile and web app currently contain no analytics and no crash-reporting tools. If we add them in the future, we will update this policy first and describe exactly what is collected.

3.4 Payment data (Premium subscriptions)

Wishary offers a free tier and an optional paid Premium subscription (an auto-renewing subscription). Here is how payments work:

• Payments are processed by the platform you buy through — Google Play or the Apple App Store — under their own terms and privacy policies. We never see or store your card number or other payment credentials.

• We use the RevenueCat SDK to manage subscription status. RevenueCat receives purchase receipts and an anonymized app user identifier so we know whether your account has an active subscription. See the RevenueCat Privacy Policy (https://www.revenuecat.com/privacy).

• What we store on our side is simply your subscription status (e.g., “Premium active until date X”), which controls features like the number of rooms and custom photos.

You can cancel your subscription at any time in your app store's subscription settings; refunds are handled under the policy of the store you purchased through.

3.5 Website (landing) data

The wishary.app landing site:

• uses Google Analytics 4 in cookieless consent mode — no marketing cookies are set, and measurement is aggregated;

• keeps self-hosted visit telemetry — anonymous page-visit counts that are not linked to your identity;

• lets you leave reviews and suggestions after signing in with Google; in that case we store the text you submit together with your Google name, avatar, and email, in the same backend as the app (Supabase).

4. Why we process your data (purposes and legal bases)

Where GDPR or similar laws apply, we rely on these legal bases:

• Providing the service: accounts, rooms, tasks, coupons, chat, sync between devices. Data used: account data, your content, technical data. Legal basis: performance of a contract (our Terms of Service).

• Sending push notifications about activity in your rooms. Data used: push tokens, device info. Legal basis: performance of a contract; you can disable notifications at any time in system or app settings.

• Managing Premium subscriptions. Data used: subscription status, purchase receipts via RevenueCat. Legal basis: performance of a contract.

• Keeping the service secure, preventing abuse, fixing bugs. Data used: technical data, server logs. Legal basis: legitimate interest in running a safe and working service.

• Anonymous visit statistics on the website. Data used: aggregated, cookieless telemetry. Legal basis: legitimate interest (no personal identification).

• Reviews and suggestions on the website. Data used: text you submit, Google account name/email/avatar. Legal basis: consent (you choose to sign in and submit).

• Answering your emails. Data used: your email and message contents. Legal basis: legitimate interest in supporting users.

We do not use your data for advertising and we do not build advertising profiles.

5. Where your data is stored and who processes it

We use a small number of service providers (processors) to run Wishary:

• Supabase — our backend: PostgreSQL database, authentication, realtime sync, and file storage (your photos). Hosted in the EU — Frankfurt, Germany (AWS eu-central-1). Privacy policy: supabase.com/privacy.

• Google Firebase (Cloud Messaging) — delivers push notifications to your device. Privacy policy: firebase.google.com/support/privacy.

• Google Sign-In — optional sign-in with your Google account. Privacy policy: policies.google.com/privacy.

• Google Analytics 4 (website only) — cookieless, consent-mode visit measurement on the landing site. Privacy policy: policies.google.com/privacy.

• RevenueCat — subscription management. Privacy policy: revenuecat.com/privacy.

• Google Play / Apple App Store — app distribution and payment processing. Privacy policies: policies.google.com/privacy and apple.com/legal/privacy.

We do not have our own advertising partners, data brokers, or other third-party recipients.

6. How long we keep your data

• Account data and your content — for as long as your account exists. When you delete your account, your personal data is deleted from our active database (see Section 8).

• Content in shared rooms — content you created in a room you share with others (tasks, coupons, messages) is part of that room's shared history; when your account is deleted, it is removed or de-identified in line with the deletion process.

• Push tokens — kept while your device is registered for notifications; stale tokens are removed.

• Backups — routine database backups may retain deleted data for a limited period before they expire and are overwritten.

• Email correspondence — kept as long as needed to handle your request.

7. Sharing your data

• We do not sell your personal data. Ever.

• We do not share your data with advertisers.

• Your room content is visible only to the members of that room.

• The only third parties that touch your data are the processors listed in Section 5, and only to provide their part of the service.

• We may disclose data if a law that applies to us genuinely requires it.

8. Your rights

You have the right to:

• Access the data we hold about you;

• Rectify it — most account and content data you can edit directly in the app;

• Erase it — delete your account: in the app via the account deletion option in Settings, or by email — write to hello@wishary.app from the email tied to your account, and we will delete it;

• Export your data — email us and we will provide a copy of your data in a common machine-readable format;

• Object to processing based on legitimate interest;

• Withdraw consent where processing is based on consent (e.g., disable notifications, or ask us to remove a review you posted);

• Complain to your local data protection authority if you believe we are mishandling your data — though we would appreciate the chance to fix things first.

To exercise any of these rights, email hello@wishary.app. We will respond within 30 days.

9. Children

Wishary is not directed at children under 13, with one deliberate exception: Family rooms. In Family mode, a parent creates and manages the room and controls the child's participation — children act within a room set up and supervised by their parent or guardian. Child accounts in Family rooms exist under the parent's management, and parents can remove a child's data by removing the account or contacting us.

Outside of parent-managed Family rooms, we do not knowingly collect personal data from children under 13. If you believe a child has created an account without parental involvement, contact us at hello@wishary.app and we will delete it.

10. International transfers

Our primary data storage is in the EU — Supabase's cloud region in Frankfurt, Germany (AWS eu-central-1). Some of our processors (Google, RevenueCat, Apple) are US companies and may process data outside the EU/EEA. Where that happens, transfers rely on recognized safeguards such as the EU–US Data Privacy Framework and/or Standard Contractual Clauses, as described in each provider's privacy policy.

11. Security

Data is transmitted over encrypted connections (TLS). Access to room data is enforced at the database level (row-level security): the server only returns data from rooms you are a member of. Financial-style operations in the in-app economy are validated server-side. No system is perfectly secure, but we treat your data with care and keep the amount we collect to the minimum the product needs.

12. Changes to this policy

We may update this policy as Wishary evolves — for example, if we add new features, change service providers, or add analytics or crash reporting. We will update the “Last updated” date at the top, and for significant changes we will notify you in the app or by email. Continued use of Wishary after changes take effect means you accept the updated policy.

13. Contact

Questions, requests, complaints, ideas:

The Wishary team — hello@wishary.app