Privacy Policy
Effective Date: March 5, 2026 · Last Updated: May 11, 2026
AhaDaily ("we," "our," or "us") is operated by Vic Yu. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the AhaDaily mobile application ("App") and our website at ahadaily.app ("Website").
By using AhaDaily, you agree to the practices described in this policy. If you do not agree, please do not use our services.
1. Information We Collect
1.1 Account Information
When you sign in with Apple or Google, we receive:
- Email address — used as your account identifier
- Display name — shown in your profile (you can change this)
- Profile photo URL — from your OAuth provider (optional)
We do not receive or store your Apple/Google password.
1.2 Photos You Upload
When you take or select a photo in AhaDaily:
- EXIF metadata (location, device info) is stripped before upload
- Photos are compressed before upload to reduce data transfer and storage
- Photos are stored in an encrypted storage bucket and served via time-limited signed URLs
1.3 Approximate Location (Optional)
When you publish a discovery to the public feed, you may choose to share your location:
- GPS coordinates are collected only at publish time with your explicit permission
- Coordinates are converted to an approximate city-level label (e.g. "Taipei" or "Tokyo") and then discarded — we do not store precise GPS coordinates long-term
- Publishing without location is always an option — location sharing is not required
1.4 Quiz and Activity Data
- Quiz answers and scores
- In-app progress and activity stats
- Aha Points balance (in-app currency)
- Quiz quality ratings (feedback you provide)
1.5 Social and Community Data
- Posts you publish to the public feed (visible to all users)
- Users you follow and users who follow you
- Reports you submit about inappropriate content
- Users you block
1.6 Push Notifications
- If you enable notifications, we store your device push token (provided by Expo/Apple/Google) to send you activity alerts
- You can disable notifications at any time in Settings
- Your push token is deleted when you sign out or delete your account
1.7 Device Information
- Device language/locale (to display content in your language)
- App interaction events (features used, screens viewed) — collected via Mixpanel analytics
We do not collect contacts, health data, browsing history, or advertising identifiers.
1.8 In-App Purchases and Aha Points
AhaDaily offers consumable in-app purchases called Aha Points, used as in-app currency to generate AI quizzes. When you make a purchase:
- Payment is processed by Apple (App Store) — we never see or store your credit card, debit card, or billing address
- We use RevenueCat to validate purchase receipts with Apple's servers
- We store the product identifier, Aha Points amount, and transaction timestamp in our database to credit your account
- We do not store receipt tokens long-term — they are used only for one-time verification
- Aha Points are consumable, non-transferable, non-refundable (except where required by law), and cannot be exchanged for real-world goods, services, or currency
2. How We Use Your Information
- Generate AI quizzes — Your photos are sent to Google Gemini to create fun fact quizzes
- Track your progress — In-app activity and scores
- Improve quiz quality — Your ratings help us refine AI-generated content
- Power social features — Show your published posts on the feed, enable following, and deliver activity notifications
- Show approximate location — Display city-level labels on published posts (when you opt in)
- Send push notifications — Notify you about new followers, answers on your posts, and daily challenges
- Analyze usage patterns — Understand which features are used to improve the App (via Mixpanel)
- Process in-app purchases — Validate receipts via RevenueCat and credit Aha Points to your account
- Manage your account — Authentication, profile settings
- Communicate with you — Service updates, support responses
3. Third-Party AI Service — Google Gemini
Important: AhaDaily uses Google Gemini API (provided by Google LLC) to generate quiz content from your photos. This is a third-party AI service.
When you take a photo and generate a quiz:
- Your photo is sent to Google Gemini as a base64-encoded image
- Gemini analyzes the image and returns quiz questions, fun facts, and related information
- Google processes this data according to Google's Gemini API Terms of Service
- We do not send your name, email, or other personal identifiers to Gemini — only the photo content
4. Other Third-Party Services
| Service | Provider | Purpose |
|---|---|---|
| Supabase | Supabase Inc. | Database, file storage, user authentication |
| Apple Sign In | Apple Inc. | OAuth authentication |
| Google Sign In | Google LLC | OAuth authentication |
| RevenueCat | RevenueCat Inc. | In-app purchase receipt validation and subscription management |
| Mixpanel | Mixpanel Inc. | Product analytics (pseudonymous user ID) |
| Expo Push | Expo (650 Industries) | Push notification delivery |
| Cloudflare | Cloudflare Inc. | Website hosting and CDN |
We do not sell, rent, or share your personal information with advertisers or data brokers.
5. Data Retention and Deletion
We retain your data for as long as your account is active. When you delete your account:
- All personal data is permanently deleted
- All photos are removed from storage
- All quiz history, progress, and Aha Points are erased
- Your authentication record is removed
This deletion is complete and irreversible (cascade delete). You can delete your account at any time within the App (Settings → Account → Delete Account) or by contacting us.
6. Data Security
- All data is transmitted over HTTPS (TLS encryption)
- Database access is protected by Row Level Security (RLS) — users can only access their own data
- Photos are accessible only via time-limited signed URLs
- OAuth tokens are securely managed by Apple/Google
7. Children's Privacy
AhaDaily is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will promptly delete it. If you believe a child under 13 is using AhaDaily, please contact us at support@ahadaily.app.
8. Your Rights
8.1 All Users
You have the right to:
- Access your personal data
- Correct inaccurate data (edit your profile name and photo)
- Delete your account and all associated data
- Withdraw consent at any time by deleting your account
8.2 European Economic Area (GDPR)
If you are located in the EEA, you additionally have the right to:
- Data portability — request a copy of your data in a portable format
- Restrict processing — limit how we use your data
- Object to processing — object to certain uses of your data
- Lodge a complaint with your local data protection authority
Our legal basis for processing your data is your consent (provided when you create an account and use the App) and legitimate interest (improving our services).
8.3 California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose
- Delete your personal information
- Non-discrimination — we will not treat you differently for exercising your rights
We do not sell your personal information. We do not share personal information for cross-context behavioral advertising.
9. Cookies
The AhaDaily App does not use cookies. Our Website (ahadaily.app) uses only essential cookies required for basic functionality. We do not use tracking cookies, analytics cookies, or advertising cookies.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the App and update the "Last Updated" date above. Your continued use of AhaDaily after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Email: support@ahadaily.app
Operator: Vic Yu