Back to Home

Privacy Policy

Last Updated: March 20, 2026

1. Introduction

Welcome to STAGR ("App"), developed and operated by STAGR (Package Name: com.sinfynx.stagr). We are committed to protecting your privacy and ensuring your personal information is handled in a safe and responsible manner. This Privacy Policy outlines what data we collect, why we collect it, how we protect it, and your rights as a user.

2. Data We Collect

We collect the following categories of data to operate STAGR:

  • Email Address & Name: Collected during account creation via Google Sign-In (OAuth2) or manual email/password signup. Used for authentication and display on your public profile.
  • Profile Photo: Sourced from your Google profile or manually uploaded. Used for avatar display and stored on our media CDN (EnderChest).
  • Photos & Videos: User-uploaded media content for your STAGR Moments. Stored on EnderChest CDN and visible to other users.
  • Location (Foreground GPS Only): Accessed via expo-location strictly in the foreground to geo-tag your Moments and power our proximity-based feed. We do NOT track your location in the background.
  • User-Generated Content: Moment titles, descriptions, comments, ratings, vibes, categories, budget ranges, and other metadata you provide when posting.
  • Push Notification Tokens: Generated via Expo Push Notifications to deliver real-time alerts (follows, comments, ratings, saves). Tokens are stored with your user ID and device type.
  • Device Information: Operating system type (via expo-device) used solely for push notification registration.
  • Usage Analytics: In-app activity such as your favorite categories, most viewed cities, pages viewed, and in-app searches - used exclusively to personalize your smart feed ranking.

3. Data We Do NOT Collect

  • ❌ Contacts or Address Book
  • ❌ Call Logs or SMS Messages
  • ❌ Background Location
  • ❌ Financial or Payment Information
  • ❌ Health Data
  • ❌ Microphone Audio (video capture uses the camera module; no standalone mic access)
  • ❌ Advertising IDs or Cross-App Tracking

4. How We Use Your Data

We use the collected information to:

  • Provide core app functionality - Moments, Plans, Bucket List, and the Feed.
  • Power our custom Ranking Engine to personalize your feed based on proximity, social trust, recency, engagement, and your personal taste profile.
  • Authenticate you securely and maintain your session.
  • Send push notifications about new followers, comments, ratings, and saves.
  • Enable social features: follow system, comments, ratings, sharing.
  • Allow collaborative trip planning through Plans.

We do NOT sell your data to any third party.

5. Third-Party Services

To operate STAGR, we rely on the following trusted third-party services:

  • Supabase (Privacy Policy) - Our backend-as-a-service provider for Authentication, PostgreSQL Database, and Realtime subscriptions. All user accounts and app data are stored here with Row-Level Security (RLS) enforced.
  • Google Sign-In (Privacy Policy) - Used for OAuth2 authentication. We request only userinfo.profile (name, profile photo) and userinfo.email scopes. No additional Google API access is requested.
  • Expo Push Notifications (Privacy Policy) - Used exclusively to deliver push notifications. Device push tokens are shared with Expo's push notification infrastructure.
  • EnderChest - A custom media storage and CDN service self-hosted by STAGR. All uploaded photos and videos are stored and delivered through EnderChest.

6. Data Security

We implement the following measures to protect your data:

  • Encryption in Transit: All API calls use HTTPS. Supabase enforces TLS on all connections.
  • Secure Token Storage: Authentication tokens are stored via expo-secure-store (iOS Keychain / Android encrypted SharedPreferences).
  • Row-Level Security: Supabase RLS policies enforce data access at the database level, ensuring users can only access their own data.
  • Input Sanitization: Hazardous characters are blocked in user inputs to prevent injection attacks.
  • No Hardcoded Secrets: All API keys and secrets are stored via environment variables.

7. Your Rights & Data Control

You have full control over your data within STAGR:

  • Delete Moments: Remove your Moments at any time. Media is permanently deleted from EnderChest CDN.
  • Edit Profile: Update or remove personal information (name, username, bio, avatar) at any time.
  • Account Deletion: For STAGR account deletion, contact us at contact@stagr.in so that we can securely delete all associated data. This initiates a cascade delete of all your user data, Moments, media, comments, ratings, and associated records.
  • Manage Notifications: Control push notification preferences through your device settings.

8. Children's Privacy

STAGR is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the "Last Updated" date at the top of this page. Continued use of STAGR after changes constitutes acceptance of the revised policy.

10. Contact Information

If you have any questions or concerns regarding this Privacy Policy or your data, please contact our support team at:

contact@stagr.in

STAGR • STAGR v1.5.0 • Website: stagr.in