Privacy Policy for Ôwn (Payback)

Introduction

Payback ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how our mobile application ("App") handles your data when you use our consumer insights analysis service.

Information We Access

Data You Provide

When you use Payback, you may choose to provide access to:

1. Google Takeout Archives (ZIP files stored in Google Drive)
   • YouTube watch history
   • Google Search history
   • Chrome browsing history
   • Location history (Timeline/Semantic Location)
   • Google Maps activity (searches, saved places)
   • Google Play Store (app installs)
   • Gmail (metadata only, not message content)
   • Other Google service data included in your Takeout export
2. Meta (Facebook/Instagram) Exports (Folder structure uploaded to Google Drive)
   • Instagram: Posts, stories, likes, saved posts, searches, ad interactions, messages, following list
   • Facebook: Posts, comments, friends list, likes, searches, ad interactions, groups, pages
   • Detection: Automatic service detection via folder name patterns and content analysis
   • Format: JSON files (recommended) or HTML
   • Note: Media files (photos/videos) are not analyzed, only metadata

Authentication Data

• Google OAuth Tokens (Drive): Used for Google Drive access to retrieve your Takeout files. Scope: drive.readonly.
• Google OAuth Tokens (Gmail + Calendar): Used during Instant Analysis to extract behavioral signals (purchase patterns, event types, activity trends) entirely on-device. Scopes: gmail.readonly, calendar.readonly. Raw email bodies and full calendar descriptions are never sent off-device.
• All tokens are stored locally on your device in encrypted storage (iOS Keychain/Android Keystore).
• No passwords are collected or stored.

How We Process Your Data

On-Device Processing

All data analysis occurs entirely on your device:

1. File Selection: Quick Analysis intelligently selects 10-15 high-value files from your export
2. File Extraction: Archive files are processed locally; extracted files cached in device storage temporarily
3. Data Parsing: Content is parsed on-device using local algorithms; Meta JSON files use custom Unicode parser
4. Storage: Analysis results stored in encrypted local SQLite database (payback.db)
5. AI Analysis: Performed during Instant Analysis to generate persona from behavioral signals (see below)
6. Cleanup: Temporary files automatically deleted after analysis

Encryption

• At Rest: All data stored in the App's local SQLite database is encrypted using AES-256-GCM encryption (via expo-crypto)
• Master Key: Encryption keys are generated on-device and stored in iOS Keychain (iOS) or Android Keystore (Android) via expo-secure-store
• In Transit: All connections use HTTPS/TLS 1.3 (Google Drive API, Gemini API, backend proxy)
• OAuth Tokens: Google OAuth tokens encrypted and stored in secure device storage
• Database: SQLite with WAL mode, PRAGMA optimizations for performance

AI Analysis (Integrated into Instant Analysis)

When you use the Instant Analysis feature, AI processing is automatically performed:

• What is sent: Gmail and Calendar behavioral signals extracted on-device (purchase patterns, event types, activity trends)
• Signal extraction: Automated analysis of receipts, calendar events, and vendor patterns
• What is NOT sent:
  • Email message bodies or attachments
  • Full calendar event descriptions
  • Binary files (images, videos, audio, media files)
• Service used: Google Gemini 2.5 Pro via our secure backend proxy
• Processing: Single API call generates persona from behavioral signals
• Data retention: Google Gemini does not retain data from our API calls per Gemini API terms
• Purpose: Generate consumer persona summaries and behavioral insights

Third-Party Services

Google Services

1. Google OAuth 2.0 (Required for Drive access)
   • Purpose: Authenticate access to your Google Drive
   • Data shared: Only authentication tokens (no personal data)
   • Google's Privacy Policy: https://policies.google.com/privacy
2. Google Drive API (When you select Drive files)
   • Purpose: Download your Takeout ZIP files
   • Data accessed: Only files you explicitly select
   • Scope: drive.readonly (read-only access)
3. Google Gemini AI (Used during Instant Analysis)
   • Purpose: AI-powered persona generation from Gmail and Calendar signals
   • Model: Gemini 2.5 Pro
   • Data shared: Behavioral signals extracted from Gmail and Calendar (not raw email/event content)
   • Backend proxy: Secure API proxy with OAuth verification and rate limiting
   • Rate limits: Primary and secondary API keys for failover
   • Retention: None (not used for model training per Gemini API terms)
   • Google AI Privacy: https://ai.google.dev/gemini-api/terms

Backend Proxy

We operate a minimal backend proxy server (Node.js/Express) to:

• Purpose: Securely manage Gemini API keys (keeps them out of mobile app)
• Data processed: AI analysis requests during Instant Analysis
• Data retention: None (requests are stateless, no logging of signal content)
• Security: Per-user rate limiting (5 requests/minute), global IP rate limiting (100 requests/15min), Google OAuth token verification, dual API key failover
• Deployment: Railway.app or Render.com
• Logging: Request metadata only (no personal data or file content)

Data Storage and Retention

Local Storage

• Location: Your device only (iOS app sandbox or Android app data directory)
• Encryption: AES-256-GCM encrypted SQLite database
• Retention: Data persists until you delete it

How to Delete Your Data

You have complete control over your data:

1. Delete specific analyses:
   • Navigate to Settings > Data Management
   • Tap "Delete Analysis" for individual reports
2. Delete all data:
   • Navigate to Settings > Data Management
   • Tap "Delete All Data"
   • Confirms deletion of all profiles, analyses, and cached files
3. Revoke Google Drive access:
   • Visit Google Account Permissions
   • Remove "Payback" access
4. Uninstall the App:
   • Deleting the App removes all local data from your device

---

Account & Data Deletion

About This App

Ôwn (published as "Payback" by Mile High Interface LLC) is a privacy-first app that analyses your Google and Meta data exports to generate behavioural insights entirely on your device.

How to Delete Your Account and All Data

Option 1 — Delete directly inside the app (instant)

This is the fastest method and removes all data immediately.

1. Open the Ôwn app.
2. Tap the Settings tab (bottom navigation bar).
3. Scroll to Data Management.
4. Tap Delete All Data.
5. Confirm when prompted.

What this deletes immediately:

• All analysis results, reports, and personas stored in the encrypted local database (payback.db)
• All behavioural signals extracted from your Google Takeout and Meta exports
• All AI-generated insights and cached results
• All checkpoints and temporary files

Option 2 — Submit a deletion request by email

If you cannot access the app or want to request deletion of any server-side data, email us:

Email: hello@milehighinterface.com
Subject: Data Deletion Request – Ôwn
Include: The email address linked to your Google account (used for sign-in)

We will process your request and confirm deletion within 5 business days.

Option 3 — Delete analytics data (only if you opted in)

If you opted in to category analytics:

• In-app: Settings > Analytics > Delete My Data
• API: DELETE /api/v1/analytics/user/:userId (authenticated)
• By email: hello@milehighinterface.com

What Data Is Deleted vs. Retained

Data Type	Where Stored	Deleted When	Notes
Analysis results, personas, behavioural signals	On your device (encrypted SQLite)	Immediately on "Delete All Data" or app uninstall	No server copy
Google OAuth token	On your device (iOS Keychain / Android Keystore)	On app uninstall or manual revoke	Revoke at: myaccount.google.com/permissions
Gemini AI request data	Google servers (transient)	Not retained — requests are stateless	Per Gemini API terms
Category analytics scores (opt-in only)	Railway PostgreSQL (US)	Within 30 days of deletion request	Only collected if you explicitly opted in
Backend proxy request logs	Railway (metadata only)	Purged within 90 days	No personal data or file content logged

We do not retain raw email content, calendar events, search history, location data, or media files on any server at any time.

Retention Periods After Deletion

• On-device data: Deleted immediately when you use the in-app delete function or uninstall the app.
• Analytics data (opt-in): Deleted within 30 days of a confirmed deletion request.
• Automated database backups (Railway): Purged within 90 days in accordance with Railway's backup retention policy.
• AI request data (Gemini): Not retained per Google Gemini API terms.

Contact for Deletion Requests

Email: hello@milehighinterface.com
Developer: Mile High Interface LLC
Response time: 5 business days

---

Information We Do NOT Collect

Payback does NOT collect, store, or share:

• Personal identification information (name, email, phone number)
• Precise location data (beyond what you provide in Takeout/Meta exports)
• Contact lists
• Photos or videos
• Financial information
• Health information
• Browsing history (except what you provide via exports)
• Device identifiers for tracking
• Analytics or telemetry (unless you opt in, see below)

Analytics and Telemetry (Opt-In Only)

By default, we do NOT collect any usage analytics or telemetry.

Category Analytics (Optional Opt-In)

If you opt in to category analytics (Settings > Privacy > Share Category Insights):

What is collected:

• Google OAuth UID: Your Google account identifier (for user identification)
• Email Address: Your Gmail address (for cross-device sync and support)
• Category Match Scores: Your behavioral category scores (e.g., "Urban Professionals": 8.5/10)
• Match Confidence: AI confidence levels for each category (0-1 scale)
• Tier Classification: Match strength tier (weak/moderate/strong)
• Sync Metadata: Timestamps, synthesis version, analysis type

What is NOT collected:

• Raw email content or calendar events
• Search queries or location data
• File names, paths, or transaction details
• Social media posts or messages
• Any personally identifiable information beyond OAuth UID and email

How it's used:

• Personalized Features: Enable "Your Top Categories", cross-device profile sync, rank comparisons
• Aggregate Insights: Dashboard analytics showing category distribution (e.g., "Top 10 Most Common Categories")
• Product Improvement: Understand which categories are most common to improve AI models
• Support: Help you troubleshoot issues or recover data

Data Storage:

• Database: PostgreSQL hosted on Railway (US region, SSL-encrypted)
• Retention: Indefinitely (for personalized features) unless you request deletion
• Access Control: You can only access your own scores (enforced by backend middleware)

Your Rights:

• Right to Access: View all your category scores (Settings > Analytics > View My Scores or API: GET /api/v1/analytics/user/:userId/scores)
• Right to Export: Export all your data in JSON format (Settings > Analytics > Export My Data or API: GET /api/v1/analytics/user/:userId/export)
• Right to Delete: Delete all your analytics data (Settings > Analytics > Delete My Data or API: DELETE /api/v1/analytics/user/:userId)
• Right to Opt-Out: Disable analytics anytime (Settings > Privacy > Disable Category Analytics)

Note: Direct Gmail linkage enables personalized features but means we can identify you. If you prefer full anonymity, keep analytics disabled (all analysis happens on-device only).

General Telemetry (Future Feature)

We may add optional telemetry for app crashes and performance metrics in the future. This will be:

• Fully opt-in (disabled by default)
• Sanitized to remove personally identifiable information
• Used solely for improving app stability

You can disable telemetry at any time in Settings.

Children's Privacy

Ôwn (Payback) is not intended for users under 13 years of age (or under 16 in the EEA). We do not knowingly collect data from children. If you believe a child has used the App, please contact us at hello@milehighinterface.com.

Security Measures

We implement industry-standard security practices:

• Encryption: AES-256-GCM for data at rest, TLS 1.3 for data in transit
• Secure Storage: iOS Keychain and Android Keystore for sensitive credentials
• Session Management: 30-minute inactivity timeout, automatic logout
• Code Security: Regular security audits, dependency vulnerability scanning
• No Cloud Storage: Eliminates server-side data breach risks

Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

General Rights (All Users)

• Right to Access: View all data stored in the App (Settings > Data Management)
• Right to Delete: Delete all data at any time (Settings > Data Management)
• Right to Portability: Export your persona data (Settings > Export Data)

GDPR Rights (EEA Users)

If you are in the European Economic Area, you have additional rights under GDPR:

• Right to Rectification: Correct inaccurate data (delete and re-analyze)
• Right to Restriction: Limit processing (disable AI analysis)
• Right to Object: Object to processing (opt out of AI features)
• Right to Lodge Complaint: Contact your local data protection authority

CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

• Right to Know: What data is processed (detailed in this policy)
• Right to Delete: Delete all data (Settings > Data Management)
• Right to Opt-Out: Opt out of AI analysis (Settings > Privacy)

Note: Because all processing is local and we do not "sell" data, many data sharing regulations do not apply.

International Data Transfers

• Local Processing: All data processing occurs on your device in your location
• AI Requests (Instant Analysis): When you use Instant Analysis, behavioral signals are sent to Google Gemini servers (U.S.-based) via encrypted HTTPS
• Safeguards: Google Gemini complies with GDPR (Standard Contractual Clauses)

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in legal requirements
• New features or services
• Improved security practices

Notification: We will notify you of material changes via:

• In-app notification on next launch
• Updated "Last Updated" date at the top of this policy
• Email (if you've provided contact information for support)

Your Consent: Continued use of the App after changes constitutes acceptance of the updated policy.

Data Breach Notification

In the unlikely event of a data breach affecting our backend proxy:

• We will notify affected users within 72 hours
• Notification will include: nature of breach, data affected, remediation steps
• We will report to relevant authorities as required by law

Note: Because all user data is stored locally on your device (not on our servers), most data breaches do not affect your personal data.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: hello@milehighinterface.com
Website: https://www.milehighinterface.com/payback/privacy.html
Mailing Address:
Mile High Interface LLC
[Contact via email for physical address]

Response Time: We aim to respond to all privacy inquiries within 5 business days.

Compliance

This Privacy Policy complies with:

• GDPR (General Data Protection Regulation) - EU/EEA
• CCPA (California Consumer Privacy Act) - California, USA
• COPPA (Children's Online Privacy Protection Act) - USA
• Apple App Store Guidelines - Section 5.1.1 (Data Collection and Storage)
• Google Play Store Policies - User Data policies

App Store Privacy Labels

Apple App Store

Data Not Collected (default — analytics off):
By default, this app does not collect any data. All processing is on-device.

Data Linked to You (only if you opt in to analytics):
If you enable optional category analytics (Settings > Privacy > Share Category Insights), your Google account identifier (OAuth UID) and email address are collected for cross-device sync.

Data Not Used to Track You:
This app does not track you across apps or websites owned by other companies.

Google Play Store Data Safety

Data Sharing: No data shared with third parties (analytics backend is first-party; Gemini API is used transiently with no retention)

Data Collection: No data collected by default. Optional analytics (opt-in) collects OAuth UID and email address.

Security Practices:

• Data is encrypted in transit (HTTPS/TLS 1.3)
• Data is encrypted at rest (AES-256-GCM)
• You can request data deletion (Settings > Data Management or https://www.milehighinterface.com/payback/data-deletion.html)

Glossary

• Google Takeout: Google's data export service that creates an archive of your Google account data
• Meta Export: Facebook/Instagram's data export feature (Download Your Information)
• On-Device Processing: Data analysis that occurs entirely on your mobile device, not on remote servers
• OAuth 2.0: Industry-standard authentication protocol (no passwords shared)
• AES-256-GCM: Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode
• TLS 1.3: Transport Layer Security protocol for encrypted internet connections

Transparency Commitment

Payback is built on transparency:

• Open Source (Planned): We plan to open-source our codebase for community audit
• No Hidden Tracking: No third-party analytics or advertising SDKs
• User Control: You control what data is processed and when
• Clear Control: You control when AI analysis runs by choosing to use Instant Analysis
• Data Sovereignty: Your data stays on your device

---

Questions? Contact us at hello@milehighinterface.com

Last Updated: March 16, 2026
Version: 1.2