Privacy Policy for Ôwn (Payback Own)

Introduction

Payback Own ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how our mobile application ("App") handles your data when you use our consumer insights analysis service.

Information We Access

Data You Provide

When you use Payback Own, you may choose to provide access to:

1. Google Takeout Archives (ZIP files stored in Google Drive)
   • YouTube watch history
   • Google Search history
   • Chrome browsing history
   • Location history (Timeline/Semantic Location)
   • Google Maps activity (searches, saved places)
   • Google Play Store (app installs)
   • Gmail (metadata only, not message content)
   • Other Google service data included in your Takeout export
2. Meta (Facebook/Instagram) Exports (Folder structure uploaded to Google Drive)
   • Instagram: Posts, stories, likes, saved posts, searches, ad interactions, messages, following list
   • Facebook: Posts, comments, friends list, likes, searches, ad interactions, groups, pages
   • Detection: Automatic service detection via folder name patterns and content analysis
   • Format: JSON files (recommended) or HTML
   • Note: Standard export analysis focuses on structured export contents and media metadata. Some user-selected uploads or export files may still include photo/video-related data depending on the feature you use.

Authentication Data

Payback Own supports two sign-in providers — you may use whichever you prefer.

Sign in with Google

• Google OAuth Tokens (Drive): Used for Google Drive access to retrieve your Takeout files. Scope: drive.readonly.
• Google OAuth Tokens (Gmail + Calendar): Used during Instant Analysis to extract behavioral signals. Scopes: gmail.readonly, calendar.readonly.
• Google Profile Information: During sign-in, we may receive your name, email address, Google user ID, and profile photo URL from Google and Firebase authentication services.

Sign in with Apple

• Apple Identity Token: Used to authenticate you. Contains a stable Apple user identifier (the sub claim) that is unique to your Apple ID and to this app.
• Email Address: Apple may share your real email or relay it via a private @privaterelay.appleid.com address — your choice at sign-in. Either form is treated the same way for account identification.
• Name: Apple shares your name only on first sign-in, and only if you choose to share it. We store whatever you provide locally.
• We do not collect Apple passwords, device identifiers, or any other Apple account data beyond the identity token.

Token storage

• All authentication tokens are stored locally on your device in encrypted storage (iOS Keychain / Android Keystore).
• No passwords are collected or stored.

How We Process Your Data

On-Device Processing

Most file handling and storage occurs on your device:

1. File Selection: Quick Analysis intelligently selects 10-15 high-value files from your export
2. File Extraction: Archive files are processed locally; extracted files cached in device storage temporarily
3. Data Parsing: Content is parsed on-device using local algorithms; Meta JSON files use custom Unicode parser
4. Storage: Analysis results stored in encrypted local SQLite database (payback.db)
5. Prompt Preparation: Selected content may be sampled, redacted, and formatted locally before being sent for AI processing
6. Cleanup: Temporary files automatically deleted after analysis

Encryption

• At Rest: The local SQLite database is encrypted with SQLCipher 4 (AES-256).
• Master Key: A 256-bit random encryption key is generated on-device via expo-crypto and stored in iOS Keychain (iOS) or Android Keystore (Android) via expo-secure-store. The key is not synced to iCloud or Google Backup.
• In Transit: All connections use HTTPS/TLS 1.3 (Google APIs, Gemini API, Expo/EAS services, backend proxy)
• OAuth Tokens: OAuth tokens are stored in encrypted device storage (iOS Keychain / Android Keystore).
• Database: SQLite with WAL mode, PRAGMA optimizations for performance

Off-Device Processing and AI Analysis

When you use AI-powered features, some data is transmitted off-device:

• Instant Analysis: Gmail and Calendar behavioral signals extracted on-device, such as purchase patterns, vendor summaries, subscription summaries, travel events, destinations, recurring activities, and time-allocation signals.
• Quick Analysis and Freestyle: Selected export or uploaded file contents and metadata may be sent for AI analysis. Depending on what you choose to analyze, this can include search history, browsing history, location history, purchases, contacts or social graph data, messages, photos or videos metadata, health or fitness exports, ad-interaction data, and other user-provided export contents.
• What is NOT sent:
  • Your Google or Meta passwords
  • Payment card or bank account credentials entered outside the app
  • Every file in a connected account by default; processing is limited to the files/signals required for the feature you use
• Service used: Google Gemini 2.5 Pro via our secure backend proxy
• Purpose: Generate consumer persona summaries, category matches, and behavioral insights
• Retention by us: We do not intentionally persist full AI request contents on our own servers after request completion, aside from limited operational metadata and logs.
• Retention by Google: Google states that prompts, contextual information, and outputs sent to the Gemini API may be retained for up to 55 days for abuse monitoring and are not used to train or fine-tune AI/ML models. See: https://ai.google.dev/gemini-api/docs/usage-policies

Third-Party Services

Google Services

1. Google OAuth 2.0 / OpenID / Firebase Authentication
   • Purpose: Authenticate you, create your app session, and associate synced features with your account
   • Data shared: Authentication tokens and profile/account data such as name, email address, Google user ID, and profile photo URL (if available)
   • Google's Privacy Policy: https://policies.google.com/privacy
2. Google Drive, Gmail, and Calendar APIs
   • Purpose: Access the Google data sources you choose to connect
   • Data accessed: Only the files, message signals, and calendar signals required for the feature you invoke
   • Scopes: drive.readonly, gmail.readonly, calendar.readonly
3. Google Gemini AI (Used for Instant Analysis, Quick Analysis, and Freestyle AI features)
   • Purpose: AI-powered persona generation, category matching, and behavioral analysis
   • Model: Gemini 2.5 Pro
   • Data shared: Behavioral signals and selected file contents/metadata from the files and exports you choose to analyze
   • Backend proxy: Secure API proxy with OAuth verification and rate limiting
   • Rate limits: Primary and secondary API keys for failover
   • Retention: Prompts, contextual information, and outputs may be retained by Google for up to 55 days for abuse monitoring; Google states this data is not used to train or fine-tune AI/ML models
   • Google AI Privacy / Usage Policies: https://ai.google.dev/gemini-api/docs/usage-policies
4. Expo / EAS Insights
   • Purpose: Operational usage analytics for app launches and release health
   • Data shared: App launch events and metadata such as EAS client ID, project ID, app version, platform, and OS version
   • Expo documentation: https://docs.expo.dev/eas-insights/introduction/

Apple Services

1. Sign in with Apple
   • Purpose: Authenticate you using your Apple ID
   • Data shared: A stable Apple user identifier (the sub claim), an email address (your real address or a private @privaterelay.appleid.com relay address — your choice), and your name (only on first sign-in, only if you choose to share it)
   • Apple does not share other Apple account data with us, and we do not request access to any Apple device data (Photos, Contacts, Health, etc.).
   • Apple's Privacy Policy: https://www.apple.com/legal/privacy/

Backend Proxy

We operate backend services (Node.js/Express) to:

• Purpose: Securely manage Gemini API keys, authenticate users, process AI requests, and sync account-linked analytics/profile data
• Data processed: AI analysis requests, account/profile metadata, category analytics scores, consent settings, and sync metadata
• AI request retention: We do not intentionally persist full AI request contents after request completion
• Analytics/profile retention: Account-linked analytics and profile sync records may be retained on our backend until you delete them or request deletion, subject to backups
• Security: Per-user rate limiting (5 requests/minute), global IP rate limiting (100 requests/15min), Google OAuth token verification, dual API key failover
• Deployment: Railway (US)
• Logging: Request metadata and operational metrics; we do not intentionally log full AI file contents or raw export payloads

Data Storage and Retention

Local Storage

• Location: Your device only (iOS app sandbox or Android app data directory)
• Encryption: SQLCipher 4 (AES-256) encrypted SQLite database
• Retention: Data persists until you delete it

How to Delete Your Data

You have complete control over your data:

1. Delete specific analyses:
   • Navigate to Settings > Data Management
   • Tap "Delete Analysis" for individual reports
2. Delete all data:
   • Navigate to Settings > Data Management
   • Tap "Delete All Data"
   • Confirms deletion of all profiles, analyses, and cached files
3. Revoke Google Drive access:
   • Visit Google Account Permissions
   • Remove "Payback Own" access
4. Uninstall the App:
   • Deleting the App removes all local data from your device

---

Account & Data Deletion

About This App

Ôwn (published as "Payback Own" by Mile High Interface LLC) is a local-first app that analyses your Google and Meta data exports to generate behavioural insights. Most processing happens on your device, but some features also use server-side authentication, AI processing, analytics sync, and app-launch telemetry services.

How to Delete Your Account and All Data

Option 1 — Delete directly inside the app (instant)

This is the fastest method and removes all data immediately.

1. Open the Ôwn app.
2. Tap the Settings tab (bottom navigation bar).
3. Scroll to Data Management.
4. Tap Delete All Data.
5. Confirm when prompted.

What this deletes immediately:

• All analysis results, reports, and personas stored in the encrypted local database (payback.db)
• All behavioural signals extracted from your Google Takeout and Meta exports
• All AI-generated insights and cached results
• All checkpoints and temporary files

Option 2 — Submit a deletion request by email

If you cannot access the app or want to request deletion of any server-side data, email us:

Email: hello@milehighinterface.com
Subject: Data Deletion Request – Ôwn
Include: The email address linked to your Google account (used for sign-in)

We will process your request and confirm deletion within 5 business days.

Option 3 — Delete synced analytics and account-linked backend data

If you signed in and your account has synced analytics or profile data:

• In-app: Settings > Analytics > Delete My Data
• API: DELETE /api/v1/analytics/user/:userId (authenticated)
• By email: hello@milehighinterface.com

What Data Is Deleted vs. Retained

Data Type	Where Stored	Deleted When	Notes
Analysis results, personas, and behavioural signals saved in the app	On your device (encrypted SQLite)	Immediately on "Delete All Data" or app uninstall	No persistent server-side copy of the local database
Google OAuth token	On your device (iOS Keychain / Android Keystore)	On app uninstall or manual revoke	Revoke at: myaccount.google.com/permissions
AI request payloads processed by our backend	In-memory request pipeline / transient server processing	Not intentionally persisted after request completion	Limited request metadata may still be logged
AI request prompts, context, and outputs processed by Google Gemini	Google servers	Google states up to 55 days for abuse monitoring	Not used by Google to train or fine-tune AI/ML models per Google policy
Account/profile sync and category analytics records	Railway PostgreSQL (US)	Within 30 days of deletion request	May include user ID, email, display name, consent state, category scores, and sync metadata
Backend proxy request logs	Railway (metadata only)	Purged within 90 days	We do not intentionally log full AI payloads
App-launch telemetry	Expo / EAS services	Retention governed by Expo	May include EAS client ID, project ID, app version, platform, and OS version

We do not intentionally retain full raw export files, full email bodies, or full calendar event descriptions on our own servers after request completion.

Retention Periods After Deletion

• On-device data: Deleted immediately when you use the in-app delete function or uninstall the app.
• Account/profile sync and analytics data: Deleted within 30 days of a confirmed deletion request.
• Automated database backups (Railway): Purged within 90 days in accordance with Railway's backup retention policy.
• AI request data (Gemini): Google states prompts, contextual information, and outputs may be retained for up to 55 days for abuse monitoring. See https://ai.google.dev/gemini-api/docs/usage-policies.

Contact for Deletion Requests

Email: hello@milehighinterface.com
Developer: Mile High Interface LLC
Response time: 5 business days

---

Tracking, Analytics, and Server-Side Data

No Cross-App Tracking

Payback Own does not use your data to track you across apps or websites owned by other companies.

• We do not use IDFA.
• We do not share data with data brokers.
• We do not use collected data for third-party advertising.
• We do not place App Tracking Transparency (ATT) tracking SDKs in the app.

Account-Linked Analytics and Profile Sync

When you sign in and use synced features, we may collect and store:

• User identifiers: Google user ID or account ID
• Contact/profile data: email address and display name
• Category analytics: category match scores, confidence values, tiers, synthesis version, and sync history
• Consent/settings metadata: analytics consent state and related timestamps

These records are used for:

• App functionality: account-linked features, sync, access control, and data deletion/export
• Product personalization: showing your saved profile and synced analytics in the app
• Analytics: understanding aggregate category distribution, sync health, and feature usage

You can request access to, export, or delete this backend data from Settings or by emailing hello@milehighinterface.com.

Operational Telemetry

The app also uses Expo / EAS Insights for launch telemetry and release-health monitoring. This may include:

• EAS client ID or install-level identifier
• Project ID
• App version
• Platform and OS version
• App launch events

We do not currently run a separate crash-reporting or session-replay SDK beyond this operational telemetry.

Children's Privacy

Ôwn (Payback Own) is not intended for users under 13 years of age (or under 16 in the EEA, or under 18 in India). We do not knowingly collect data from children. If you believe a child has used the App, please contact us at hello@milehighinterface.com.

India — additional note: Under India's Digital Personal Data Protection Act, 2023 (DPDP Act), users under 18 are classified as children. We do not knowingly allow users under 18 in India to use the App without verified parental consent. If a parent or guardian believes their child has used the App, please contact us immediately at hello@milehighinterface.com to request data deletion.

Security Measures

We implement industry-standard security practices:

• Encryption: AES-256 (SQLCipher 4) for data at rest, TLS 1.3 for data in transit
• Secure Storage: iOS Keychain and Android Keystore for sensitive credentials
• Session Management: 30-minute inactivity timeout, automatic logout
• Code Security: Regular security audits, dependency vulnerability scanning
• Local-First Storage: Most user-facing analysis data remains in the app's encrypted local database rather than a general-purpose cloud store

Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

General Rights (All Users)

• Right to Access: View all data stored in the App (Settings > Data Management)
• Right to Delete: Delete all data at any time (Settings > Data Management)
• Right to Portability: Export your persona data (Settings > Export Data)

GDPR Rights (EEA Users)

If you are in the European Economic Area, you have additional rights under GDPR:

• Right to Rectification: Correct inaccurate data (delete and re-analyze)
• Right to Restriction: Limit processing (disable AI analysis)
• Right to Object: Object to processing (opt out of AI features)
• Right to Lodge Complaint: Contact your local data protection authority

CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

• Right to Know: What data is processed (detailed in this policy)
• Right to Delete: Delete all data (Settings > Data Management)
• Right to Opt-Out: Opt out of AI analysis (Settings > Privacy)

Note: We do not sell your personal data or use it for cross-app tracking. However, some processing does occur on our backend and with third-party providers as described in this policy.

UK GDPR Rights (United Kingdom Users)

If you are in the United Kingdom, you have rights under the UK GDPR as retained in UK law by the Data Protection Act 2018:

• Right to Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate personal data (delete and re-analyze)
• Right to Erasure: Request deletion of your personal data (Settings > Data Management)
• Right to Restriction: Limit how your data is processed (disable AI analysis)
• Right to Object: Object to processing based on legitimate interests (opt out of AI features)
• Right to Portability: Receive your data in a machine-readable format (Settings > Export Data)
• Right to Lodge a Complaint: Contact the UK Information Commissioner's Office (ICO)

ICO contact details:

• Website: ico.org.uk/concerns
• Phone: 0303 123 1113

DPDP Rights (India Users)

If you are in India, you have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act):

• Right to Information: Know what personal data is collected, why it is processed, and which third parties it is shared with (detailed in this policy)
• Right to Correction and Erasure: Request correction of inaccurate data or deletion of your personal data (Settings > Data Management, or email hello@milehighinterface.com)
• Right to Grievance Redressal: Lodge a grievance with our Grievance Officer; we will acknowledge within 48 hours and resolve within 30 days
• Right to Nominate: Nominate another individual to exercise your data rights on your behalf in the event of death or incapacity

Grievance Officer (India):
Mile High Interface LLC
Email: hello@milehighinterface.com
Subject line: DPDP Grievance – Ôwn
Response time: Acknowledgement within 48 hours; resolution within 30 days

International Data Transfers

• Local Processing: Many file-selection, parsing, and storage operations occur on your device.
• Server-Side Processing: Account/profile sync data may be processed on our backend infrastructure and databases in the United States.
• AI Requests: When you use AI-backed features, selected signals or file contents/metadata are sent to our backend and then to Google Gemini via encrypted HTTPS.
• Operational Telemetry: App launch telemetry may be processed by Expo / EAS services.
• Safeguards: Third-party providers apply their own contractual and technical safeguards. Please review their privacy documentation for details.

United Kingdom Users

Data transferred outside the UK (including to our US-based backend infrastructure and to Google's services) is subject to UK GDPR transfer requirements. We rely on appropriate UK-approved transfer mechanisms (such as the UK International Data Transfer Agreement or adequacy regulations) for these international data flows. Our third-party providers (Google, Expo/EAS, Railway) maintain their own transfer safeguards applicable to UK data.

India Users

Data transferred outside India (including to our US-based backend infrastructure and to Google's services) is subject to the DPDP Act's provisions on cross-border personal data transfers. We only transfer data to jurisdictions or entities that maintain adequate data protections consistent with the DPDP Act. By using the App, you consent to the transfer of your personal data to the United States and other countries where our service providers operate, subject to the protections described in this policy.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in legal requirements
• New features or services
• Improved security practices

Notification: We will notify you of material changes via:

• In-app notification on next launch
• Updated "Last Updated" date at the top of this policy
• Email (if you've provided contact information for support)

Your Consent: Continued use of the App after changes constitutes acceptance of the updated policy.

Data Breach Notification

In the unlikely event of a data breach affecting our backend proxy:

• We will notify affected users within 72 hours
• Notification will include: nature of breach, data affected, remediation steps
• We will report to relevant authorities as required by law, including the UK Information Commissioner's Office (ICO) for UK users and India's Data Protection Board (DPB) for Indian users

Note: Because much of the app's content storage remains local to your device, on-device deletion significantly reduces exposure. However, server-side account data, analytics records, logs, and third-party AI processing data may still be affected by a provider-side incident.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: hello@milehighinterface.com
Website: https://www.milehighinterface.com/payback/privacy.html
Mailing Address:
Mile High Interface LLC
[Contact via email for physical address]

Response Time: We aim to respond to all privacy inquiries within 5 business days.

Compliance

This Privacy Policy complies with:

• GDPR (General Data Protection Regulation) - EU/EEA
• UK GDPR / Data Protection Act 2018 - United Kingdom
• DPDP Act (Digital Personal Data Protection Act, 2023) - India
• CCPA (California Consumer Privacy Act) - California, USA
• COPPA (Children's Online Privacy Protection Act) - USA
• Apple App Store Guidelines - Section 5.1.1 (Data Collection and Storage)
• Google Play Store Policies - User Data policies

App Store Privacy Labels

Apple App Store

Data Collected:
Payback transmits some data off-device, including account/profile data, selected AI-analysis inputs, synced analytics records, and app-launch telemetry.

Data Linked to You:
Most data transmitted off-device is linked to your account or device unless it is de-identified before collection.

Data Not Used to Track You:
This app does not track you across apps or websites owned by other companies.

Google Play Store Data Safety

Data Sharing: Data may be processed by Google, Expo, and our infrastructure providers to deliver authentication, AI analysis, and operational telemetry.

Data Collection: The app collects account/profile data, selected AI-analysis inputs, synced analytics/profile metadata, and launch telemetry as described in this policy.

Security Practices:

• Data is encrypted in transit (HTTPS/TLS 1.3)
• Data is encrypted at rest (AES-256 via SQLCipher 4)
• You can request data deletion (Settings > Data Management or https://www.milehighinterface.com/payback/data-deletion.html)

Glossary

• Google Takeout: Google's data export service that creates an archive of your Google account data
• Meta Export: Facebook/Instagram's data export feature (Download Your Information)
• On-Device Processing: Data analysis steps that occur on your mobile device rather than on remote servers
• OAuth 2.0: Industry-standard authentication protocol (no passwords shared)
• SQLCipher 4: Open-source extension to SQLite that provides transparent AES-256 database encryption.
• TLS 1.3: Transport Layer Security protocol for encrypted internet connections

Transparency Commitment

Payback is built on transparency:

• Open Source (Planned): We plan to open-source our codebase for community audit
• No Hidden Tracking: We do not use cross-app tracking, IDFA, or data-broker sharing
• User Control: You control what accounts, files, and exports are connected or analyzed
• Clear Control: You control when AI-backed analysis runs by choosing to use Instant Analysis, Quick Analysis, or Freestyle analysis
• Local-First Design: Most file storage and many processing steps remain on your device, even though some data is transmitted off-device for specific features

---

Questions? Contact us at hello@milehighinterface.com

Last Updated: May 14, 2026
Version: 1.5