Privacy Policy

Last updated: March 23, 2026

1. Introduction

Out Of Nines ("we," "us," or "our") operates the Out Of Nines mobile application (the "Customer App"), the Out Of Nines Scanner application (the "Scanner App"), and the admin dashboard (collectively, the "Services"). This Privacy Policy describes how we collect, use, and protect your personal information.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your email address, display name, and optionally your phone number and profile photo.
  • Authentication Data: If you sign in via Google or Apple, we receive your name and email address from those providers. We do not store your Google or Apple passwords.

2.2 Information Collected Automatically

  • Transaction Data: We record loyalty transactions (purchase amounts, Nevacoins earned) when you scan your QR code at a participating location.
  • Device Information: We collect device identifiers and app version for crash reporting and analytics purposes.
  • Usage Analytics: We use privacy-focused analytics (PostHog) to understand how the app is used. This data is anonymized where possible.
  • Crash Reports: We use Sentry to collect crash logs, which may include device type, OS version, and stack traces. These do not contain personal data.

2.3 Information We Do NOT Collect

  • Location data
  • Contacts or address book
  • SMS or call logs
  • Photos (unless you upload a profile picture)
  • Financial or payment information (we do not process payments)
  • Health or fitness data

3. How We Use Your Information

  • To create and manage your loyalty account
  • To track and display your Nevacoins balance and transaction history
  • To generate secure QR codes for in-store scanning
  • To send service-related notifications (e.g., account verification)
  • To improve the app experience through analytics
  • To detect and resolve technical issues via crash reporting

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase (database & authentication provider) — stores your account and transaction data securely.
  • Sentry (error tracking) — receives anonymized crash reports to help us fix bugs.
  • PostHog (analytics) — receives anonymized usage data to help us improve the app.
  • Google / Apple — only if you choose to sign in with these providers.

5. Data Storage & Security

Your data is stored securely in our Supabase database with encryption at rest and in transit. Authentication tokens are stored in your device's secure storage (Keychain on iOS, EncryptedSharedPreferences on Android). We implement row-level security policies to ensure you can only access your own data.

6. Your Rights

You have the right to:

  • Access your personal data via your profile in the app.
  • Update your profile information at any time.
  • Delete your account and all associated data by using the "Delete Account" option in the app settings, or by contacting us.
  • Export your data by contacting us at the email below.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Anonymized analytics data may be retained for up to 12 months.

8. Children's Privacy

Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Your continued use of the Services after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your data, please contact us: