Yap Privacy Policy

Yap is built for private, between-friends voice moments. This policy explains what we collect, why we collect it, and how we protect it.

Last updated: April 8, 2026

1) What Yap Collects

• Account data: Firebase user ID, profile fields (for example display name, token balance, Pro status, streak data).
• Contacts data: if you grant contacts permission, phone numbers are processed for matching. Numbers are normalized and hashed using HMAC-SHA256 in backend functions.
• Voice and message data: your recorded Yaps, related metadata (sender/recipient IDs, timestamps, moderation status, ghost mode flags), and optional transcript/preview data when generated.
• Device and notification data: push token and device profile entries used to deliver notifications.
• Purchase and entitlement data: subscription/purchase state handled through app-store billing and RevenueCat integration.
• Security and service logs: request metadata and rate-limiting records used to protect service integrity and prevent abuse.

2) How We Use Data

• Run core Yap features (send, receive, play, and manage voice messages).
• Match contacts so you can find people you know in Yap.
• Send product notifications (for example, when someone yaps about you).
• Detect misuse, apply anti-abuse/rate limits, and operate security controls.
• Process billing entitlements and restore purchases.
• Respond to support requests and account operations (including deletion requests).

3) Permissions We Request

• Contacts: to let you choose who to Yap about and support contact matching.
• Microphone: to record voice Yaps.
• Notifications: to deliver whisper alerts and product updates.
• Internet: to communicate with Firebase and related services.

4) Sharing and Processors

We do not sell personal data. We use service providers to run Yap, including:

• Firebase (Google): authentication, database, storage, cloud functions, and messaging delivery.
• RevenueCat: subscription and entitlement management.
• App Store / Google Play billing: payment processing according to their policies.

5) Retention and Deletion

We retain data as long as needed to provide the service, meet legal obligations, and protect against abuse.

Yap supports account deletion requests. Server-side deletion flows remove user-scoped records and attempt auth account deletion. Some limited records may persist for legal, security, or backup recovery windows.

6) Security

We apply access controls and Firebase security rules to restrict access to authorized users. No system is 100% secure, but we continuously work to protect your data and private whispers.

7) Children and Age Use

Yap is not intended for children under 13. If you believe a child has provided personal data, contact us and we will take appropriate action.

8) International Processing

Your data may be processed in countries where our service providers operate. We use reasonable safeguards aligned with applicable law.

9) Policy Updates

We may update this Privacy Policy from time to time. We will post the revised version here with a new date.

10) Contact

Questions, privacy requests, or deletion requests:
enesurasmdl@gmail.com · +90 505 620 00 47