Yap Privacy Policy
Yap is built for private, between-friends voice moments. This policy explains what we collect, why we collect it, and how we protect it.
Owner / Data Controller
Muhammed Enes Uras
Email: enesurasmdl@gmail.com
Phone: +90 505 620 00 47
1) What Yap Collects
- Account data: Firebase user ID, profile fields (for example display name, token balance, Pro status, streak data).
- Contacts data: if you grant contacts permission, phone numbers are processed for matching. Numbers are normalized and hashed using HMAC-SHA256 in backend functions.
- Voice and message data: your recorded Yaps, related metadata (sender/recipient IDs, timestamps, moderation status, ghost mode flags), and optional transcript/preview data when generated.
- Device and notification data: push token and device profile entries used to deliver notifications.
- Purchase and entitlement data: subscription/purchase state handled through app-store billing and RevenueCat integration.
- Security and service logs: request metadata and rate-limiting records used to protect service integrity and prevent abuse.
2) How We Use Data
- Run core Yap features (send, receive, play, and manage voice messages).
- Match contacts so you can find people you know in Yap.
- Send product notifications (for example, when someone yaps about you).
- Detect misuse, apply anti-abuse/rate limits, and operate security controls.
- Process billing entitlements and restore purchases.
- Respond to support requests and account operations (including deletion requests).
3) Permissions We Request
- Contacts: to let you choose who to Yap about and support contact matching.
- Microphone: to record voice Yaps.
- Notifications: to deliver whisper alerts and product updates.
- Internet: to communicate with Firebase and related services.
4) Sharing and Processors
We do not sell personal data. We use service providers to run Yap, including:
- Firebase (Google): authentication, database, storage, cloud functions, and messaging delivery.
- RevenueCat: subscription and entitlement management.
- App Store / Google Play billing: payment processing according to their policies.
5) Retention and Deletion
We retain data as long as needed to provide the service, meet legal obligations, and protect against abuse.
Yap supports account deletion requests. Server-side deletion flows remove user-scoped records and attempt auth account deletion. Some limited records may persist for legal, security, or backup recovery windows.
For step-by-step options (in-app, or by email if you no longer have the app), see Delete your Yap account.
Inactive accounts: We record app activity timestamps to operate the service. If you do not open Yap for a very long time (approximately 700 days), we may send you a reminder. If there is still no activity for approximately 730 days total since your last activity, we may delete your account and associated user data automatically, except where we must keep limited records for legal, security, or abuse-prevention reasons. Opening the app updates your activity and avoids automated deletion.
6) Security
We apply access controls and Firebase security rules to restrict access to authorized users. No system is 100% secure, but we continuously work to protect your data and private whispers.
7) Children and Age Use
Yap is not intended for children under 13. If you believe a child has provided personal data, contact us and we will take appropriate action.
8) International Processing
Your data may be processed in countries where our service providers operate. We use reasonable safeguards aligned with applicable law.
9) Policy Updates
We may update this Privacy Policy from time to time. We will post the revised version here with a new date.
10) Contact
Questions, privacy requests, or deletion requests:
enesurasmdl@gmail.com · +90 505 620 00 47