Privacy Policy

Mynu ("we," "our," or "us") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your choices when you use the Mynu mobile app.

1. Scope

This Privacy Policy applies to the Mynu iOS app and related services.

2. Information We Collect

We collect the following categories of information:

1. Account and sign-in information
   • If you sign in with Apple, Google, or phone number, we collect authentication identifiers and basic account profile information (such as display name, UID, and phone number where applicable).
   • Authentication is provided through Firebase Authentication. Your authentication credentials (passwords, OAuth tokens) are handled by the respective identity providers and Firebase, not stored on our infrastructure.
2. App content you create
   • Menu data, dishes, activity entries, labels, schedule-related details, and other content you enter in the app.
   • Profile data such as display name and avatar URL.
3. Photos and media
   • If you are signed in: dish images and avatar images are uploaded to your Apple iCloud account as CloudKit assets in your private CloudKit database. We do not host or process these images on our own servers.
   • If you are a guest (not signed in): dish and avatar images are stored locally on your device only.
   • The app may temporarily process local image files on-device (for example cropping/editing and asset preparation) for both guest and signed-in flows.
   • If you sign in after using guest mode, your guest dish/activity data - including the underlying image files - is migrated into your iCloud account on a one-way, additive basis. After successful migration, the guest workspace is marked as claimed and is not surfaced again on this device.
4. Device and usage data
   • Basic app telemetry/logging events related to reliability, performance, and errors (for example data backend initialization, subscription health, migration progress, and share failure events). These telemetry events are written to the local console for diagnostic purposes; they are not transmitted to our servers.
   • Push notification token(s), if you enable notifications. Tokens are stored alongside your data in your iCloud private database and used to deliver notifications via Expo and Apple Push Notification service. The app uses iOS background delivery so notifications can be received and processed when the app is not in the foreground.
   • When you sign in with a phone number, Apple Push Notification service may receive a silent verification push from Firebase to confirm the app's authenticity. This push contains no user content and is not stored by us.
5. Cloud and local storage data
   • Signed-in app data is stored using SwiftData, replicated to your Apple iCloud account via CloudKit. Reads and writes go through your private CloudKit database; we do not have access to it.
   • Guest app data is stored locally on your device using on-device key-value storage; nothing is transmitted to a remote server while you remain in guest mode.
   • Some content may be cached on your device for performance and offline use.

3. How We Use Information

We use your information to:

1. Provide and operate the app
   • Create and manage menus, dishes, activity history, labels, and collaboration features.
2. Authenticate users
   • Support Apple, Google, and phone sign-in via Firebase Authentication.
3. Enable syncing and sharing
   • Sync your menu and activity across devices signed into the same Apple ID, and enable family/household collaboration via CloudKit sharing (CKShare).
4. Enable optional notifications
   • Deliver push notifications and respect your notification preferences.
5. Maintain reliability and safety
   • Diagnose app errors and improve stability.

4. Legal Bases (Where Applicable)

Depending on your location, we process data based on one or more of the following:

• Performance of a contract (providing app features you request).
• Legitimate interests (security, reliability, and service improvement).
• Consent (where required, such as notifications or specific platform permissions).
• Legal obligations.

5. Sharing of Information

We do not sell your personal information.

We rely on the following third-party services solely to operate the app:

1. Apple CloudKit / iCloud
   • Stores and syncs your menu, dishes, activity entries, image assets, and push token data in your private iCloud database. Powers cross-device sync and CloudKit sharing for invited collaborators.
2. Firebase Authentication
   • Provides Apple/Google/phone authentication services. For phone sign-in, Firebase coordinates a silent app-verification push delivered through Apple Push Notification service.
3. Expo / Apple Push Notification service
   • Delivers push notifications (if enabled), including background delivery, and the silent app-verification push used during phone sign-in.

We may also disclose information if required by law, legal process, or to protect rights/safety.

6. Data Retention

We retain information for as long as needed to provide the app and legitimate business purposes, unless a longer retention period is required by law.

• Cloud-backed data is stored in your iCloud account and persists until you delete it from within the app, until you delete your Mynu account, or until you remove the data through Apple's iCloud controls.
• Local cached data may remain on device until removed by app actions or device uninstall.
• Account deletion (via the in-app "Delete account" flow) removes your menu, dishes, activity, and push token records from your iCloud private database, then signs you out.

7. Your Choices and Rights

Depending on your location, you may have rights to access, correct, delete, or export your information.

You can also:

• Update profile information in-app.
• Delete your account and associated CloudKit data via the in-app "Delete account" flow.
• Reset all test data on this device via the "Reset test data" action in profile.
• Disable notifications in app settings or iOS settings.
• Revoke app permissions (camera, photos, notifications) in iOS Settings at any time.

For privacy requests, contact us using the details below.

8. Do Not Track

Mynu does not track you across third-party websites or apps, and we do not use third-party advertising networks or cross-site analytics SDKs that build behavioral profiles. Because the app does not perform this kind of tracking in the first place, it does not specifically respond to browser-based "Do Not Track" (DNT) signals - there is no cross-site activity to suppress. We treat all users consistently with the practices described in this policy.

9. Children's Privacy

Mynu is not intended for children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children.

10. International Data Transfers

Your information may be processed in countries other than your own, depending on Apple and Firebase infrastructure providers. We take reasonable steps to protect data during transfer and processing.

11. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. App data stored in CloudKit benefits from Apple's iCloud security model. No method of transmission or storage is completely secure.

12. Third-Party Services

The app relies on third-party services with their own privacy terms, including:

• Apple CloudKit / iCloud
• Firebase Authentication (Google LLC)
• Expo Notifications / Apple Push Notification service

Please review those providers' policies for additional details.

13. Camera and Photo Library Access

Mynu requests camera and photo library access only when needed for image-related features, such as:

• Taking a new dish or avatar photo with your camera.
• Selecting an existing photo from your photo library.
• Editing/cropping selected images before saving.

If you deny camera or photo access, these image features may not work, but the rest of the app can still be used. You can change permission settings at any time in iOS Settings.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date when changes are made.

15. Contact Us

If you have questions or requests about this Privacy Policy, contact:

• Email: huyj1109@gmail.com