Privacy Policy
1. Introduction
Sne Studio AS ("we", "us", "our") operates the Off Together application and website. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service. We are committed to protecting your privacy and handling your data in accordance with applicable Norwegian and European data protection laws, including the General Data Protection Regulation (GDPR).
2. Data Controller
Sne Studio AS is the data controller for the personal data processed through the Service. For any privacy-related inquiries, you can reach us at [email protected].
3. Data We Collect
We collect the following categories of personal data:
Account Information
- Email address
- Username
- Password (stored as a secure hash, never in plain text)
- Account creation date
Session Data
- Start and end times of your offline sessions
- Duration of each session
- Daily and weekly aggregated statistics
- Streak information (consecutive days of use)
Social Data
- Friend connections and friend request history
- Online/offline status
- Custom status messages you set during sessions
Technical Data
- IP address (used for security, rate limiting, and abuse prevention)
- Authentication tokens stored locally on your device
Early Access Signups
- Email address submitted through the website signup form
4. How We Use Your Data
We use your personal data for the following purposes:
- Providing and operating the Service, including account management and session tracking
- Enabling social features such as friend connections and shared status
- Generating personal statistics and progress tracking
- Securing the Service through rate limiting and abuse prevention
- Communicating with you about the Service, including early access updates
- Improving and developing the Service
5. Legal Basis for Processing
We process your personal data based on the following legal grounds under the GDPR:
- Contract performance: Processing necessary to provide the Service you signed up for (account data, session data, social features)
- Legitimate interests: Security measures, abuse prevention, and service improvement
- Consent: Early access email signups and optional status messages shared with friends
6. Data Storage and Security
Your data is stored in the following locations:
- On your device: Session data is stored locally in an SQLite database. Authentication tokens are stored in your device's secure preferences.
- On our servers: Account information, session data, friend connections, and status information are stored on Cloudflare's infrastructure (Cloudflare D1 database and Workers).
We implement appropriate technical measures to protect your data, including password hashing, JWT-based authentication, rate limiting, and IP-based abuse prevention.
7. Data Sharing
We do not sell your personal data. We share data only in the following limited circumstances:
- With your friends: Users you have accepted as friends can see your online/offline status, current session duration, and custom status messages.
- Infrastructure providers: Your data is processed through Cloudflare's infrastructure (Workers, D1 database, KV storage) as part of operating the Service.
- Early access emails: Email addresses submitted through the early access signup are shared with Google Sheets for managing our communication list.
- Legal requirements: We may disclose data if required by law or to protect our rights and safety.
8. Data We Do Not Collect
Off Together is designed to be privacy-friendly. We do not collect or access:
- Location data
- Contacts or address book
- Camera or microphone
- Browsing history or app usage outside of Off Together
- Advertising identifiers
9. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete your personal data within a reasonable timeframe, except where we are required to retain it by law.
10. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your personal data
- Restriction: Request that we limit processing of your data
- Portability: Request your data in a portable format
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, please contact us at [email protected]. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).
11. Children's Privacy
The Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the updated policy on this page with a revised "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact
If you have any questions about this Privacy Policy or how we handle your data, please contact us at [email protected].