Privacy Policy

Effective Date: [INSERT DATE BEFORE LAUNCH]
Last Updated: [INSERT DATE BEFORE LAUNCH]

Introduction

VRYN is a notification inbox that pulls messages from services you connect (Discord, Slack, Outlook, Teams, YouTube) into one feed. "We", "our", and "us" refer to VRYN. "The Service" means the VRYN app and anything it connects to on your behalf.

This policy explains what data VRYN touches, how it's stored, and what you can do about it. Using VRYN means you agree to this policy. If you don't agree, don't use it.

Information We Collect

Account Information

When you create a VRYN account, we collect:

• Email address — used for authentication and account recovery.
• Authentication credentials — managed securely through Firebase Authentication (we do not store your password in plaintext).

Connected Service Data

When you connect third-party services (Discord, Slack, Microsoft Outlook, Microsoft Teams, YouTube), we collect:

• OAuth access tokens and refresh tokens — stored locally on your device using encrypted storage (flutter_secure_storage), used to communicate with connected services on your behalf.
• Notification metadata — sender name, subject/title, message preview (truncated), timestamps, read/unread status, and service-specific identifiers.
• Service account identifiers — your username, email, or user ID from connected services.

We request minimal permission scopes necessary for each feature. Where the feature set allows, we request read-only or equivalent least-privilege scopes from each connected service.

Device Information

• FCM device tokens — Firebase Cloud Messaging tokens used to deliver push notifications, stored in Firebase Firestore under your user account.
• Platform information — operating system and version, used for compatibility and debugging.

Usage Data

• Firebase Analytics — anonymized usage data including app opens, screen views, and feature usage. Aggregated and does not identify you personally. You can opt out in Settings → Privacy & Data → Usage Analytics.

Data We Do NOT Collect

• We do not collect or store the full content of your emails or messages on our servers. Notification content is fetched from service APIs and stored locally on your device.
• We do not collect your location.
• We do not collect your contacts or address book.
• We do not collect photos, files, or media from your device.

How We Use Your Information

• Provide the Service — fetch, normalize, and display notifications from your connected accounts.
• Authenticate you — verify your identity and manage your VRYN account.
• Deliver push notifications — send FCM push notifications when new notifications arrive.
• Improve the Service — analyze anonymized usage patterns to identify bugs and prioritize features.
• Provide support — respond to support requests and troubleshoot issues.

Data Storage and Security

Local Storage

• Notification data is stored locally on your device in an encrypted Hive database.
• OAuth tokens are stored in platform-native secure storage (Android Keystore / iOS Keychain) via flutter_secure_storage.
• No notification content is transmitted to or stored on VRYN servers beyond what Firebase services require.

Firebase Services

• Your VRYN account information (email, user ID) is stored in Firebase Authentication.
• FCM device tokens are stored in Firebase Firestore.
• Firebase services are hosted on Google Cloud infrastructure with encryption at rest and in transit.

Security Measures

• All network communication uses HTTPS/TLS encryption.
• OAuth 2.0 with minimal scopes for all third-party service connections.
• VRYN never stores passwords for connected services — only OAuth tokens.
• Biometric authentication option available for app access.
• Privacy overlay hides notification content when the app is backgrounded.

Data sharing

We don't sell your data

VRYN doesn't sell, rent, or trade your notification data or account information to anyone. There is no business model built on your data in this policy, and there isn't one planned.

Third parties involved in running the Service

Some third parties receive data because the Service requires it:

• Firebase (Google) — authentication, push notifications, analytics, and cloud functions. Covered by Google's Privacy Policy.
• Services you connect (Discord, Slack, Microsoft, YouTube) — VRYN uses your OAuth tokens to read notifications from them. Each has its own privacy policy.

Nothing beyond that. We don't share notification content, reading patterns, or usage data with any other third party.

Data Retention

• Notification data — stored locally on your device. Clearing app data or uninstalling removes all locally stored notifications.
• Account data — retained in Firebase for as long as your account exists. Deleted upon account deletion.
• FCM tokens — automatically cleaned up when expired or when your account is deleted.
• Analytics data — retained by Firebase Analytics per Google's retention policies (typically 14 months for user-level data).

Your Rights and Choices

Account Deletion

You can delete your VRYN account at any time from Settings → Security → Delete Account. Deletion will:

• Remove your Firebase Authentication account.
• Delete your FCM device tokens from Firestore.
• Revoke OAuth connections to all connected services.
• Remove all locally stored notification data.

Disconnect Services

You can disconnect any individual service at any time from the Connections screen. Disconnecting revokes the OAuth token for that service and removes stored notifications from that service on your device.

Data Export

You can export all your VRYN notification data as a JSON file at any time from Settings → Privacy & Data → Export Data. For requests for data held by Firebase services or third-party connected services, contact [email protected].

Opt Out of Analytics

You can opt out of Firebase Analytics data collection at any time from Settings → Privacy & Data → Usage Analytics.

Children's privacy

VRYN is not aimed at children under 13. We don't knowingly collect information from children under 13. If you're a parent or guardian and your child has created an account, email [email protected] and we'll delete the account and data.

Changes to this policy

This policy may change. When it does, the "Last Updated" date at the top changes, and significant changes get flagged in the app or by email to your account address. Continuing to use VRYN after a change means you accept the updated policy.

Contact Us

Questions, concerns, or requests regarding this Privacy Policy or your data: [email protected]

Developer: VRYN