Privacy Policy

1. Who we are

Yap is developed by Philipp Tschauner, based in Berlin, Germany. If you have questions about this policy, contact us at support@yap.fail.

2. What we collect

We collect as little as possible. Here's the full list:

• Device ID — A randomly generated UUID stored in your device's Keychain. This is not your Apple IDFA or IDFV. It's used solely to associate your missions with your device.
• Mission data — Your mission title, selected agent, language, deadline, status (active/completed/given up), completion time, escalation level, and whether AI copy was used.
• Apple User ID (optional) — If you sign in with Apple for cross-device sync, we store your anonymous Apple User ID. We never request your name or email.
• Pro status — Whether your device has an active Pro purchase, for feature gating.
• APNs device token — When you grant notification permissions, your Apple Push Notification Service (APNs) device token is stored on our server so we can deliver scheduled notifications to your device.
• Timezone — Your device's timezone is stored to respect quiet hours and deliver notifications at appropriate local times.

3. What we don't collect

• No email addresses
• No real names
• No phone numbers
• No location data
• No contacts or photos
• No advertising identifiers (IDFA)
• No browsing history or usage tracking across apps

4. How we use your data

• Mission data is used to generate AI notification content, populate the global leaderboard (anonymized, aggregated stats only), and provide Agent Memory for special agents.
• Device ID is used for row-level security — your device can only access its own data.
• Apple User ID is used only to link multiple devices to the same data.

5. Third-party services

We use the following third-party services:

• Supabase (database & edge functions) — Hosted in the EU. Stores your mission data and device ID. Subject to Supabase's privacy policy.
• OpenAI (AI content generation) — Your mission title, agent personality, and language are sent to OpenAI's API to generate notification messages. No device IDs or personal identifiers are sent. Subject to OpenAI's privacy policy.
• Apple Push Notification Service (APNs) — We use APNs to deliver scheduled notifications to your device. Your APNs device token is sent to Apple's servers to route notifications. No mission content or personal data is shared with Apple beyond what is required for delivery. Subject to Apple's privacy policy.

We do not use any analytics SDKs, advertising networks, crash reporting tools, or any other third-party trackers.

6. Notifications

Yap uses remote push notifications delivered via Apple Push Notification Service (APNs). When you start a mission, AI-generated notification messages are created on our server and scheduled for delivery at specific times. These notifications are sent from our server through APNs to your device.

To enable this, we store your APNs device token and timezone on our server. Notification content (the AI-generated messages) is stored server-side until delivered. We respect your quiet hours settings by checking your device's timezone before sending.

You can disable notifications at any time through your device's Settings app. If you revoke notification permissions, no further push notifications will be delivered.

7. Data storage & security

Mission data is stored in a Supabase PostgreSQL database with row-level security policies. Each device can only read and modify its own data, enforced via the device ID sent in request headers.

Local data on your device includes your settings, cached AI content, and your device ID (stored in the iOS Keychain for persistence).

8. Data retention & deletion

Your mission data is retained as long as you use the app. If you delete the app, your local data is removed. To request deletion of your server-side data, contact us at support@yap.fail and we will delete all data associated with your device ID.

9. Children's privacy

Yap is not intended for children under the age of 13. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us and we will delete it.

10. Your rights (GDPR)

If you are located in the European Economic Area, you have the right to access, correct, or delete your personal data. You also have the right to data portability and to object to processing. Contact us at support@yap.fail to exercise any of these rights.

11. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the date at the top of this page. Your continued use of Yap constitutes acceptance of any changes.