Rumora — Privacy Policy

Last updated: 2026-05-25

This Privacy Policy describes how Rumora ("we", "our", "the app") collects, uses, and shares your information when you use the Rumora mobile app and the rumora.io website (together, the "Service").

If you only have a minute, the short version: we collect the minimum needed to make the app work, we don't sell data, and you can delete your account from inside the app at any time.

---

1. Who runs Rumora

Rumora is built and operated by an individual developer based in India.

• Support and privacy contact: hello@rumora.io
• Website: https://rumora.io

If you contact us about privacy, expect a reply within 7 days.

---

2. What we collect

Account data

When you sign in, we collect:

• Your email address (for magic-link sign-in)
• Your Apple or Google account identifier (only the opaque ID, not your password)
• A display name if you choose to provide one

We do not collect your phone number, real-world address, payment information, or biometric data.

Usage data

When you use the app, we collect:

• The topics you follow
• Contributions you submit (flags, corroborations, notes on rumors)
• Device push-notification tokens (only if you grant notification permission)
• Anonymous crash reports (via Sentry — names and email are not attached)

Purchase data

If you subscribe to Rumora Pro:

• Apple App Store or Google Play handles your payment directly. We never see your card.
• We receive only an opaque purchase identifier from RevenueCat so we can unlock Pro features for your account.

---

3. How we use it

We use your data to:

• Sign you in and keep your account secure
• Show you a personalised feed of rumors and journalist scores
• Send push notifications you've opted into
• Diagnose crashes and bugs (Sentry)
• Process subscription purchases (Apple, Google, RevenueCat)

We do not:

• Sell your data to advertisers
• Build advertising profiles
• Share your data with any third party for marketing
• Use your reading history to train AI models

---

4. Who we share it with

We use these third-party processors, each only for what's needed to run the Service:

Processor	What they see	Why
Supabase (Postgres, Auth)	Email, follows, contributions	Database, sign-in
Fly.io	Encrypted HTTP requests to our backend	Hosting
Anthropic	Topic names and rumor headlines we ask AI to score (no personal identifiers)	AI scoring
Voyage AI	Topic names for embedding (no personal identifiers)	Topic deduplication
RevenueCat	Your anonymous app-user ID + Apple/Google purchase identifier	Subscription management
Apple / Google	Sign-in identifier, subscription purchases	Auth, payments
Firebase Cloud Messaging	Anonymous push-notification token	Push delivery
Resend	Your email address (when we send a magic-link)	Sign-in emails
Sentry	Anonymous crash reports	Diagnostics

Each of these has their own privacy policy. We've chosen processors that we believe handle data responsibly. If a processor has a security incident that affects your data, we'll notify you within 7 days.

---

5. Where your data lives

• Database and authentication: Supabase Cloud, US East region (subject to change with notice)
• Backend services: Fly.io, primary region us-east
• Push tokens: Google FCM
• Email: Resend

If you're in the EU, UK, or India and want your data hosted in your region, contact us — we'll move it.

---

6. How long we keep it

• Account data: until you delete your account
• Crash reports: 90 days
• Push tokens: until your device's token expires or you sign out
• Backend logs: 30 days

When you delete your account from Settings → Delete account, we delete your row from the database within 24 hours. Backups are purged within 30 days.

---

7. Your rights

You can, at any time:

• See what data we have on you (email hello@rumora.io)
• Correct any data we have on you (most can be edited in Settings)
• Delete your account and all associated data (Settings → Delete account, or email us)
• Export your data (email hello@rumora.io and we'll send a JSON dump within 7 days)

If you're in the EU, UK, India, California, or other jurisdictions with data-subject rights laws, those apply too — you have the right to lodge a complaint with your local data protection authority.

---

8. Children

Rumora is rated 13+ and we don't knowingly collect data from users under 13. If you believe a child under 13 has signed up, email hello@rumora.io and we'll delete the account.

---

9. Changes to this policy

If we materially change this policy, we'll notify you in the app and on rumora.io/privacy. Continued use after a change means you accept the new policy.

---

10. Contact

hello@rumora.io

For data-deletion requests, please use the in-app Delete account option for fastest results.