GDPR Compliant β€’ EU Servers

Privacy Policy

Effective Date: February 12, 2026

Introduction

At Midnight, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our iOS application. We are committed to transparency and compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

πŸ”’ We do not sell, trade, or rent your personal information to third parties.

1. Data We Collect

We collect minimal data necessary to provide our services. The information we collect includes:

  • β€’
    First Name β€” Optional display name used within the app
  • β€’
    In-App Progression Data β€” Game scores, quiz answers, mood history, wishlist items, calendar events, and other app-generated content
  • β€’
    Subscription Status β€” Your premium subscription tier and expiration date (managed via RevenueCat)
  • β€’
    Anonymous Analytics Events β€” Usage patterns, feature interactions, crash reports (no personal identifiers)
  • β€’
    Device Identifiers β€” Anonymous device ID for subscription validation (when applicable)

2. Authentication

We offer two secure authentication methods:

Sign in with Apple

Secure, private authentication with Apple's privacy-focused sign-in system

Anonymous Supabase Auth

No email required β€” create an account with just a unique identifier

3. Purpose of Data Processing

We use your data solely for the following purposes:

  • β†’ App Functionality β€” Enabling games, quizzes, and features to work correctly
  • β†’ Partner Linking β€” Connecting you with your partner's account for shared experiences
  • β†’ Progress Saving β€” Storing your game history, quiz results, and shared content
  • β†’ Subscription Validation β€” Verifying premium access and managing renewals
  • β†’ App Improvement β€” Anonymous analytics to understand feature usage and fix bugs

4. Third-Party Services

We use trusted third-party services to operate our app. Each provider is carefully selected for their security and privacy standards:

Supabase Database & Auth

Hosts our database and authentication services. Servers located in the EU (Frankfurt, Germany). All data is encrypted at rest and in transit.

RevenueCat Subscriptions

Manages in-app purchases and subscription status. Processes only minimal data required for subscription validation.

Apple Inc. Payments

Processes all payments through App Store In-App Purchases. We never see your payment information.

PostHog Analytics

Collects anonymous usage analytics only. No personal identifiers, names, or sensitive content is tracked.

5. Your GDPR Rights

As a user in the European Union (or as someone whose data is processed under GDPR), you have the following rights:

Right to Access

Request a copy of all data we hold about you

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data

Right to Portability

Receive your data in a structured format

Complaints: You have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des LibertΓ©s) in France if you believe your rights have been violated.

6. Data Retention

We retain your data only for as long as necessary to provide our services or as required by law:

  • β€’ Active Accounts: Data retained while your account is active
  • β€’ Deleted Accounts: All personal data deleted within 30 days of account deletion
  • β€’ Analytics: Anonymous data may be retained for up to 26 months for statistical purposes
  • β€’ Legal Requirements: Some data may be retained longer if required by applicable law

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • β€’ End-to-end encryption for data in transit (TLS 1.3)
  • β€’ AES-256 encryption for data at rest
  • β€’ Regular security audits and penetration testing
  • β€’ Strict access controls and authentication
  • β€’ EU-based servers with GDPR compliance

8. Children's Privacy

Midnight is intended for users aged 18 and older. We do not knowingly collect data from children under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately for deletion.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the app or via email. The "Effective Date" at the top of this page indicates when the policy was last updated.

10. Contact Us

For any privacy-related questions, data requests, or concerns, please contact us:

Email: privacy@getmidnight.app

We aim to respond to all privacy inquiries within 30 days.

By using Midnight, you agree to this Privacy Policy and our Terms of Service.