Back to Home

Privacy Policy

Last updated: April 27, 2026

1. Introduction

Welcome to Odyra ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

By using Odyra, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

  • Account Information: Email address, username, display name, profile picture (optional), and password (stored as a salted hash).
  • Location Data: Only with your permission, we may access approximate location to power location-based adventure recommendations. You can revoke location permission any time from your device settings.
  • Usage Data: Information about how you interact with the app — adventures started and completed, journal entries, streak history, mood check-ins, preferences, and feature usage.
  • User Content: Photos, notes, mood ratings, and other content you create and upload when completing adventures.
  • Device Information: Device type, operating system version, device identifiers, app version, and crash telemetry.
  • Purchase Information: Subscription tier and status for Odyra Pro (payment card details are handled solely by Apple or Google and are not stored by us).
  • Communications: Emails you send to our support team, in-app feedback, and content of any interactions with customer support.

3. How We Use Your Information

  • Provide, operate, and improve the Service
  • Personalize adventure recommendations and Daily Sparks
  • Enable social features (feed, "Will do too!" interactions)
  • Calculate streaks, award badges, and track milestones
  • Send push notifications (reminders, streak updates) — you can opt out any time
  • Detect, prevent, and address fraud, abuse, or security incidents
  • Analyze aggregated usage to improve the product
  • Comply with legal obligations and enforce our Terms of Service

4. Legal Basis (EEA / UK Users)

If you are in the European Economic Area, the UK, or another region with equivalent law, we rely on these legal bases under the GDPR / UK GDPR:

  • Contract (Art. 6(1)(b)): To provide the Service you agreed to when creating an account.
  • Consent (Art. 6(1)(a)): For location, marketing emails, and other optional processing.
  • Legitimate interest (Art. 6(1)(f)): For product analytics, security, and fraud prevention.
  • Legal obligation (Art. 6(1)(c)): Where law requires us to retain or disclose data.

5. Third-Party Processors

We use the following vetted third parties to operate the Service. Each is contractually required to protect your data and may process it only on our instructions:

  • Supabase — database, authentication, and file storage. Data hosted in AWS (EU region).
  • Sentry — crash reporting and performance monitoring. Error payloads do not include user content or credentials.
  • Apple & Google — authentication (Sign in with Apple / Google) and subscription billing.
  • Expo / EAS — over-the-air app updates and push notification delivery (APNs / FCM).

We never sell your personal data.

6. Data Retention

  • Account data: Retained for as long as your account is active.
  • After account deletion: Permanently deleted within 30 days. Backups are purged within 90 days. We may retain limited records to comply with legal obligations (e.g. tax, fraud prevention).
  • Crash logs: Automatically purged after 90 days.
  • Anonymized analytics: May be retained indefinitely, as they cannot be linked back to you.

7. International Data Transfers

Your data may be processed in countries outside your home jurisdiction. Where we transfer data internationally, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards required by applicable law.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access a copy of your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten") — you can delete your account in-app at any time
  • Port your data to another service
  • Withdraw consent for processing based on consent
  • Object to or restrict certain types of processing
  • Opt out of marketing communications
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@odyra.app. We respond within 30 days.

9. California Privacy Rights (CCPA / CPRA)

California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of the "sale" or "sharing" of their personal information. We do not sell or share personal information as those terms are defined under California law. To exercise your rights, email privacy@odyra.app.

10. Children's Privacy

Odyra is not directed to children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

11. Data Security

We use TLS encryption in transit and AES-256 at rest. Row-Level Security (RLS) policies ensure users only access their own records. We conduct periodic security reviews and follow industry best practices. No system is perfectly secure — in the event of a data breach affecting your information, we will notify you and the appropriate authorities as required by law.

12. Cookies & Tracking

The Odyra mobile app does not use web cookies. Our website (odyra.app) uses essential cookies for session management and may use privacy-respecting analytics. We do not use cross-device advertising tracking.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via in-app notification or email before taking effect. The most current version is always available on this page.

14. Contact Us

Questions about this Privacy Policy? Contact our Data Protection team at privacy@odyra.app.