Privacy Policy

Throwback (we, our, or us) operates the Throwback mobile application and website (collectively, the Service). This policy explains what information we collect, how we use it, and your rights regarding that information.

By using the Service, you agree to the collection and use of information as described here.

Account information: When you sign in, we collect your email address via a magic link. We do not collect passwords.

Memory content: We store the titles, stories, dates, location names, and cover images you create. We also store the links you add to memories (URLs to third-party services like Instagram, Google Photos, or iCloud). We never access those services on your behalf.

Location data: If you drop a pin on the map when creating a memory, we store the latitude and longitude you select. We do not collect your device GPS location.

NFC tags: We write a URL to NFC tags you pair with memories. We do not read any data from existing tags beyond the URL we wrote.

Usage data: We may collect basic usage information such as page views, to help us understand how the Service is used.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate you and secure your account
• Send you the magic link email you requested
• Store and display your memories to you and, when public, to anyone with the link

We do not sell your personal information to third parties.

Your data is stored securely on Supabase infrastructure. We use industry-standard encryption in transit (TLS) and at rest. Row-level security ensures you can only access your own data through the API.

Cover images you upload are stored in Supabase Storage and served via a public CDN URL. Do not upload images you do not want to be potentially accessible via a direct URL.

When you create a memory, it is public by default. Anyone with the URL (e.g. throwback.today/m/your-slug) can view the memory title, story, date, location, cover image, and any links you added. If you do not want a memory to be publicly viewable, do not share its URL or write it to an NFC tag.

We use the following third-party services to operate Throwback:

• Supabase for database, authentication, and file storage
• Vercel for web hosting and deployment
• CartoDB and OpenStreetMap for map tiles on the landing page

Links you add to memories point to third-party services (Instagram, Google Photos, etc.). We do not have access to those accounts and are not responsible for their privacy practices.

We retain your account and memories for as long as your account is active. You can delete individual memories at any time from within the app. You can also permanently delete your entire account, including all memories and uploaded covers, from the account menu in the app. If you need help, contact us at the address below.

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with their information, please contact us and we will delete it.

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Request deletion of your information
• Object to our processing of your information

To exercise any of these rights, contact us at the address below.

We may update this policy from time to time. We will notify you of material changes by updating the Last updated date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

For questions about this privacy policy or your data, contact us at:

rohan@throwback.today