Privacy & Terms

Last updated: May 2026 (revised 2 June 2026)

Privacy Policy

1. Overview

Project Pan Journey ("we," "our," or "the app") is a beauty product tracking application. This Privacy Policy explains what information we collect, how we use it, where it is stored, and which third parties process it on our behalf.

This policy applies to the Project Pan Journey mobile app (iOS and Android) and to projectpanjourney.com.

2. Information We Collect

Account information

When you create an account we collect:

• Your email address (required to sign in)
• Your name (when provided at signup)
• An Apple identity token if you use Sign in with Apple. Apple's "Hide My Email" private relay address is supported; in that case we only ever see the relay address.

Beauty data you create in the app

The following are stored in our cloud database and linked to your account so they sync across sessions and devices:

• Product entries (name, brand, category, subcategory, price, dates, ratings, notes)
• Product photos and progress photos, stored in our private storage buckets
• "Project Pan" status, finished/empty status, and archive status
• Calendar entries (product use logs, routine logs)
• Custom routines and the products linked to them
• Currency and other in-app preferences

Subscription information

If you purchase or restore a subscription, we record the plan type, price, transaction identifier, and subscription start date. Payments themselves are processed by Apple or Google; we do not see or store your payment card details.

Device and usage data

To understand how the app is used and to improve it, we collect:

• Device type, operating-system version, and app version
• Behavioural events such as screen views, product create/update/delete actions, calendar interactions, routine actions, share actions, and paywall interactions
• Session Replay recordings: anonymised reconstructions of in-app sessions used for debugging and product improvement

Device and other identifiers

When you use Project Pan Journey, we may automatically collect certain unique device identifiers (such as Firebase Cloud Messaging (FCM) registration tokens, IP address, or device ID) from your device to identify your specific installation of the app. These identifiers are used solely to deliver, target, and manage push notifications and alerts relevant to your app activity and functionality.

Beta (TestFlight) data

If you use the beta version through Apple TestFlight, Apple may collect crash reports and usage statistics in accordance with their Privacy Policy.

Website data

projectpanjourney.com loads a product analytics script (PostHog) that records page views, clicks, referrer information, and basic device/browser metadata. We do not run advertising or third-party retargeting pixels on the site.

Install attribution fingerprint

When you tap an App Store or Google Play link on projectpanjourney.com, we record a short-lived fingerprint to attribute your eventual app install to the marketing campaign that brought you to us. The fingerprint consists of:

• A one-way HMAC-SHA256 hash of your IP address; we never store the raw IP
• Your browser user-agent, screen size, language, and time zone
• The UTM campaign parameters from the URL you clicked

When you first open the app, the same device sends its own fingerprint and we compare it against the click record to identify the source campaign. The fingerprint rows are stored in our Supabase project (EU) and automatically deleted after 7 days. We rely on this as a legitimate-interest basis for marketing attribution; the data is not combined with any third-party profile and is not shared with advertisers.

3. Third-Party Services (Sub-processors)

We rely on the following processors to operate the app and website:

• Supabase: account authentication, database, and photo storage. Hosted in the EU.
• PostHog: product analytics and session replay. The mobile app sends data to the US region; the website sends data to the EU region.
• Apple: Sign in with Apple, App Store delivery, and TestFlight beta distribution.
• Apple App Store and Google Play: subscription billing and receipt validation.
• Google Firebase Cloud Messaging (FCM): push notification delivery on Android and iOS. We share your FCM registration token with Google solely to route notifications to your specific device installation.

We may share your device identifier with trusted third-party service providers (such as Google Firebase Cloud Messaging) to facilitate the delivery of push notifications. These providers are bound by strict confidentiality agreements and do not use your data for any other purpose.

We do not sell your personal data and we do not share it with advertising networks.

4. How We Use Your Data

• Operating the app (syncing your products, photos, routines, and calendar across devices)
• Creating, authenticating, and recovering your account
• Understanding usage patterns to improve features
• Diagnosing crashes and reproducing bug reports via session replay
• Managing subscriptions and entitlements
• Responding to support requests
• Push notifications: we use device identifiers (such as FCM tokens) solely to deliver, target, and manage push notifications and alerts relevant to your app activity and functionality
• Install attribution: we match a hashed, short-lived fingerprint of the click on our website to the same device opening the app, so we can tell which marketing campaign brought you to us

5. Data Retention and Deletion

We keep your data for as long as your account is active.

To delete your account and all associated data (products, photos, calendar entries, routines, and your analytics identity), please email support@projectpanjourney.com. We will action the request within 30 days. Self-serve deletion inside the app is on our roadmap.

Uninstalling the app removes locally cached data from your device but does not delete data already stored in our cloud; to remove that data, use the email request above.

6. Your Rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, or to object to certain processing. To exercise any of these rights, email support@projectpanjourney.com.

If you are in the EU, UK, or EEA, our lawful bases for processing are: performance of a contract (operating the app for you), our legitimate interests (improving the product and preventing abuse), and consent (where required, e.g. for non-essential analytics cookies on the website). Personal data transferred outside the EU/EEA, for example to PostHog's US region for mobile analytics, is covered by Standard Contractual Clauses or equivalent safeguards offered by the processor.

7. Children's Privacy

The app is intended for users aged 16 and over. We do not knowingly collect personal data from children below this age (under 13 in the United States). If you believe a child has provided us with personal data, please contact us and we will delete it.

8. Security

We use HTTPS for data in transit and access controls on our cloud database. No system is perfectly secure, so please use a strong, unique password and enable device-level protections (passcode, biometrics).

9. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated in the app or by email.

10. Contact

If you have any questions or requests about this Privacy Policy, please contact us at support@projectpanjourney.com.

Terms of Use

By downloading and using Project Pan Journey, you agree to the following.

Using the app

The app is provided for personal, non-commercial use to help you track and manage products you own. You agree not to misuse the service, attempt to disrupt it, or reverse-engineer it.

Your content

You retain ownership of the collection data you create. You grant us the limited permission needed to store, sync, and display that data back to you within the app.

Availability & changes

We may update, pause, or discontinue features over time. We'll do our best to give notice of significant changes. The app is provided "as is" without warranties of any kind.

Contact

Questions about these terms? Reach us at support@projectpanjourney.com.