Privacy Policy

Effective date: April 6, 2026 · Last updated: May 28, 2026 (v2026-05-28)

Huntify (“we”, “us”, or “our”) is a mobile application for hunters worldwide, operated by Tanum Studio AS, a company registered in Norway. This Privacy Policy describes what information we collect, how we use it, and your rights over your data. By using Huntify you agree to the practices described here.

Data Controller

The data controller for personal data processed via Huntify is Tanum Studio AS, Norway. For privacy-related enquiries, data export requests, account deletion, or any rights under GDPR / personopplysningsloven, contact support@huntify.net.

1. Information We Collect

We collect information you provide directly:

• Account: email address and password (stored and managed by Supabase Auth)
• Profile: first name, last name, username, bio, country of residence, profile photo
• Harvest entries: species, date, time, weight, sex, hunting ground name, notes
• Media: photos and videos you attach to harvest entries (up to 5 per entry)
• Weapons: brand, model, calibre, nickname, serial number, weapon type
• Team information: team name, membership, invitations

We collect information automatically when you use the app:

• GPS location data when you create a harvest entry. Precise coordinates are stored for your own entries and entries shared with accepted followers. Publicly visible entries use fuzzy coordinates (rounded to a ±5–10 km grid) to protect your hunting locations.
• We remove GPS and device metadata (EXIF) from every photo before upload, so your camera's recorded location is never stored on our servers (GDPR Art. 5(1)(c) — data minimisation).
• Environmental context at the time of a harvest: temperature, barometric pressure, wind speed and direction, moon phase — fetched automatically and attached to the entry.
• Push notification token — collected once you grant notification permission, used solely to deliver activity alerts (likes, comments, follow requests). To send notifications we register your token with Expo, which forwards payloads to Apple (APNs) or Google (FCM). These providers process delivery metadata on servers that may be outside the EEA under their standard contractual clauses.
• Map tile requests — when you view a map, your IP address and the specific tiles you request are sent to the tile provider (OpenFreeMap or Esri). Weather requests are sent to Open-Meteo (open-meteo.com) with the coordinates of the harvest location.

1b. Live Hunts, Tracks and Share Links

When you start a live hunt, we record your GPS position, speed, bearing and battery level at short intervals for the duration of the session. You choose who sees it: only you, your team, your friends, or everyone. You can stop sharing at any time. Live positions are deleted within 24 hours of session end.

Your movement track during a hunt is stored so you can review your route afterwards. Tracks are kept for 90 days and then automatically deleted. You can delete any track earlier from the session screen.

You can generate a share link for a hunt. Anyone with the link can view a public summary with fuzzy (approximate) coordinates. Links expire after 30 days by default and can be revoked at any time from the session share settings. Revoked links stop working immediately.

Proximity awareness alerts you when another live-sharing hunter is near. This is a convenience feature — it depends on GPS, battery and connectivity and will miss or misreport nearby hunters. It is not a safety device and does not replace safe firearm handling or visual target identification.

2. How We Use Your Information

• Provide and operate the Huntify service
• Display your harvest entries on your profile, the social feed, and the map
• Enable social features: follows, likes, comments, @mentions, team collaboration
• Identify species from photos using AI (premium feature — see Section 5)
• Send push notifications for social activity you have opted into
• Process premium subscriptions and verify entitlements
• Display statistics about your hunting history
• Moderate content and respond to reports

3. Visibility and Sharing

Each harvest entry has a visibility tier you choose at the time of logging:

• Me — visible only to you. Precise GPS coordinates stored.
• Friends — visible to users you have accepted as followers. Precise GPS coordinates stored.
• Everyone — visible to all users and the public map. Only fuzzy coordinates are shown.

Team-tagged entries are additionally shown on that team's private map tab. They do not appear on the main public map or on other teams' maps.

Your profile (username, bio, country, avatar, harvest counts) is publicly visible.

4. Data Storage and Security

All data is stored in a Supabase-hosted PostgreSQL database (EU region). Row-level security (RLS) policies enforce that users can only read data they are authorised to see. Media files are stored in Supabase Storage with access controls matching the entry's visibility tier.

Weapon serial numbers are stored separately from the rest of the weapon record and are only readable by the owner. API keys and secrets are never bundled in the app binary — they are injected at build time via EAS Secrets.

We use industry-standard HTTPS for all data in transit. No data is stored in plaintext on your device beyond the local offline queue, which is cleared after successful sync.

5. Third-Party Services

• Supabase (supabase.com) — database, authentication, and file storage. Your email and profile data is processed by Supabase. See supabase.com/privacy.
• OpenAI (openai.com) — premium AI species identification. When you upload a photo for AI identification, the image is sent to OpenAI's API (gpt-4o-mini) via a Supabase Edge Function. The image is not stored by OpenAI beyond the duration of the request. See openai.com/policies/privacy-policy.
• RevenueCat (revenuecat.com) — subscription management for Huntify Premium. Purchase receipts are processed by RevenueCat to verify entitlements. See revenuecat.com/privacy.
• Google AdMob (admob.google.com) — advertising in the feed when ads are enabled. AdMob may collect device identifiers, IP address, and ad-interaction data per your consent choices. In the EEA we obtain consent through the in-app Google UMP form before any ads load; you can change your choice at any time via Settings → Reset ad consent. See policies.google.com/technologies/ads.
• Sentry (sentry.io) — crash and error reporting. When the app crashes or hits an unhandled error, a stack trace, app version, and device model are sent to Sentry. We disable IP capture and personal-data sampling. See sentry.io/privacy.
• Expo / Expo Push Notifications (expo.dev) — delivery of push notifications. Your Expo push token is stored on our server and sent to Expo's push service when a notification is triggered. See expo.dev/privacy.
• OpenTopoMap / Esri — topographic and satellite map tiles. Tile providers may log your IP address when serving tiles per their respective privacy policies.

6. Crew Tagging

When another hunter logs a harvest during a live hunt session you joined, they may tag you on that harvest. Tagging means your username appears on the harvest record at the privacy tier the logger chose (Me / Friends / Everyone). You will receive a push notification when you are tagged and can remove yourself from the harvest at any time via the crew sheet on the harvest detail screen. We obtain your consent for crew-tag eligibility when you accept a hunt invitation.

7. Children's Privacy

Huntify is not directed to children under the age of 13. We do not knowingly collect personal information from users under 13. Users between 13 and 15 (the digital-consent floor varies by EEA country) should obtain parental permission before signing up. If you believe a child has created an account, contact us and we will delete it promptly.

8. Data Retention

Your data is retained for as long as your account is active, with these exceptions:

• Harvests, photos, weapons — kept while your account exists
• Hunt tracks — 90 days, then automatically deleted
• Live positions — 24 hours after a session ends
• Share tokens — default 30 days; revoked links are kept 7 days then deleted
• Push notification token — rotated on reinstall or uninstall
• Audit and moderation logs — 12 months
• Database backups — 30 days after account deletion

If you delete your account, your profile, harvest entries, media, and weapon records are permanently deleted within 30 days (backups expire within the following 30 days). Social data (likes, comments) may be anonymised rather than deleted where it is part of another user's record.

9. Your Rights

Depending on your country of residence (EEA / UK / Norway), you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data via the Edit Profile screen
• Delete your account and all associated data via Settings → Delete account
• Export your data via Settings → Export my data (in-app, machine-readable JSON)
• Object to or restrict certain processing
• Withdraw consent for ads at any time via Settings → Reset ad consent
• Withdraw consent for notifications at any time via device settings
• Lodge a complaint with your data protection authority (in Norway: Datatilsynet)

For requests we cannot resolve via the in-app tools above, contact us at privacy@huntify.net. We will respond within 30 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify you via a push notification or an in-app notice. The “Last updated” date at the top of this page reflects the most recent revision.

11. Contact

For questions about this policy or your data, contact us at:

privacy@huntify.net