Privacy Policy

1. Scope

This policy applies to the Pima iOS app and the data practices described here. It does not govern third-party websites, services, or stores that we link to (for example, retailers or product pages opened in Safari).

2. Information we collect

2.1 Account and profile information

Depending on how you sign in or register, we may collect:

• Apple Sign In: Apple user identifier, and when Apple provides them: email, given name, and family name. Apple may limit what is shared after the first sign-in.
• Email-based registration (if offered): Email address, first name, last name, and any information you provide in profile or account screens.
• Profile photo: Image data you choose to add to your profile, stored with your account data.

We use this information to create and maintain your account, personalize the app, and provide support.

2.2 Project and space data (stored on your device)

Pima is built to help you plan and estimate home projects. Much of your content is stored locally on your device using Apple’s on-device storage (SwiftData), including for example:

• Project names, dates, notes, addresses, and related metadata
• Room scans, measurements, surface selections, products, estimates, and similar project content
• Images you attach (for example, project backgrounds or photos you choose from your library or camera)

This data remains on your device unless you use features that send data to our servers or third parties as described below.

2.3 Analytics and product usage

To improve the app, we may collect usage and performance information, including:

• App opens, screen views, feature usage, and error events
• Performance metrics (for example, duration of certain operations)
• Product search analytics when you search for products (for example, query text, filters, result counts, and selections), to understand how search is used and improve results

These events may be associated with an internal user identifier we receive after syncing your account with our backend (see Section 3). We do not use this information to sell your personal data.

2.4 Backend account sync (Supabase)

When you sign in (for example with Apple), we may sync a limited profile record to our backend (hosted on Supabase) so we can:

• Identify your account across sessions for analytics and support
• Store last seen timestamps and app version where our implementation supports it

Fields may include: Apple user identifier, email (if provided), name fields, timestamps, and app version. Our backend uses industry-standard access controls; see Supabase’s documentation for their security practices.

2.5 Optional third-party APIs (only when you use those features)

If you use features that rely on external services, relevant data may be sent to those providers under their terms and policies:

• AI / floor-plan or image analysis (e.g., Google Gemini, Anthropic, or on-device Apple technologies): Images or prompts you submit for analysis may be transmitted to the provider you select or that the feature uses. Do not submit images you are not allowed to share.
• Product search (e.g., SerpApi / retailer data): Search queries and related parameters may be sent to retrieve product information. API keys for paid services are configured by you or us per build; query text may appear in provider logs per their policies.
• Optional stock imagery (e.g., Unsplash): If configured, the app may request images by category; your general usage may be subject to the provider’s terms.
• Location and weather (where enabled): Approximate location or address-related data you enter may be used for weather, tax estimates, or mapping as described in the app. System permission prompts explain each use.

We only send what is reasonably necessary to provide the feature you trigger.

2.6 Device and app metadata

We may collect:

• App version and build number
• Session identifiers used for analytics
• Device-local preferences (for example, units, theme) stored on device

3. How we use information

We use the information above to:

• Provide, maintain, and improve Pima
• Authenticate you and keep your account secure
• Run analytics and performance measurement to fix bugs and prioritize features
• Fulfill optional features you choose (AI analysis, product search, weather, etc.)
• Comply with law and respond to valid legal requests

We do not sell your personal information as defined under applicable U.S. state privacy laws.

4. Legal bases (where applicable)

If GDPR or similar laws apply, we rely on:

• Performance of a contract — providing the app and features you request
• Legitimate interests — securing the service, analytics, and improvement (balanced against your rights)
• Consent — where required for optional processing (for example, certain permissions or marketing, if we add them)

5. Sharing of information

We may share information with:

• Service providers who host our backend (e.g., Supabase), analytics, or infrastructure, under contractual obligations
• AI, search, and media providers when you use those features, as described in Section 2.5
• Law enforcement or others when required by law or to protect rights and safety

We do not share your on-device project content with advertisers for targeted advertising.

6. Data retention

• On-device data remains until you delete the app, delete content in the app, or erase the device.
• Server-side analytics and profile data are retained as needed for analytics, security, and legal compliance, then deleted or aggregated according to our internal schedules.
• You may request deletion of server-held data where applicable (see Section 9).

7. Security

We use reasonable technical and organizational measures, including encryption in transit for network requests where supported, access controls on our backend, and secure handling of API keys in release builds. No method of storage or transmission is 100% secure.

8. Children’s privacy

Pima is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

9. Your choices and rights

Depending on where you live, you may have the right to:

• Access a copy of personal information we hold
• Correct inaccurate information
• Delete your account or certain data
• Object or restrict certain processing
• Port data in a machine-readable format
• Withdraw consent where processing is consent-based

In-app deletion: If the app offers account deletion, you may use it to remove your account and associated data we control, subject to legal retention needs.

Apple Sign In: You can manage Apple Sign In through your Apple ID settings.

To exercise rights, contact pimatech@protonmail.com with your request and enough information to verify your identity.

10. International users

Our servers and service providers may be located in the United States or other countries. By using Pima, you understand that your information may be transferred to and processed in countries that may have different data protection laws than your country.

11. California residents (summary)

If the California Consumer Privacy Act (CCPA/CPRA) applies, you have additional rights, including to know categories of personal information collected, to delete personal information, and to opt out of “sale” or “sharing” for cross-context behavioral advertising. We do not sell personal information in the conventional sense; analytics may use identifiers as described above. Contact us to exercise rights.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the new version in the app or at https://pima.build/privacy (and our Terms of Use at https://pima.build/terms when relevant) and update the “Last updated” date. Continued use after changes constitutes acceptance of the updated policy where permitted by law.

13. Contact

Questions about this Privacy Policy or our data practices:

Email: pimatech@protonmail.com