Privacy Policy

Last updated: August 25, 2024

1. Introduction and Legal Basis

Christopher G. Bray ("we," "our," "us," or "I") operates the Unfinished-Work mobile application and related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, process, and protect your information when you use our Service.

This Privacy Policy explains how we collect, use, and protect your information when you use Unfinished-Work. We are committed to protecting your privacy and will update this policy as our practices evolve.

Legal Basis for Processing: We process your personal data based on:

  • Contract Performance: To provide and maintain our Service
  • Legitimate Interest: To improve our Service and ensure security
  • Consent: Where you have provided explicit consent
  • Legal Obligation: To comply with applicable laws

Data Controller: Christopher G. Bray is the data controller for personal data collected through our Service. For questions about this policy, contact us at privacy@unfinished-work.com.

2. Information We Collect and Process

2.1 Personal Data You Provide

  • Account Information: Name, email address, username, and profile information
  • User-Generated Content: Posts, project descriptions, comments, and messages you create
  • AI Interaction Data: Questions, feedback requests, project context, and prompts you share with our AI services
  • Communication Data: Support requests, feedback, and correspondence with our team
  • Payment Information: Subscription details and billing information (processed securely by third-party payment processors)

2.2 Automatically Collected Data

  • Usage Analytics: App interactions, feature usage, and user behavior patterns
  • Device Information: Device type, operating system version, app version, unique device identifiers, and IP address
  • Performance Data: App performance metrics, crash reports, and error logs
  • Location Data: General location information (city/country level) for service optimization

2.3 Third-Party Data Sources

  • Authentication Services: Information from Apple Sign-In, Google Sign-In, or other authentication providers
  • Social Media Integration: Public profile information when you connect social accounts

3. How We Use and Process Your Information

We use your personal data for the following purposes, as permitted by applicable law:

3.1 Service Provision and Operation

  • Core Services: Provide AI coaching, project insights, social networking features, and content management
  • Account Management: Create and maintain your account, process payments, and manage subscriptions
  • Content Delivery: Display your posts, manage privacy settings, and facilitate social interactions
  • Technical Support: Respond to support requests and resolve technical issues

3.2 Service Improvement and Development

  • AI Enhancement: Improve AI models, personalize responses, and optimize user experience
  • Feature Development: Analyze usage patterns to develop new features and improve existing ones
  • Performance Optimization: Monitor app performance, identify issues, and optimize functionality
  • User Experience: Personalize content recommendations and interface customization

3.3 Legal and Security Purposes

  • Security: Protect against fraud, abuse, and unauthorized access
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes
  • Rights Protection: Protect our rights, property, and safety, as well as those of our users
  • Dispute Resolution: Resolve disputes and enforce our terms of service

4. Social Networking and User-Generated Content

Unfinished-Work includes social networking features that allow users to create posts, follow other creators, and interact within the community. This section explains how we handle social interactions and user-generated content.

4.1 User-Generated Content and Posts

  • Content Creation: Users can create posts about their projects, share progress updates, and publish content
  • Content Ownership: You retain ownership of content you create, but grant us license to display and distribute it
  • Privacy Controls: Users can choose between public and private post visibility
  • Content Moderation: We reserve the right to remove content that violates our community guidelines
  • Content Storage: Your posts and content are stored on our secure servers and may be cached for performance

4.2 Social Networking Features

  • Following System: Users can follow other creators to see their posts in their feed
  • Profile Information: Basic profile information (username, bio, project interests) is visible to other users
  • Social Interactions: Users can like, comment on, and share posts (based on privacy settings)
  • Discovery Features: Users may appear in search results and discovery feeds
  • Network Analytics: We may analyze social connections to improve recommendations

4.3 Privacy Settings and Control

  • Post Privacy: Choose between public (visible to all users) and private (visible only to you)
  • Profile Visibility: Control who can see your profile and follow you
  • Search Privacy: Opt out of appearing in search results and discovery features
  • Interaction Controls: Limit who can comment on or interact with your posts
  • Data Sharing: Control how your data is used for social features and recommendations

4.4 Community Guidelines and Content Moderation

  • Content Standards: All content must comply with our community guidelines and terms of service
  • Moderation Process: We review reported content and may remove posts that violate our policies
  • User Reporting: Users can report inappropriate content or behavior
  • Appeal Process: Users can appeal content removal decisions
  • Account Suspension: Repeated violations may result in temporary or permanent account suspension

5. AI Services and Third-Party Processing

5.1 OpenAI Integration and Data Processing

Our Service integrates with OpenAI's GPT models to provide AI coaching and insights. When you interact with our AI features:

  • Data Transmission: Your project context, questions, and prompts are transmitted to OpenAI's servers for processing
  • Third-Party Processing: OpenAI processes your data according to their Privacy Policy and Terms of Service
  • Data Minimization: We only send the minimum data necessary for AI processing
  • No Permanent Storage: We do not permanently store your AI conversations or prompts
  • Response Generation: AI responses are generated based on your input and OpenAI's trained models

5.2 Data Retention and Processing Limits

  • Temporary Storage: AI interaction data is temporarily stored for up to 30 days for service quality improvement
  • Automatic Deletion: All AI interaction data is automatically deleted after 30 days
  • Aggregated Analytics: We may retain anonymized, aggregated usage statistics for service improvement
  • User Control: You can request immediate deletion of your AI interaction data at any time

5.3 Third-Party Service Providers

We use the following third-party services that may process your data:

  • Firebase (Google): Authentication, database, and analytics services
  • OpenAI: AI processing and response generation
  • Payment Processors: Secure payment processing through Apple App Store and Google Play Store
  • Cloud Services: Data storage and hosting infrastructure

Each third-party service has its own privacy policy and data processing practices. We recommend reviewing their policies for complete information.

6. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your information in the following limited circumstances:

6.1 Service Providers and Business Partners

  • Essential Services: Third-party providers necessary for Service operation (hosting, analytics, payment processing)
  • AI Processing: OpenAI for AI feature functionality
  • Data Processing Agreements: All service providers are bound by strict data processing agreements
  • Limited Access: Providers only access data necessary for their specific service

6.2 Social Network Data Sharing

  • Public Content: Posts you make public are visible to all users and may be indexed by search engines
  • Profile Information: Basic profile details (username, bio, project interests) are visible to help users discover you
  • Social Interactions: Your likes, comments, and follows are visible to other users based on privacy settings
  • Network Visibility: Your social connections (who you follow) may be visible to other users
  • Content Discovery: Your public posts may appear in other users' feeds and discovery features

6.3 Legal and Regulatory Requirements

  • Legal Compliance: When required by applicable law, regulation, or legal process
  • Government Requests: In response to valid government requests, subpoenas, or court orders
  • Rights Protection: To protect our rights, property, or safety, or that of our users or the public
  • Fraud Prevention: To investigate, prevent, or take action regarding illegal activities or fraud

6.4 Business Transfers and Corporate Changes

  • Merger or Acquisition: In connection with a merger, acquisition, or sale of assets
  • Corporate Restructuring: During corporate reorganization or restructuring
  • Successor Entity: To any successor entity in the event of a merger or acquisition
  • User Notification: We will notify users of any such changes and provide options for data handling

6.5 User Consent and Control

  • Explicit Consent: When you have provided explicit, informed consent for specific sharing
  • Public Content: Content you choose to make public may be visible to other users
  • Revocable Consent: You can withdraw consent for data sharing at any time

7. Data Security

We implement industry-standard security measures to protect your personal data:

  • Transport Security: All data transmission uses HTTPS encryption and secure connections
  • Biometric Authentication: Face ID/Touch ID for secure app access and data protection
  • Database Security: Firebase security rules control access to user data and content
  • Secure Storage: Sensitive data stored using Expo's secure storage APIs
  • Access Controls: Limited access to user data by authorized personnel only

8. Your Data Rights

You can contact us to request access to, correction of, or deletion of your personal data. We will respond to reasonable requests in accordance with applicable law.

9. Children's Privacy and Age Restrictions

Age Requirement: Unfinished-Work is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Age Verification: During account creation, we collect your date of birth to verify you are 13 or older. Users under 13 cannot create accounts or use our Service.

COPPA Compliance: We comply with the Children's Online Privacy Protection Act (COPPA). If we discover we have collected information from a child under 13, we will delete it immediately and notify parents or guardians.

10. Data Retention and Deletion

AI Interaction Data: Your AI conversations, prompts, and project context are temporarily stored for up to 30 days to improve service quality and then automatically deleted.

User Content: Posts and project content you create are retained until you delete them or close your account.

Account Data: Basic account information is retained while your account is active and for a limited period after deletion for legal compliance.

Data Deletion: You can request immediate deletion of your data at any time by contacting us. Account deletion will permanently remove all associated data within 30 days.

11. Changes to This Privacy Policy

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page and, where appropriate, through in-app notifications.

12. Contact Us

For privacy questions or data requests, contact us at privacy@unfinished-work.com

Data Requests: For data access, correction, or deletion requests, please email us with "Data Request" in the subject line and include your username or email address.

Response Time: We will respond to all privacy-related inquiries within 48 hours and complete data requests within 30 days.