Privacy Policy

Effective Date: February 8, 2026 · Last Updated: February 8, 2026

Aeonis LLC ("Aeonis," "we," "us," or "our"), a Wyoming-based company, operates the Aeonis mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App, including the services provided by our backend infrastructure and third-party partners.

1. Information We Collect

Account Information: When you create an account, we collect your email address, username, display name, profile photo, and date of birth.

User Content: We collect the content you create, upload, or share through the App, including posts, comments, photos, videos, and messages.

Usage Data: We automatically collect information about how you interact with the App, including pages viewed, features used, timestamps, and session duration.

Device Information: We collect device type, operating system version, unique device identifiers, IP address, and general location data (city/region level).

Log Data: Our servers automatically record information including your IP address, browser type, referring/exit pages, and server logs.

Push Notification Tokens: We collect Firebase Cloud Messaging (FCM) tokens and Apple Push Notification (APN) tokens to deliver push notifications you have opted into. These tokens enable us to send you personalized notifications.

Crash and Diagnostic Data: We collect crash logs, diagnostic data, and app state information through Firebase Crashlytics to help us identify and fix bugs, improve performance, and ensure app stability.

In-App Purchase History: We collect information about in-app purchases you make, including transaction IDs, purchase amounts, dates, and subscription status through the Apple App Store and Google Play.

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the App
Create and manage your account
Display your content to other users as directed by your privacy settings
Send you technical notices, updates, and support messages
Send you push notifications you have opted into
Process payments and manage subscriptions related to in-app purchases
Respond to your requests and provide customer support
Detect, investigate, and prevent fraudulent or unauthorized activity
Monitor and improve app performance through crash and diagnostic data
Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Public Content: Posts and profile information you make public are visible to other users and may be indexed by search engines.
Service Providers: We share data with third-party vendors who assist us in operating the App (e.g., cloud hosting, analytics, email delivery, payment processing). These providers are contractually bound to protect your data.
Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
Safety: We may share information when we believe it is necessary to protect the safety of any person or the public.
Business Transfers: In connection with a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction, your information may be transferred as part of that transaction. We will provide notice of any such change and any choices you may have regarding your information.

4. Legal Basis for Processing (GDPR Article 6)

If you are a resident of the European Union or European Economic Area, we process your personal data on the following legal bases:

Contract Performance: We process your account information, content, and usage data to create your account and deliver the App's services to you.
Consent: We rely on your explicit consent to send push notifications, collect optional analytics, and process personal data beyond what is necessary for the service. You may withdraw consent at any time through in-app settings or by contacting us.
Legitimate Interests: We process data to protect the security of the App and our users, prevent fraud and abuse, detect and fix bugs, and improve our services. We carefully balance these interests against your privacy rights.
Legal Obligation: We process data when required by law, such as responding to law enforcement requests, maintaining tax records, and complying with regulatory requirements.

5. Third-Party Services

The App uses the following third-party services that may collect and process your data:

Supabase: Handles authentication, database services, and file storage. Collects: email address, authentication credentials, profile data, user-generated content, and backup data. Supabase processes this data to authenticate users and store app content.
Cloudflare: Provides content delivery network (CDN), security, video streaming, and serverless compute services. Collects: IP address, usage patterns, access logs, and video streaming data. Cloudflare uses this data to optimize content delivery, protect against attacks, and provide analytics.
Firebase Cloud Messaging (FCM): Enables push notification delivery. Collects: device tokens, notification interaction data (delivery status, open/click events), and device information. FCM uses this data to route notifications to your device.
Firebase Crashlytics: Collects crash reporting and diagnostic data. Collects: device information, crash logs, app state at time of crash, operating system details, and app version. Crashlytics uses this data to identify bugs and improve app stability.
Apple Sign In: Optional authentication method. Collects: email address, user name, authentication tokens, and device information. Apple uses this data to authenticate your identity.
Google Sign In: Optional authentication method. Collects: email address, user name, profile photo, authentication tokens, and Google account information. Google uses this data to authenticate your identity.
Facebook Authentication: Optional authentication method. Collects: email address, name, profile photo, authentication tokens, and Facebook account information. Facebook uses this data to authenticate your identity.
Apple App Store / Google Play: Process in-app purchases and subscriptions. Collects: transaction data, subscription status, device identifiers, and billing information. App Store and Google Play use this data to process payments and manage subscriptions.

Each service operates under its own privacy policy. We encourage you to review their policies to understand how they process your data.

6. Data Retention

We retain your personal information for specific periods depending on the type of data and our operational and legal needs:

Account Data: We retain your account information for the duration of your account. If you delete your account, we will retain this data for 30 days before permanent deletion, except where legal requirements mandate longer retention.
Usage and Analytics Data: We retain usage logs and analytics data for up to 24 months to monitor app performance and improve our services.
Crash Logs and Diagnostic Data: We retain crash reports and diagnostic data for 90 days to identify and fix bugs.
Payment Records: We retain payment transaction records for 7 years as required by applicable tax laws and financial regulations.
Communication Records: We retain customer support communications, emails, and support tickets for 3 years to maintain service history and resolve disputes.
Backup Data: We maintain backup copies of your data for disaster recovery. Backups are purged within 90 days of your account deletion request.

7. Cookies and Tracking Technologies

App-Based Tracking: The Aeonis app uses session identifiers and device identifiers to maintain your session, remember preferences, and provide personalized features. These are essential to the functionality of the App.

Advertising and App Tracking Transparency (ATT): On iOS, we comply with Apple's App Tracking Transparency (ATT) framework. When you first use the App, you will receive a system prompt asking for permission to track your activity across other apps and websites. This data may be used for personalized advertising and analytics. You can change this setting at any time in iOS Settings > Privacy > Tracking.

IDFA Collection: We may collect your Identifier for Advertisers (IDFA) on iOS and Google Advertising ID on Android if you have granted permission through the ATT framework. These identifiers allow us and our advertising partners to deliver more relevant ads to you.

Web Analytics: If you access any web-based components of Aeonis services, we may use cookies and similar technologies to understand how you interact with our website. You can control cookie preferences in your browser settings.

Opting Out: You can opt out of personalized advertising by disabling ATT permission on iOS or by adjusting your advertising preferences in your device settings. You can also contact us at [email protected] to request that we not use your IDFA for advertising purposes.

8. Push Notifications

Consent and Opt-In: When you first use the Aeonis app, we will request your permission to send push notifications. Push notifications are only sent if you explicitly grant permission through your device's notification settings.

Data Used: Push notifications are powered by Firebase Cloud Messaging (FCM) on Android and Apple Push Notification service (APN) on iOS. To send you notifications, we collect and store your device's push notification token. This token is a unique identifier that tells the messaging service how to reach your device.

Types of Notifications: We may send you the following types of notifications:

Account activity (someone follows you, likes your content, replies to your posts)
Messages and mentions
App updates and features
Community events and announcements
Optional promotional and marketing messages (if you have opted in)

How to Opt Out: You can disable push notifications at any time by:

Going to your device's Settings > Notifications > Aeonis and toggling notifications off
Using in-app settings to customize which types of notifications you receive
Contacting us at [email protected] to opt out entirely

If you opt out of push notifications, we will no longer send you messages to your device, though other communication methods may still apply.

9. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS/SSL), encryption at rest, access controls, and secure password handling. However, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security, but we maintain reasonable safeguards to protect against unauthorized access, alteration, or disclosure.

10. Your Rights

10a. Rights for All Users

All users have the right to:

Access the personal data we hold about you
Request correction of inaccurate or incomplete data
Request deletion of your data
Withdraw consent to process your data at any time
Object to processing of your data

To exercise any of these rights, contact us at [email protected].

10b. Additional Rights for EU/EEA Residents (GDPR)

If you are a resident of the European Union, European Economic Area, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR):

Right of Access: You have the right to obtain confirmation of whether we process your data and to receive a copy of that data.
Right to Rectification: You have the right to correct inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten): You have the right to request deletion of your data, subject to certain exceptions for legal compliance.
Right to Restrict Processing: You have the right to restrict or limit how we use your data while a request is being investigated or resolved.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object: You have the right to object to processing of your data based on legitimate interest, including profiling. You also have the right to object to direct marketing and automated decision-making.
Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects about you.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local Data Protection Authority if you believe we have violated your rights.

EU Representative: To be designated. For inquiries regarding GDPR rights, you may contact our EU Representative using the contact information below.

International Data Transfers: We use Standard Contractual Clauses (SCCs) approved by the European Commission to protect your data when transferred outside the European Economic Area. These SCCs establish legally binding safeguards equivalent to GDPR protection.

Legal Basis: For more information on our legal basis for processing your data, please see the "Legal Basis for Processing (GDPR Article 6)" section above.

10c. Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You have the right to request what personal information we collect, use, and disclose about you.
Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct: You have the right to request that we correct inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do NOT sell or share your personal information as defined by the CCPA and CPRA. We do not knowingly sell your personal data for monetary or other valuable consideration, nor do we share it for cross-context behavioral advertising.
Right to Limit Use and Disclosure: You have the right to limit how we use and disclose your personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. We will not deny goods or services, charge different prices, or provide different quality of service based on your exercise of CCPA rights.

Categories of Personal Information Collected: We collect the following categories of personal information:

Identifiers (name, email, username, device identifiers, IP address)
Internet Activity (pages viewed, search history, interaction data, device tokens)
Device Information (device type, operating system, browser type, unique identifiers)
Commercial Information (purchase history, subscription status, transaction data)
Profile Inferences (content preferences, inferred interests)

How to Exercise Your Rights: To submit a request to know, delete, correct, or opt-out, please contact us at:

Email: [email protected] with subject line "CCPA Request"
In-app settings: Access your privacy controls in the Aeonis app settings menu

Authorized Agent: You may designate an authorized agent to submit requests on your behalf. The authorized agent must provide proof of authorization.

Verification: We will verify your identity before responding to your request. We may ask you to provide information we can match against records we maintain.

11. Children's Privacy (COPPA Compliance)

Age Requirement: The Aeonis app requires users to be at least 13 years old (or 16 years old in the European Union and European Economic Area) to create an account. We collect date of birth at registration to verify compliance with age requirements.

Account Suspension: If we discover that a user is under the minimum required age for their jurisdiction, we will immediately suspend the account and delete all personal data associated with that account within 30 days.

COPPA Compliance: Aeonis complies with the Children's Online Privacy Protection Act (COPPA), which protects children under 13 in the United States. We do not knowingly collect personal information from children under 13. If a parent or guardian believes their child has provided us with personal data, they should immediately contact us at [email protected], and we will take prompt action to delete the information.

Parental Rights: Parents or guardians may contact us to review, correct, or request deletion of their child's information, or to refuse further collection or use of the child's information.

12. International Data Transfers

Aeonis operates using backend services that process your information in multiple jurisdictions. Your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate.

Transfer Mechanisms: We protect your data during international transfers using Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses impose obligations on our service providers to maintain privacy standards equivalent to those required by applicable data protection laws.

Service Provider Locations:

Supabase: Servers are located in the United States (US-EAST-1 region and additional global locations).
Cloudflare: Operates a global content delivery network with servers in multiple regions for optimal performance and security.
Firebase Services: Data is processed in Google Cloud regions, including the United States.

By using the Aeonis app, you acknowledge and consent to your information being processed in jurisdictions that may not have data protection laws equivalent to your home jurisdiction. We take steps to ensure adequate safeguards are in place.

13. Data Security Incidents and Breach Notification

Incident Response: We maintain a data security incident response plan to quickly address any unauthorized access, loss, or disclosure of personal information.

User Notification: If we become aware of a data breach that affects your personal information, we will notify you as soon as possible and without undue delay, but in no case later than 72 hours after becoming aware of the breach. Notification will include:

The nature of the personal data breach
The categories and approximate number of individuals affected
The likely consequences of the breach
Steps we have taken or plan to take to address the breach and mitigate harm
Contact information for our Data Protection Officer or privacy team

Regulatory Notification: We will notify relevant supervisory authorities (such as Data Protection Authorities in the EU) as required by applicable law.

14. Automated Decision-Making

Use of Algorithms: Aeonis may use algorithms and automated decision-making to provide certain features, such as:

Content recommendations based on your usage patterns and preferences
Fraud detection and prevention systems
User verification and account security measures

Legal Effect: We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significant effects. All final decisions that significantly affect your access to the App are made by humans, not algorithms alone.

Right to Review: You have the right to request human review of any automated decision that affects your use of the App. To request a review, contact us at [email protected].

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or other factors. When we make material changes to this policy, we will provide at least 30 days advance notice by posting the updated policy in the App and updating the "Last Updated" date at the top of this page. Significant changes will also be communicated via email or in-app notification. Your continued use of the App after changes have been posted constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Aeonis LLC
Wyoming, United States
[email protected]

EU Representative: To be designated. Please contact [email protected] for information about our EU Representative.

California Inquiries: California residents may submit privacy requests by emailing [email protected] with subject line "CCPA Request" or through the in-app privacy settings.