Privacy Policy

Last updated: 3 May 2026

1. Who we are

ScentCast is a fragrance recommendation app developed by an independent developer. References to “we”, “us”, or “ScentCast” in this policy refer to the ScentCast mobile application (iOS / Android) and this website.

For privacy-related queries, contact us at: privacy@getscentcast.com

2. What data we collect

In the app:

  • Account email — required to create an account; used for sign-in, password reset, and important service messages.
  • Authentication identifiers — when you choose Apple Sign-In or Google Sign-In, the platform returns an opaque user identifier and (on first sign-in) your email. We never see your password.
  • Fragrance collection — the bottles you add, your personal 1–5 ratings, optional notes.
  • Wear log — the fragrance you log for a given day, with optional notes.
  • Onboarding preferences — the occasions and moods you select during onboarding (stored locally on the device and synced to your account so the matchmaking engine can use them).
  • Approximate location — when you grant the location permission, we use your latitude/longitude to fetch current weather conditions. Coordinates are sent to OpenWeatherMap via our server only and are never stored alongside your account.
  • Subscription status — if you subscribe to ScentCast Premium, RevenueCat manages the receipt and entitlement and shares the active state with us so we can unlock premium features.
  • Notification settings — your preferred morning-reminder time and whether reminders are enabled. Stored on the device and tied to your account.
  • Diagnostic information — anonymous error logs collected by Expo / Apple / Google when the app crashes. We do not link these to your identity.
  • Photo library access (optional) — only when you tap “Save to gallery” on a scent-of-the-day card. The image is written to your device’s photo library and is never uploaded to our servers.

On this website:

  • If you joined the (now-closed) launch waitlist, we still hold the email + sign-up timestamp you originally provided. You can have these deleted at any time.
  • The website does not use cookies, tracking pixels, or third-party analytics.

3. Why we collect it

  • Provide the service — your collection, wear log, and preferences power the daily fragrance match. Without them the core feature does not work.
  • Authenticate you — your email and the auth identifier from Apple / Google let us issue session tokens and let you sign back in.
  • Personalise the daily pick — your weather, occasion, and mood settings shape the matchmaking engine’s output.
  • Manage your subscription — RevenueCat issues entitlements based on your platform receipt; we read those entitlements to unlock Premium features.
  • Send the morning reminder — only if you opt in. The notification is scheduled locally on your device.
  • Operate and improve the product — anonymous crash data helps us fix bugs.

We do not use your data for behavioural advertising, sell it to third parties, or share it with anyone outside the processors listed below.

4. Third-party processors

We rely on the following services to deliver the app. Each is bound by a data processing agreement and has its own privacy policy.

5. Where data is stored

Your account data lives in our Supabase project (Postgres) in the EU region. Access is restricted by row-level security — each row is readable only by the user it belongs to. Backups are encrypted at rest. Sessions are stored on your device in the platform secure keychain (iOS Keychain / Android EncryptedSharedPreferences) via expo-secure-store.

6. How long we keep it

We keep your account data for as long as your account is active. Deleted accounts are permanently removed from our database within 30 days; backups are overwritten on the standard Supabase rolling schedule. RevenueCat may retain anonymised purchase records as required by App Store / Play Store rules.

7. Your rights

You can exercise the following rights without charge or justification, regardless of your jurisdiction:

  • Access — request a copy of the data we hold about you.
  • Correction — fix anything inaccurate.
  • Deletion — see the section below.
  • Portability — receive your data in a machine-readable format.
  • Objection / restriction — limit how we process your data.
  • Withdraw consent — turn off notifications or location at any time in your device settings.

To exercise any of these rights other than deletion, email us at privacy@getscentcast.com. We respond within 30 days.

8. Deleting your data

You can delete your data without contacting us, in two ways:

  • In the app — Profile → Delete Account. Permanently deletes your account and all associated data.
  • On this website — visit getscentcast.com/delete-account. You can sign in and choose to delete specific data (wear history, collection, match history) or your entire account.

Deletion is immediate and irreversible. Any active subscription is cancelled by Apple / Google through the platform store; we do not control or refund those.

9. Children

ScentCast is not directed at children under 13 (or under 16 in the EEA, depending on local law). We do not knowingly collect data from children. If you believe a child has registered an account, email us and we will delete the account immediately.

10. Security

All traffic between the app, this website, and our servers is encrypted in transit (TLS). Database access is restricted by row-level security. Service-role credentials never ship in the mobile app or this website's frontend. No system is perfectly secure — if you believe your account has been compromised, email privacy@getscentcast.com and reset your password from the sign-in screen.

11. Changes to this policy

We may update this policy as ScentCast develops. The “last updated” date at the top of this page will always reflect the most recent version. Material changes will be announced in-app before they take effect.

→ Delete your data or account→ Terms of Use← Back to home