1. Introduction
Welcome to Insaty ("we," "our," or "us"). We respect your privacy and are committed to protecting your
personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information
when you use our mobile application.
By using Insaty, you agree to the collection and use of information in accordance with this policy.
🛡️ Our Privacy Commitment
What We DON'T Do:
- ❌ We do NOT use your data for advertising
- ❌ We do NOT sell your data to third parties
- ❌ We do NOT track you across other apps or websites
- ❌ We do NOT use analytics for marketing purposes
- ❌ We do NOT collect data beyond what's necessary to provide the podcast sharing service
We collect data for ONE purpose only: To provide you with the Insaty podcast sharing
service.
2. Information We Collect
2.1 Information You Provide When Creating an Account
Manual Registration:
- Username: Required to identify your account
- Email Address: Required for account authentication and communication
- Password: Required for account security (stored encrypted, never in plain text)
- Profile Picture: Required, to personalize your profile
Google Sign-In (OAuth):
When you sign in with Google, we access and collect the following information from your Google account:
- Name: To create and display your profile
- Email Address: For account authentication and communication
- Profile Picture: To display on your profile (optional)
- Google User ID: A unique identifier to link your Google account to Insaty
Important Information About Google Sign-In:
- ✅ We ONLY access your basic profile information (name, email, picture)
- ✅ We do NOT access your Gmail, Google Drive, Calendar, or any other Google services
- ✅ We do NOT read, send, or manage your emails
- ✅ We do NOT access your Google contacts or files
- ✅ We ONLY use this data to create and manage your Insaty account
- ✅ We do NOT sell or share your Google data with third parties
Google's Privacy Policy: Your use of Google Sign-In is also governed by Google's Privacy
Policy: https://policies.google.com/privacy
Revoking Access: You can revoke Insaty's access to your Google account at any time by
visiting: https://myaccount.google.com/permissions
2.2 User-Generated Content
When you use Insaty's features, you may provide:
- Podcast Uploads: Audio files, titles, descriptions, and metadata you upload
- Recorded Podcasts: Audio recordings created within the app using your device's
microphone
- Comments and Interactions: Comments, likes, shares, and other interactions with content
- Profile Information: Bio, profile pictures, podcast series cover images
2.3 Automatically Collected Information
We automatically collect certain technical information when you use the app:
- Device Information: Device type, operating system version, unique device identifiers
- Usage Data: Features used, time spent on app, search queries, listening history
- Log Data: IP address, access times, app interactions
- Crash Reports: To help us identify and fix bugs, we use Sentry. Sentry automatically
collects device information (such as operating system version, CPU, and GPU details), the state of the
application at the time of the crash, error logs, and your IP address.
- Location Data: Approximate location based on IP address (we do NOT collect precise GPS
location)
2.4 Tracking Technologies
We do NOT use cookies or browser-based tracking technologies. However, we use:
- Session Tokens: To keep you logged in securely (stored locally on your device only)
- Device Identifiers: For app functionality and technical support
- Local Storage: For app preferences and offline functionality
We do NOT use third-party analytics or tracking tools for advertising.
2.5 Permissions We Request
Our app requests the following permissions only when needed:
- Microphone Access: Required ONLY when you actively use the recording feature to create
podcasts. We never record in the background.
- Storage Access: Required to save and upload podcast files and images from your device
- Notification Permission: To send you updates about your content and interactions (you
can disable this anytime)
You can revoke these permissions at any time through your device settings.
3. Why We Collect This Data
We collect data for ONE purpose: To provide you with the Insaty podcast sharing service.
3.1 Service Provision
- Create and manage your account (using Supabase authentication)
- Enable podcast discovery, sharing, uploading, and recording features
- Store and deliver your podcast content and images
- Provide customer support
3.2 Content Management
- Host and display your uploaded and recorded podcasts
- Store profile pictures and podcast series cover images
- Enable sharing and discovery of podcasts
- Process audio and image uploads securely
- Moderate content for compliance with our Terms of Service
3.3 Communication
- Send you email notifications about app activity (via Resend email service)
- Respond to your inquiries and support requests
- Send important service announcements
3.4 App Improvement
- Analyze usage patterns to improve app functionality
- Fix bugs and technical issues
- Develop new features based on user needs
3.5 Safety and Security
- Detect and prevent fraud, abuse, and illegal activity
- Enforce our Terms of Service and Community Guidelines
- Protect the rights and safety of all users
- Secure data transmission and storage
4. How We Store and Protect Your Data
4.1 Service Providers We Use
We use the following trusted third-party services to operate Insaty. These are service
providers (they process data on our behalf), NOT third parties who receive your data for their
own purposes:
Supabase (Privacy Policy)
- What they do: Database management, user authentication, profile and series image
storage
- What data: Account information, user profiles, metadata, profile pictures, podcast
series covers
- Where: AWS infrastructure (primarily US/EU regions)
- Security: TLS 1.3 encryption in transit, AES-256 encryption at rest
Cloudflare R2 (Privacy
Policy)
- What they do: Storage of audio podcast files and cover images
- What data: Your podcast audio files and cover images
- Where: Cloudflare's global network
- Security: Encrypted in transit and at rest
- Access: Upload URLs are generated securely via Supabase Edge Functions
Sentry (Privacy Policy)
- What they do: Crash reporting and application performance monitoring
- What data: Device information (OS, CPU, GPU), application state during crashes, error
logs, and IP address
- Where: Sentry's infrastructure (US/EU regions)
- Security: Encrypted in transit and at rest
Resend (Privacy
Policy)
- What they do: Email delivery service for notifications
- What data: Your email address and notification content
- Usage: Transactional emails only (account verification, notifications, password resets)
Supabase Edge Functions
- What they do: Serverless functions for secure upload URL generation, file deletion, and
processing
- What data: Temporary processing of upload requests and file metadata
- Security: Runs in isolated environments with secure authentication
Important: These service providers are bound by contract to only use your data to provide
services to us. They cannot use your data for their own purposes, and we do NOT sell your data to them or
anyone else.
4.2 Security Measures
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data between your device and our servers uses TLS 1.3
encryption
- Encryption at Rest: All stored data is encrypted using AES-256 encryption
- Access Controls: Strict authentication and authorization via Supabase
- Secure Uploads: Direct-to-R2 uploads using pre-signed URLs generated by secure
functions
- Password Security: Passwords are hashed and never stored in plain text
- Regular Monitoring: We monitor our systems for security vulnerabilities
Note: While we implement strong security measures, no method of internet transmission or
electronic storage is 100% secure. We cannot guarantee absolute security.
4.3 Data Retention Periods
- Account Information: While your account is active + 30 days after deletion
- Podcast Content: Until you delete it + 30 days for complete removal
- Profile Images: Until you replace or delete them + 30 days
- Usage Logs: 90 days for technical support
- Backup Copies: Up to 90 days for disaster recovery
- Legal Requirements: Some data may be retained longer as required by Algerian law
5. How We Share Your Information
5.1 With Other Users (Content You Make Public)
- Your public profile information (username, profile picture, bio) is visible to other users
- Public podcasts can be discovered and accessed by all app users
- Your interactions (likes, comments, shares) may be visible to others
- Private content is ONLY accessible to you and users you explicitly share with
5.2 With Service Providers (Processing on Our Behalf)
We share data with service providers who help operate the app (Supabase, Cloudflare R2, Resend - described
above). These providers:
- Are contractually obligated to protect your data
- Can only use data to provide services to us
- Cannot use your data for their own purposes
5.3 For Legal Reasons
We may disclose your information if required by law:
- To comply with legal obligations or court orders
- To respond to lawful requests from authorities
- To protect our rights, property, or safety
- To protect the rights, property, or safety of our users
- To detect, prevent, or address fraud or security issues
5.4 Business Transfers
- Access: Request a copy of your personal data (JSON/CSV format)
- Correction: Correct inaccurate or incomplete data through your account settings
- Deletion: Request deletion of your account and all associated data
- Portability: Request your data in a machine-readable format
- Objection: Object to certain processing of your data
- Restriction: Request restriction of processing in certain circumstances
- Withdraw Consent: Withdraw consent for data processing at any time
6.2 How to Manage Your Content
- Edit or delete your podcasts anytime through the app
- Update your profile information in Settings
- Change privacy settings for your content (public/private)
- Manage notification preferences
- Revoke app permissions through your device settings
- Revoke Google Sign-In access at https://myaccount.google.com/permissions
6.3 How to Exercise Your Rights
To exercise any of these rights:
- Email us: sissou.chiter@gmail.com, podupbt@gmail.com, or takieddine.chiter@gmail.com
- Response time: We will respond within 30 days (as required by GDPR and Algerian law)
- Verification: We may ask to verify your identity before processing requests for
security
7. Deleting Your Account and Data
7.1 How to Delete Your Account
You can request account deletion at any time:
- In the app: Go to Settings > Account > Delete Account
- By email: Contact us at any of the email addresses above
7.2 What Happens When You Delete Your Account
When you request account deletion:
- Your account access is immediately disabled
- Your profile and personal information are removed from active systems within 30 days
- Your podcasts and content are deleted or anonymized within 30 days
- Data is removed from Supabase database and Cloudflare R2 storage
- All email communications via Resend are stopped
- If you used Google Sign-In, the connection is removed (you may also want to revoke access manually)
7.3 What May Be Retained
Some data may be retained beyond deletion:
- Backup copies (automatically deleted after 90 days)
- Data required by law (financial/legal records - up to 5 years as per Algerian law)
- Anonymized data for analytics (no longer personally identifiable)
- Your username may remain reserved to prevent impersonation
8. Children's Privacy
Insaty is not intended for children under 19 years of age (the age of majority in Algeria). We do not
knowingly collect personal information from minors under 19.
If you are a parent or guardian and believe we have collected information from a minor under
19:
- Contact us immediately at takieddine.chiter@gmail.com
- We will investigate and delete such information within 72 hours
- We will terminate the account if verified to belong to a minor
9. International Data Transfers
Your information may be transferred to and processed in countries other than Algeria:
- United States: Supabase (AWS) and Resend servers
- Global Network: Cloudflare R2 distributed storage
We ensure appropriate safeguards:
- EU Standard Contractual Clauses where applicable
- All service providers maintain GDPR and Algerian Law No. 18-07 equivalent standards
- All transfers use TLS 1.3 encryption
- Compliance with Algerian data protection requirements
10. Your Rights Under Algerian Law (Law No. 18-07)
If you are in Algeria, you have additional rights under Law No. 18-07 (June 10, 2018):
- Right to be informed about data collection and processing
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to object to processing
- Right to deletion of your data
- Right to restriction of processing
- Right to data portability
- Right to not be subject to automated decision-making
- Right to file a complaint with ANPDP
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top
- We will post the new policy in the app
- For material changes, we will send an email notification
- For significant changes, we will display an in-app notice
Your continued use of Insaty after changes means you accept the updated policy.
12. Contact Us
13. Your Consent
By creating an account and using Insaty, you confirm that:
- You have read and understood this Privacy Policy
- You consent to the collection and use of your information as described
- You understand your rights and how to exercise them
- You are at least 19 years of age
- If using Google Sign-In, you understand what Google data we access and why
You may withdraw consent at any time by deleting your account.