Privacy Policy
Effective Date: January 11, 2026
Last Updated: January 11, 2026
At a Glance
RenuWise helps you track passport expiration dates and get renewal reminders. Here's what you need to know about your privacy:
- โ We collect: User ID, email, passport data (country/expiration/relationship), timestamps, device info, session data
- โ We use it for: Sending you renewal reminders and improving the app
- โ We share with: Third-party services that power features (analytics, AI, maps)
- โ We DO NOT: Sell your data or track you across other apps/websites
- ๐๏ธ You can: Delete your account and all data anytime in Settings
Questions? Email us at renuwise@vangotech.us
1. Introduction
Welcome to RenuWise, a mobile application developed by VangoTech LLC ("we," "us," or "our"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our app.
By using RenuWise, you agree to this Privacy Policy. If you don't agree, please don't use the app.
This policy applies to:
- iOS app (Apple App Store)
- Android app (Google Play Store)
- All features and services within RenuWise
2. Information We Collect
2.1 Data You Provide Directly
Account Information:
- User ID (UUID, automatically generated upon account creation)
- Email address (required for login and notifications)
- Password (encrypted and never stored in plain text)
- Account creation date (timestamp)
- Last sign-in date (timestamp)
- Preferred language (English or Spanish)
- Theme preference (Light or Dark mode)
Passport Information:
- Passport ID (UUID, internal identifier for each passport record)
- Country of issue (e.g., "United States")
- Expiration date (e.g., "2028-05-15")
- Relationship (Self, Spouse, Child, Parent, Other)
- Creation timestamp (when passport was added)
- Last update timestamp (when passport was last modified)
Important: We do NOT collect passport numbers, full names on passports, photos, or any other sensitive passport details.
Tasks & Preferences:
- Renewal tasks you create
- Notification preferences (email/push on or off)
- Calendar reminder preferences and calendar event IDs
Calendar Access (Optional):
If you enable calendar reminders, we request read/write access to your device calendar:
-
Permission requested: Calendar read/write (via
expo-calendar) - What we read: List of available calendars on your device (to let you choose which calendar to use)
-
What we write: Renewal reminder events with the
following fields:
- Event title (e.g., "US Passport Renewal Reminder")
- Event date/time (set to expiration date or reminder date)
- Event notes (passport country, expiration date, renewal guidance)
- Event alarms (notifications at specified intervals)
- Server storage: We store the calendar event ID in our database to allow you to update or delete the event later. We do NOT store the full calendar event content on our servers.
- Logging exclusion: Calendar event content (titles, notes, dates) is excluded from error logs and crash reports. Only calendar event IDs (which do not contain readable data) may appear in technical logs.
- You can revoke: Calendar access anytime in your device settings
2.2 Data We Collect Automatically
Device & App Information:
- Device type (iPhone, Android phone)
- Operating system version (iOS 17, Android 14)
- App version (e.g., 1.0.5)
- Device model (for analytics only)
- Expo Push Notification Token (stored in our Supabase database, linked to your User ID, used to deliver push notifications and prevent duplicate registrations)
Usage Data:
- Features you use (e.g., AI Assistant, Embassy Finder)
- Session count (total number of app launches)
- Session duration (time spent per session)
- Last session timestamp (when you last opened the app)
- App launch events (when and how often you open the app)
- Buttons you tap and screens you view
- Error logs and crash reports (retained for 90 days)
Crash Report Contents:
- Error type and message
- Stack trace (code execution path)
- Device model and OS version
- App version
- Screen name where error occurred
- User ID (for support correlation)
- Timestamp
Crash Reports Do NOT Include:
- Passport numbers or expiration dates
- Email addresses or passwords
- Calendar event content
- AI queries or responses
- Location coordinates
- Notification content
Session Data Retention: Session data is retained indefinitely while your account is active for analytics purposes. After 1 year, session data is anonymized (User ID is removed) but aggregate statistics are retained for up to 7 years for business analytics and legal compliance.
Location Data (Optional):
- When: Only when you use the Embassy Finder or AI Assistant features
- What: Your precise GPS coordinates (latitude/longitude) at the moment of the search
- Precision: City-level accuracy is derived from coordinates but the precise coordinates themselves are transmitted to third-party services (Google Places API, Google Gemini AI)
- How long: NOT stored in our databaseโcoordinates are transmitted to third-party services for that specific search only, then discarded from our systems
- Permission: You must grant location access; you can revoke it anytime
Important: While we do not store your location data, third-party services (Google) may retain location data according to their own privacy policies.
2.3 Data from Third Parties
Google Sign-In (Optional):
- Email address
- Name (optional, for display purposes only)
- Profile picture URL (optional, for display purposes only)
Important: Your name and profile picture from Google Sign-In are NOT stored in our Supabase database. They are used only for display in the app interface and may be sent to analytics services (PostHog) for user identification purposes. If you sign out or delete your account, this data is no longer accessible to us.
3. How We Use Your Information
We use your data to:
3.1 Provide Core Services
- Send renewal reminders via email and push notifications
- Calculate passport status (Active, Renew Soon, At Risk, Expired)
- Sync your data across devices
- Authenticate your account and keep it secure
3.2 Improve the App
- Analyze usage patterns to fix bugs and improve features
- Track feature adoption (e.g., how many users try the AI Assistant)
- Monitor app performance and crash reports
3.3 Provide PRO Features
- AI-powered renewal guidance (requires passport data + location)
- Embassy/Consulate Finder (requires location)
- Unlimited passport tracking
3.4 Communicate with You
- Send important updates about your passports
- Notify you of app updates or policy changes
- Respond to support requests
Notification Logs: We maintain logs of notifications sent to you (email and push) for 90 days. These logs include:
- Notification type (email or push)
- Timestamp of notification
- Passport ID (which passport triggered the notification)
- Delivery status (sent, delivered, failed)
Purpose: Notification logs are used for deduplication (preventing duplicate notifications), debugging delivery issues, and compliance with notification preferences. Logs do NOT contain full passport details (e.g., passport numbers), only internal identifiers.
3.5 Legal Compliance
- Comply with laws and regulations
- Respond to legal requests (e.g., subpoenas)
- Protect our rights and prevent fraud
4. How We Share Your Information
We DO NOT sell your data to anyone. We DO NOT track you across other apps or websites.
We share your data only in these situations:
4.1 Third-Party Service Providers
To power RenuWise features, we use trusted third-party services. Each has its own privacy policy:
Supabase (Backend & Database)
- What we share: User ID, email, password (hashed), passport data (Passport ID, country code, expiration date, relationship, timestamps), user preferences, notification logs, push notification tokens, subscription status
- Storage: We use Supabase Storage to store static assets (country flag images). These assets are stored in a public bucket (read-only access for all users, no write access from client apps). Flag images do not contain user data and are not associated with user accounts. No metadata logging ties flag image access to individual users.
- Edge Functions: We use Supabase Edge Functions (serverless cron jobs) to check passport expiration dates daily and trigger email/push notifications. These functions read passport data, calculate expiration status, and log notification events to the database.
- Why: Store your data securely and handle authentication
- Privacy Policy: https://supabase.com/privacy
RevenueCat (Subscription Management)
- What we share: User ID (UUID), subscription tier (Free/PRO), purchase receipts from Apple/Google, subscription status (active/cancelled/expired), subscription expiration date
- Retention: Active subscription data is retained indefinitely while your subscription is active. Cancelled or expired subscription data is anonymized after 60 days.
- Why: Manage PRO subscriptions and in-app purchases
- Privacy Policy: https://www.revenuecat.com/privacy
PostHog (Analytics)
- What we share: User ID (UUID, sent in clear text), email address (sent in clear text), usage events, device info, user properties
-
Exact data fields sent:
- User Properties: User ID, email, subscription tier, signup date, passport count, preferred language, theme preference, push notification status, app version, platform (iOS/Android)
- Events tracked: User sign-up, sign-in, sign-out, session start/end, passport added/updated/deleted/viewed, subscription viewed/purchased/restored/managed, paywall opened/upgrade accepted/declined, theme changed, language changed, notifications toggled, review prompted/completed, AI Assistant opened/used/success/error, Embassy Finder search/result clicked/directions opened
- Event properties: Passport country code, relationship type, subscription tier, feature names, error messages
- Pseudonymization: User ID and email are sent in clear text (NOT hashed) to PostHog for user identification and analytics correlation. Device identifiers are not sent separately.
- Legal Basis (GDPR): We process analytics data based on our legitimate interest in understanding app usage, improving features, fixing bugs, and optimizing user experience. We have conducted a balancing test and determined that these interests are not overridden by your privacy rights, as: (1) analytics data is used solely for product improvement, (2) no sensitive personal data categories are involved, (3) data is not used for advertising or sold to third parties, and (4) you can exercise your rights to access, delete, or object to processing at any time. We do not use hashing because clear-text identifiers are necessary for accurate user journey tracking and support issue resolution.
- Why: Understand how users interact with the app and improve it
- Privacy Policy: https://posthog.com/privacy
Google Gemini AI (AI Assistant - PRO Feature)
- What we share: Passport country code, expiration date, relationship type (Self, Spouse, Child, etc.), your precise GPS coordinates (latitude/longitude), user's current country, passport status, days until expiry, preferred language
- AI Input & Response Storage: Neither AI prompts/inputs nor AI-generated responses are stored in our database or logs. All AI interactions are processed in real-time and discarded immediately after you close the AI Assistant screen. We do not retain any record of your AI queries or the guidance provided.
- Google's Use of Data: According to Google's privacy policy, queries sent to Gemini AI may be used to improve Google's AI models. We do not control Google's data retention or model training practices.
- Why: Generate personalized renewal guidance
- Privacy Policy: https://policies.google.com/privacy
Google Places API (Embassy Finder - PRO Feature)
- What we share: Your precise GPS coordinates (latitude/longitude), search query (e.g., "US Embassy near me")
- What we receive from Google: Place name, full address, phone number, website URL, Google Maps link, opening hours, GPS coordinates of the place, place ID
- Storage: Search results from Google Places are NOT stored in our database. Results are displayed to you in real-time and discarded after you close the Embassy Finder screen.
- Why: Find nearby embassies and consulates
- Privacy Policy: https://policies.google.com/privacy
Expo Push Notifications (Notifications)
- What we share: Expo Push Tokens, User ID, notification content (passport country, expiration date, days remaining), device type (iOS/Android)
- Why: Deliver renewal alerts to your device
- Privacy Policy: https://expo.dev/privacy
Expo Updates (App Updates)
- What we share: App version, platform (iOS/Android), device type, OS version
- Why: Deliver over-the-air app updates without requiring App Store/Play Store downloads
- Privacy Policy: https://expo.dev/privacy
Resend (Email Service)
- What we share: Your email address, notification content (including passport country code, expiration date, days remaining, renewal status)
- Email Content: Renewal reminder emails include specific passport details (country, expiration date, time remaining) to provide context for the reminder.
- Retention: Resend retains email logs for 30 days, then deletes them.
- Why: Send renewal reminder emails
- Privacy Policy: https://resend.com/legal/privacy-policy
4.2 Legal Requirements
We may disclose your information if required by law, such as:
- Responding to court orders or subpoenas
- Complying with government investigations
- Protecting our legal rights or safety
- Preventing fraud or illegal activity
4.3 Business Transfers
If VangoTech LLC is acquired or merged with another company, your data may be transferred to the new owner. We'll notify you before this happens.
5. Data Storage & Security
5.1 Where We Store Your Data
- Primary database: Supabase (US-based servers, configurable)
- Analytics: PostHog (US or EU servers, configurable)
- Subscriptions: RevenueCat (US-based servers)
- AI processing: Google Gemini (global infrastructure)
International Users: If you're outside the US, your data may be transferred to and stored in the US. We use Standard Contractual Clauses (SCCs) to protect your data during international transfers.
5.2 How We Protect Your Data
Encryption:
- All data transmitted between your device and our servers is encrypted using HTTPS/TLS
- Passwords are hashed using bcrypt (never stored in plain text)
- Database connections are encrypted
Access Control:
- Row Level Security (RLS) ensures you can only access your own data
- API keys and secrets are stored securely in environment variables
- Multi-factor authentication (MFA) for admin access to production systems
Admin Access & Logging:
- Admin accounts require MFA for authentication
- Admin actions (database queries, configuration changes, support access to user data) are logged with timestamps and admin identifiers
- Admin logs include: Admin user ID, action type, timestamp, affected user ID (if applicable), IP address
- Admin access logs are retained for 1 year for security auditing
- Legal Basis: Admin logging is processed based on our legitimate interest in maintaining system security, preventing unauthorized access, and complying with security audit requirements. Logs are necessary for detecting and investigating security incidents.
- Admins can only access user data when responding to support requests or legal obligations
Monitoring:
- We monitor for suspicious activity and unauthorized access
- Regular security audits and updates
- Automated backups to prevent data loss
Note: No system is 100% secure. While we use industry-standard security measures, we cannot guarantee absolute security.
6. Your Privacy Rights
6.1 Access Your Data
You can view all your data in the app:
- Passports: View in the Dashboard
- Preferences: View in Settings
- Account info: View in Settings > Account
Export your data: Email renuwise@vangotech.us to request a copy of your data in JSON format.
Data export includes:
- User ID (UUID)
- Email address
- Account creation date and last sign-in date
- All passport records (Passport ID, country code, expiration date, relationship, creation/update timestamps)
- User preferences (language, theme, notification settings, calendar preferences)
- Subscription status (tier, status, expiration date)
- Notification logs (last 90 days)
- Session statistics (session count, last session timestamp)
Data export does NOT include:
- Password (for security reasons)
- Analytics event details (available separately from PostHog on request)
- Temporary data (AI responses, search results) that is not stored
6.2 Update Your Data
You can update your information anytime:
- Passport details: Tap any passport to edit
- Email/Password: Go to Settings > Account
- Preferences: Go to Settings
6.3 Delete Your Data (Right to Delete)
You can delete your account and all associated data at any time.
How to delete your account:
- Open RenuWise
- Go to Settings
- Tap Account
- Tap Delete Account
- Confirm deletion
What gets deleted:
- โ Your account and login credentials
- โ All passport data
- โ All tasks and preferences
- โ Push notification tokens
- โ Notification logs
What happens to third-party data:
- RevenueCat: Subscription data is anonymized after 60 days
- PostHog: Analytics data can be deleted on request, subject to technical feasibility and PostHog's data retention capabilities. Deletion depends on identifier availability and PostHog's configuration. We will make commercially reasonable efforts to request deletion from PostHog, but cannot guarantee immediate or complete removal due to technical limitations of third-party processors.
- Google Services: Data is deleted per their retention policies
Deletion timeline: Most data is deleted within 30 days. Some anonymized analytics may be retained longer for legal compliance.
Alternative: Email renuwise@vangotech.us if you need help deleting your account.
6.4 Control Notifications
Email notifications:
- Go to Settings > Notifications
- Toggle "Email Notifications" on or off
Push notifications:
- Go to Settings > Notifications
- Toggle "Push Notifications" on or off
- Or manage in your device settings (iOS Settings > RenuWise > Notifications)
6.5 Revoke Location Access
To stop sharing your location:
- iOS: Settings > RenuWise > Location > Never
- Android: Settings > Apps > RenuWise > Permissions > Location > Deny
Note: Embassy Finder and AI Assistant won't work without location access.
6.6 Opt Out of Analytics
We don't currently offer an in-app opt-out for analytics.
Important Limitation: The platform-level settings below do not fully disable our first-party analytics (PostHog). They only limit platform advertising identifiers and cross-app tracking by third parties.
To limit platform tracking:
- iOS: Settings > Privacy > Tracking > Disable "Allow Apps to Request to Track"
- Android: Settings > Google > Ads > Opt out of Ads Personalization
To opt out of our analytics: You must delete your account (Settings > Account > Delete Account), which will remove all your data including analytics events. Alternatively, you can email renuwise@vangotech.us to request analytics opt-out while keeping your account active (we will process this manually).
7. Data Retention
How long we keep your data:
| Data Type | Retention Period |
|---|---|
| Account & passport data | While your account is active |
| Notification logs | 90 days |
| Session data (with User ID) | Indefinitely while account is active; anonymized after 1 year |
| Session data (anonymized) | Up to 7 years for business analytics |
| Analytics events (PostHog) | 7 years (PostHog default, configurable) |
| Crash reports | 90 days |
| Email logs (Resend) | 30 days |
| Active subscription data | Indefinitely while subscription is active |
| Cancelled subscription data | Anonymized after 60 days (RevenueCat) |
| Calendar event IDs | While your account is active (deleted when you delete account or remove reminder) |
| Push notification tokens | While your account is active (deleted when you delete account) |
| Static assets (flag images) | Indefinitely (publicly accessible, no user data) |
After account deletion: Most data is deleted within 30 days. Anonymized analytics may be retained for legal compliance.
8. Children's Privacy
RenuWise is not intended for children under 13.
We do not knowingly collect personal information from children under 13. If you're a parent and believe your child has provided us with personal information, please contact us at renuwise@vangotech.us and we'll delete it immediately.
Child Passport Data: While the app allows you to track passports with the relationship type "Child," this feature is intended for parents or legal guardians to track their children's passports. By adding a child's passport data, you represent that you are the parent or legal guardian of that child and have the authority to provide and manage their passport information. The child passport data (country, expiration date, relationship) is stored under your adult account, not a separate child account.
Age verification: We don't verify users' ages. Parents/guardians should supervise children's use of the app.
9. International Users & Data Transfers
RenuWise is available globally. If you're outside the United States, your data may be transferred to and stored in the US.
Legal basis for data transfers:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Your consent to transfer your data internationally
Your rights under GDPR (EU users):
- Right to access your data
- Right to correct inaccurate data
- Right to delete your data ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
Your rights under CCPA (California users):
- Right to know what data we collect
- Right to delete your data
- Right to opt out of data sales (we don't sell data)
- Right to non-discrimination
To exercise these rights, email renuwise@vangotech.us.
10. Cookies & Tracking Technologies
RenuWise does not use cookies because it's a native mobile app, not a website.
We do use:
- Local storage to save your preferences and session data on your device
- Analytics SDKs (PostHog) to track app usage
- Push notification tokens to send you alerts
We do NOT:
- Track you across other apps or websites
- Use advertising trackers
- Sell your data to advertisers
11. Third-Party Links
RenuWise may contain links to third-party websites (e.g., embassy websites, Google Maps). We're not responsible for their privacy practices. Please review their privacy policies before providing any information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
We'll notify you:
- Via email (if you have an account)
- Via in-app notification
- By updating the "Last Updated" date at the top
Significant changes: If we make major changes (e.g., new data collection, new third parties), we'll ask for your consent before the changes take effect.
Your continued use of RenuWise after changes constitutes acceptance of the updated policy.
13. Contact Us
Questions about this Privacy Policy? We're here to help.
VangoTech LLC
Email: renuwise@vangotech.us
Website:
https://renuwise.vangotech.us
For privacy-specific inquiries:
- Data access requests
- Data deletion requests
- Questions about how we use your data
- Security concerns
- GDPR/CCPA requests
Response time: We'll respond within 30 days.
14. Legal Information
Data Controller: VangoTech LLC is the data controller responsible for your personal information.
Legal Basis for Processing (GDPR):
- Consent: You provide consent when creating an account
- Contract: Processing is necessary to provide the service
- Legitimate interests: Improving the app and preventing fraud
- Legal obligation: Complying with laws and regulations
Supervisory Authority (EU users): If you're in the EU and have concerns about our data practices, you can contact your local data protection authority.
15. App Store Compliance
Apple App Store (Guideline 5.1.1)
Account Deletion: As required by Apple, you can delete your account directly in the app (Settings > Account > Delete Account). This will permanently delete all your data.
Data Collection Disclosure: Our App Store listing accurately reflects the data we collect, as described in this Privacy Policy.
Google Play Store
Data Safety: Our Google Play listing includes a Data Safety section that summarizes:
- What data we collect
- How we use it
- Whether we share it with third parties
- Our security practices
This Privacy Policy provides the full details.
16. Summary of Key Points
- โ We collect: User ID (UUID), email, passport data (country/expiration/relationship), timestamps, device info, session data, location (when using PRO features)
- โ We use it for: Renewal reminders, app improvements, PRO features, analytics
- โ We share with: Trusted third-party services (Supabase, RevenueCat, PostHog, Google, Expo, Resend)
- โ We don't: Sell your data, track you across apps, collect passport numbers or sensitive passport details
- ๐ Security: HTTPS encryption, password hashing, Row Level Security, MFA for admins
- ๐๏ธ Your rights: Access, update, delete your data anytime (full export available in JSON)
- ๐ง Contact: renuwise@vangotech.us for any privacy questions
Thank you for trusting RenuWise with your passport renewal reminders!
This Privacy Policy was last updated on January 11, 2026. Version 1.0