Privacy Policy

Last updated: May 17, 2026

This privacy policy describes how TeaChat ("we", "us", "the app") collects, uses, and protects your information when you use our chat and project-management service across web, iOS, and Android.

1. Information we collect

• Account data. Email address and display name (chosen by you).
• Workspace content. Messages, direct messages, files you attach, project board contents (cards, comments, activity log), and notifications generated by your team's activity.
• Push tokens. If you install the native app on iOS or Android, a push-notification token (APNs or FCM) is stored and tied to your account so we can deliver alerts.
• Operational data. Standard request logs (timestamps, IP, paths) retained by our infrastructure provider (Supabase) for service operation. No third-party analytics or advertising SDKs are embedded.

We do not collect: precise location, contacts, microphone or camera input without active per-feature permission, or biometric data.

2. How we use it

• To deliver the chat and project-board features you actively use.
• To send push notifications when teammates message or mention you.
• To keep the service running and prevent abuse.

We do not sell or share your data with advertisers. We do not train AI models on your messages.

3. Where your data is stored

Your data is stored in Supabase (PostgreSQL + Storage), which acts as our data processor. Servers are located in the United States.

4. Retention & deletion

Data is retained until you delete it. When you delete your account in-app (Profile → Delete my account):

• Your members row, auth user, push tokens, pins, and notifications are permanently deleted.
• Your past messages and comments are anonymized: author_id is cleared and the visible name becomes "Deleted user." The text remains so conversation history makes sense for other participants. If you want full message deletion as well, contact us before deleting and we'll do that on request.
• Your workspace memberships are removed.
• Your Supabase auth user is permanently removed, signing you out of every device.

You can also request a complete export of your data by contacting us at the email below.

5. Children's privacy

TeaChat is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has used the service, please contact us and we will delete the account.

6. Security

We rely on Supabase row-level security to enforce that you can only access data within your own workspaces. Transport is TLS-encrypted. Passwords are hashed by Supabase Auth using bcrypt — we do not store passwords ourselves and never have access to them.

If you believe an incident has occurred, contact us within 72 hours so we can investigate.

7. Your rights

You can at any time:

• Export your data — contact us for a JSON dump of everything you've authored.
• Correct your data — edit your profile and your own messages directly in the app.
• Delete your data — use the in-app delete flow, or contact us for full deletion.
• Object to processing — delete your account.

If you are in the EU/EEA, UK, or California, you have additional rights under GDPR or CCPA. Email us to exercise them.

8. Changes to this policy

We will update this policy and notify users in-app when material changes are made. Continued use after notice constitutes acceptance.

9. Contact

Email: support@teachat.io
Owner: Aryan Dawoodi
Mail / data-deletion requests: support@teachat.io