SPACE logoSPACEBack

Privacy Policy

Last updated: 19 May 2026

1. Data Controllers

The data controllers are: Simone Copetti, Andrea Citton, Bernardo Andrea Cecchini, Matteo Bertini. Privacy email: privacy@spaceeapp.com

The controllers act as joint controllers pursuant to Art. 26 GDPR. No DPO has been appointed.

The controllers have entered into a joint controllership arrangement governing, among other things, the handling of data subject rights requests and personal data breach procedures. The single point of contact for data subjects is privacy@spaceeapp.com. The essence of the arrangement is available on request at that address.

2. Data We Collect

Data you provide:

  • Email, username and login credentials.
  • Avatar, bio and profile privacy settings.
  • Photos, folder covers, comments, internal likes and favourite photos (reposts).
  • Friend requests, friendships, folder invitations and folder roles.

Data generated by your use:

  • Content metadata: identifiers, timestamps, file dimensions.
  • Folder data: members, roles, invite status, share links.
  • In-app notifications and per-category notification preferences.
  • Push notification tokens (APNs/FCM).

Data you provide for feedback and support:

  • App ratings (score, highlights, improvement suggestions).
  • Bug reports (title, steps to reproduce, expected behaviour, screen).
  • User reports (reason and optional description).

Technical and local data:

  • Technical logs and session tokens (SecureStore/Keychain/Keystore).
  • Local preferences, theme and cache (device-only, cleared on logout).
  • Photo library, media library, clipboard and share sheet access, if chosen.
  • Temporary E2E identity credential (password stored in hardware-encrypted secure storage between account creation and email confirmation; automatically deleted at first login).

3. End-to-End Encryption (Private Folders)

"Private" folders apply end-to-end encryption (E2E) to photo content: each photo is encrypted on your device before being sent to the server, so the controllers and Supabase cannot access the visual content in plaintext. Only encrypted data and user-wrapped cryptographic keys are stored on the server.

Important: E2E encryption covers photo content only. Metadata (folder name, member list, roles, timestamps, photo titles) are not end-to-end encrypted and remain accessible to the controllers and Supabase for service management purposes.

Cover images: Only explicitly uploaded cover photos (the optional image set as a Space cover) are not end-to-end encrypted and are stored in plaintext on the server. When no explicit cover is set, the app displays recent encrypted photos from the folder as card previews on the home screen — those photos remain E2E-protected.

E2E identity setup and email confirmation: Cryptographic identity setup (keypair generation) is deferred to your first login after email confirmation, not performed at registration. Between account creation and email confirmation, the credentials required for key derivation are temporarily stored in the device's hardware-encrypted secure storage (SecureStore / Keychain / Keystore) and permanently deleted as soon as identity setup completes at first login. These credentials are never transmitted to the server in plaintext.

Password reset: Resetting your password generates an entirely new E2E keypair. The previous private key is irreversibly discarded — the controllers cannot recover it. All existing private folders become permanently inaccessible. To regain access, the folder owner or an admin must re-invite you so the folder encryption key can be re-wrapped for your new public key.

4. Purposes and Legal Basis

  • Provide and manage the service: performance of a contract (Art. 6.1.b GDPR).
  • Feedback, bug reports and moderation: legitimate interest (Art. 6.1.f) and, for explicit feedback, consent (Art. 6.1.a GDPR).
  • Security and abuse prevention: legitimate interest (Art. 6.1.f GDPR).
  • Legal obligations: compliance with law (Art. 6.1.c GDPR).
  • Device features (photo library, push notifications, sharing): consent (Art. 6.1.a GDPR).

5. Content Visibility Between Users

  • Shared folders are visible only to collaborators.
  • Favourite photos (reposts / "Best Moments") are visible to accepted friends, even if they are not collaborators of the original folder. Internal likes are never visible outside the folder.
  • Folder share links are multi-use: anyone with the token can join within 7 days of creation.

6. Recipients and Providers

  • Authorised staff of the controllers.
  • Supabase Inc. (database, authentication, storage) — servers in Ireland (EU).
  • Expo Inc. (app distribution, push notifications).
  • Public authorities where required by law.

We do not sell personal data. Full processor list available at: privacy@spaceeapp.com

7. Transfers Outside the EEA

Supabase servers are in Ireland (EU). Expo's push service may involve transfers to the USA; GDPR safeguards apply (Standard Contractual Clauses).

8. Retention

  • Account/profile: until account deletion.
  • Content in shared folders: on account deletion, author references are anonymised (not the content itself), to preserve the integrity of shared content. Content in folders where you are the sole member is permanently deleted.
  • Folders in the bin: up to 30 days.
  • Push tokens: until logout; deleted from the device and revoked on the server upon logout.
  • Feedback and reports: for the time needed for review.
  • Technical logs: as long as strictly necessary.

9. Security

We apply: authentication and session management; secure device storage for tokens; Row Level Security; time-limited signed URLs; E2E encryption of photo content in private folders; temporary E2E identity credentials stored exclusively in hardware-encrypted device storage (SecureStore / Keychain / Keystore) and automatically deleted at first login after email confirmation. No system can guarantee absolute security; we apply risk-appropriate measures.

10. Your Rights

You may exercise the following rights under Arts. 15–22 GDPR:

  • Access (Art. 15): obtain confirmation that processing is taking place and receive a copy of your data.
  • Rectification (Art. 16): correct inaccurate or incomplete data.
  • Erasure (Art. 17): request removal of data that is no longer necessary or lacks a legal basis.
  • Restriction (Art. 18): suspend processing in certain cases provided for by law.
  • Objection (Art. 21): object to processing based on legitimate interest.
  • Portability (Art. 20): receive your data in a structured, machine-readable format, for processing based on contract or consent.
  • Withdrawal of consent: at any time, without affecting the lawfulness of prior processing.

The controllers will respond to requests within 30 days of receipt. This period may be extended by a further 60 days in cases of particular complexity or a high volume of requests.

We do not carry out automated decision-making or profiling with legal or similarly significant effects pursuant to Art. 22 GDPR.

You may lodge a complaint with the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it) or the competent supervisory authority in your country of residence.

Contact: privacy@spaceeapp.com

11. Minors

Use of the service requires a minimum age of 14 years (in Italy, pursuant to Art. 2-quinquies of Legislative Decree 196/2003), or a higher age where required by the law applicable in the user's country. Below the applicable threshold, use is permitted only with the explicit consent of a parent or guardian. We do not knowingly collect personal data from users below the applicable threshold without such consent.

12. Changes

We may update this policy. Material changes will be notified via the app.

13. Contact

  • Email: privacy@spaceeapp.com
  • Controllers: Simone Copetti, Andrea Citton, Bernardo Andrea Cecchini, Matteo Bertini
Back to home