Privacy Policy

EFFECTIVE MAY 11, 2026

This Privacy Policy describes how Ethan Narvaes ("Noirchive," "we," "us," or "our") collects, uses, discloses, and protects information when you use the Noirchive mobile application, the website at noirchive.com, and any related services (collectively, the "Service"). By using the Service, you agree to the practices described in this Policy.

If you do not agree with this Policy, do not use the Service.

1. Who We Are

Noirchive is operated by Ethan Narvaes, an individual based in the United States.

Data Controller (EEA/UK): Ethan Narvaes
Contact: help.noirchive@gmail.com

2. Information We Collect

2.1 Information You Provide

Account information: email address, password (hashed), username, display name, optional bio, optional profile photo, optional location.
Invite codes redeemed at signup.
User-generated content: photos of fits, captions, votes (fire / mid), salon comments ("verdicts"), follows, watchlist saves, "grail" pins, taste-survey swipes, and Circle drop submissions.
Reports you submit about other users or content.
Communications you send to us (e.g., support emails).

2.2 Information Collected Automatically

Device and technical data: device model, operating system version, app version, language, time zone, crash logs, and approximate IP address.
Usage data: screens viewed, features used, votes cast, fits posted, push token, last-active timestamp, derived taste vector, and ELO score.
Push notification tokens (Expo push token) — used solely to deliver notifications you've opted into.
Cookies and similar technologies on the website (see Section 7).

2.3 Information from Third Parties

If you sign in via a third-party identity provider (e.g., Apple ID), we receive the limited profile information that provider shares with us subject to your privacy settings on that platform.

2.4 Sensitive Personal Information

We do not knowingly collect government IDs, financial account numbers, precise geolocation, biometric data, race, ethnicity, religion, sexual orientation, or health information. Do not submit such information through the Service.

3. How We Use Information

We use the information we collect to:

Create and manage your account, authenticate you, and provide the Service.
Build your taste vector and personalize fit recommendations.
Maintain ELO rankings, streaks, member numbers, and other product features.
Send push notifications (follows, verdicts, scheduled drops, streak reminders) that you've opted into in your device settings.
Detect, prevent, and address fraud, abuse, security incidents, and Terms violations.
Comply with legal obligations and enforce our Terms.
Communicate with you about updates, security alerts, and support.
Analyze usage patterns to improve features (in aggregate, non-identifying form where feasible).

Legal bases (EEA/UK users — GDPR): We process personal data under one or more of: (a) performance of a contract (delivering the Service), (b) legitimate interests (security, abuse prevention, product analytics), (c) legal obligation, or (d) your consent (push notifications, optional features).

4. How We Share Information

We do not sell personal information. We share information only as follows.

4.1 With Other Users

Information you choose to make public is visible to other users: username, member number, avatar, bio, location, fits, votes, follows, ELO, level, grails, and salon comments. Anything you post can be seen by other members.

4.2 Service Providers ("Processors")

Provider	Purpose	Data Categories
Supabase (database, auth, storage)	Hosting, authentication, file storage	All account + content data
Expo (EAS) (push notifications)	Delivery of push notifications	Push tokens, notification payloads
Apple / Google (app distribution)	App Store / Play Store distribution	Account identifier, purchase info
Cloudflare (web infrastructure)	DDoS protection, CDN	IP, device, request metadata

4.3 Legal and Safety Disclosures

We may disclose information to: (a) comply with valid legal process, (b) enforce our Terms, (c) protect the rights, property, or safety of Noirchive, our users, or others, or (d) investigate suspected fraud, abuse, or security incidents.

4.4 Business Transfers

If Noirchive is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will notify you of any material change in use of your information.

5. International Data Transfers

The Service is operated from the United States. For users in the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (or other adequate transfer mechanisms) for cross-border transfers.

6. Data Retention

Account data: retained until you delete your account.
User-generated content: retained as long as your account is active.
Logs and security data: retained up to 90 days.
Backups: purged on a rolling 30-day cycle.
Reports: retained for moderation and legal records (up to 3 years).
Deleted accounts: profile and content are hard-deleted within 30 days; some anonymized aggregate records may persist.

7. Cookies and Tracking (Website)

The Noirchive mobile app does not use web cookies. The website at noirchive.com may use cookies for strictly necessary functions (session, security) and, with your consent, analytics. You can disable cookies in your browser settings.

We do not use cross-site tracking. We do not respond to "Do Not Track" signals at this time.

8. Your Rights and Choices

8.1 All Users

You can access and correct your data in-app, delete your account in Settings → Delete Account, export your data by emailing us, and turn off push notifications in your device's system settings.

8.2 EEA / UK Users (GDPR)

You have the right to: access, rectification, erasure, restriction of processing, data portability, objection to processing, and withdrawal of consent. Contact help.noirchive@gmail.com to exercise any right. You also have the right to lodge a complaint with your local supervisory authority.

8.3 California Users (CCPA / CPRA)

If you are a California resident, you may request disclosure, deletion, or correction of your personal information. We do not sell or share personal information as defined under California law. We will not discriminate against you for exercising any CCPA right.

8.4 Other U.S. States

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights — contact us to exercise them.

9. Children's Privacy

The Service is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact help.noirchive@gmail.com.

10. Security

We use industry-standard measures including TLS 1.2+ encryption in transit, encryption at rest, auth tokens stored in iOS Keychain / Android Keystore, row-level security on user data, and restricted access controls. No system is perfectly secure. If you believe your account has been compromised, contact us immediately.

11. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for their privacy practices. Review their policies before sharing information.

12. Changes to This Policy

We may update this Policy from time to time. We will post the updated Policy with a new "Last Updated" date. For material changes, we will provide additional notice (in-app banner, email, or push). Continued use constitutes acceptance.

13. Contact Us

CONTACT

help.noirchive@gmail.com

Ethan Narvaes · Honolulu, HI

noirchive