YunaKuma · Privacy Policy
Last updated: 2026-05-17
This Privacy Policy describes how YunaKuma ("we", "us", "the app") collects, uses, and shares information when you use our Android application.
Who we are
YunaKuma is operated by [YOUR LEGAL NAME / COMPANY NAME], contact: hello@yunakuma.com.
App audience
YunaKuma is a general-audience messaging application. It is not directed at children under 13 and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided information to us, contact us at the address above and we will delete the data.
What we collect
When you use YunaKuma, we collect the minimum information needed to operate the service:
| Data | Why we collect it | Where it is stored |
|---|---|---|
| Self-chosen display name (1–20 characters) | So your friends recognize you in chats | Supabase database |
| Chosen avatar emoji | Visual identifier next to your name | Supabase database |
| A randomly generated user ID (UUID) | To uniquely identify your account | Supabase database |
| A recovery code you create | So you can restore your account if you reinstall the app. We store it as a one-way hash; we cannot read it. | Supabase database |
An auto-generated email (<hash>@yunakuma.app) | Required by our authentication system. It is derived from your recovery code; we never email you. | Supabase database |
| Firebase Cloud Messaging token | So we can send you push notifications. This token identifies your device, not you. | Supabase database |
| Your messages (text, sticker references) | To deliver them to your contacts and groups | Supabase database |
| Your contact connections | To remember who you can chat with | Supabase database |
| Your group memberships | To remember which group chats you are in | Supabase database |
| Block and report records you create | For your safety and to enforce community rules | Supabase database |
We do not collect: your email address, your phone number, your real name, your location, your device contact list, your photos, your browsing history, your IP address (beyond standard server logs), or any advertising identifiers.
We do not use any third-party analytics, advertising, or tracking services.
How we use your information
We use the information above to:
- Authenticate you when you open the app
- Display your name and avatar to people you have connected with
- Deliver your messages to your contacts and groups
- Send you push notifications when new messages arrive (if you have notifications enabled)
- Enforce safety features (block, report, profanity filter)
- Delete expired messages automatically after 30 days
We do not sell, rent, or share your information with third parties, except as described under "Third-party services" below.
Message retention
By default, all messages auto-delete 30 days after they are sent. This applies to your messages on our servers and on the recipients' devices.
You may not be able to recover deleted messages.
Third-party services we use
YunaKuma relies on a small number of third-party infrastructure services:
- Supabase (database, authentication, and storage): Supabase Privacy Policy
- Firebase Cloud Messaging (push notification delivery): Firebase Privacy Information
- Google Play Services (required for FCM on Android): Google Privacy Policy
These services may collect technical information (such as IP addresses) needed to provide their services. Refer to their respective privacy policies for details.
Your rights and choices
- Access and export: contact us to request a copy of the data we hold about you.
- Deletion: in the app, go to Me → Delete my account. This permanently deletes your user record, your messages, your contacts, your group memberships, and any reports you have filed. Deletion cascades immediately.
- Block and report: long-press any message to block or report the sender.
- Disable notification previews: in the app, go to Settings → Messaging → Notification preview and turn it off. Push notifications will then show only the sender's name.
- Disable push notifications entirely: revoke the notification permission via your Android system settings for YunaKuma.
If you are in the EU, UK, or another region with comparable laws, you have the right under the GDPR (or equivalent) to access, rectify, erase, restrict, or port your data, and to lodge a complaint with your data protection authority.
Data security
We protect your data using industry-standard practices: TLS encryption in transit, Postgres Row Level Security, and bcrypt hashing for your recovery code. We cannot recover your account if you lose your recovery code; this is by design.
International transfers
Your data is stored in Supabase's Asia-Pacific region (Singapore). If you access the service from outside this region, your data will be transferred to and stored in Singapore.
Changes to this policy
We will update this policy if our practices change. The "Last updated" date at the top will reflect the most recent revision. Material changes will be announced in-app.
Contact us
Questions or requests can be sent to hello@yunakuma.com.