POY · Legal
Cookie & Tracking Policy
Identifiers and cookies used by the app and this website.
Draft v0.1 — Effective date: [GO-LIVE DATE] (drafted 2026-06-08)
This policy explains the cookies, SDKs, and device identifiers used by POY — in the mobile app and on the heypoy.app website — and your choices. It supplements our Privacy Policy.
The short version: POY does not use advertising cookies, third-party ad SDKs, or cross-app/cross-site tracking. We use only the technologies needed to run, secure, and operate the Service, plus (with your permission) push notifications.
1. The POY mobile app
A native app doesn't use browser "cookies", but it uses SDKs and identifiers that work similarly. POY uses only strictly necessary and functional/security technologies:
| Technology | Provider | Purpose | Category |
|---|---|---|---|
| Firebase Authentication | Verify your phone number and keep you signed in | Strictly necessary | |
| Cloud Firestore / Storage / Functions SDKs | Store and retrieve your content, votes, and settings; run server logic | Strictly necessary | |
| Local storage / installation identifier | App / Google | Remember session, app state, and the device's app instance | Strictly necessary |
| Firebase Cloud Messaging (push token) | Send notifications (e.g. vote milestones) | Functional — requires your device permission (consent) | |
| App Check (Play Integrity) | Confirm requests come from the genuine POY app, to prevent abuse | Security | |
| IP address & device/app/OS identifiers | Google infra | Security, fraud prevention, reliability, and serving "Decide" content in your language | Strictly necessary |
We do not use these for advertising or to build a behavioural profile of you. We do not include any third-party advertising, analytics-for-ads, or social-media tracking SDKs.
[If you later add a privacy-respecting product-analytics or crash-reporting SDK (e.g. Firebase Crashlytics/Analytics), list it here, state its purpose and whether it's consent-based, and update the Privacy Policy + consent flow accordingly.]
2. Your choices (app)
- Push notifications: grant or revoke anytime via your device settings (Android → Apps → POY → Notifications) or in-app. Revoking stops notifications and we delete the token.
- Permissions: camera and photo/gallery access are requested only when you post; you control them in device settings.
- Reset advertising identifier / opt out of personalised ads at OS level: POY doesn't use the advertising ID, but you can manage it in Android settings regardless.
- Delete everything: Profile → Delete my account.
3. The heypoy.app website
The marketing/legal website may use a small number of cookies:
| Cookie type | Purpose | Consent needed? |
|---|---|---|
| Strictly necessary | Make the site work (e.g. security, load balancing, remembering cookie choices) | No (exempt) |
| Functional (if used) | Remember preferences (e.g. language) | Yes |
| Analytics (if used) | Understand site usage in aggregate | Yes — opt-in |
Under UK PECR/the EU ePrivacy rules, non-essential cookies require your consent. If the website sets any functional or analytics cookies, it must show a cookie banner that lets you accept or reject non-essential cookies, and a way to change your choice later.
[Action: confirm exactly which cookies heypoy.app sets and implement a compliant consent banner before launch. If the site is static/brochure-only with no analytics, state that it uses strictly-necessary cookies only.]
4. Do Not Track / Global Privacy Control
We do not use cross-site tracking, so there is nothing to track across sites. Where the
website honours browser signals such as Global Privacy Control, we'll treat them as an
opt-out of any non-essential cookies. [Confirm implementation.]
5. Changes
We'll update this policy if our technologies change. The current version lives at
heypoy.app/cookies.
Questions: [privacy@heypoy.app].
Questions about this policy? Contact privacy@heypoy.app or visit our contact page.