Privacy Policy

Last updated: April 6, 2026

Ninkki ("App") respects user privacy and is committed to protecting personal information. This Privacy Policy describes the types of information the App collects, the purposes for which it is used, sharing with third parties, and your rights as a user.

1. Information We Collect

Account Information

• Email address (if registered with an email address)
• Apple ID information (if signed in with Apple)
• Google account information (if using Google sign-in)
• Display name, user handle
• Profile image (optional)
• Gender, age range, occupation (used to optimize AI comments)

Guest login is also available. Guest users can upgrade to a full account at any time from the Settings screen.

Usage Data

• Post content (text, images)
• Friend connection information
• In-app settings (theme, font, notification preferences, etc.)
• Push notification token (used for notification delivery)

Device Information

• Device type, OS information
• Advertising ID (only when ATT permission is granted; used for Google AdMob ad delivery)

Information Stored Locally (Not Sent to Servers)

• App lock passcode (activates on app launch and when returning from other apps)
• Draft content
• Hashtag history
• Display settings (font, theme, etc.)

2. How We Use Information

The information we collect is used for the following purposes:

• Provision and operation of the service
• Optimization of AI follower comments and reaction generation (using the Google Gemini API)
• Delivery of push notifications
• Responding to user support inquiries
• Prevention of unauthorized use
• Statistical analysis for service improvement (in a non-personally identifiable format)

3. Information Sharing with Third-Party Services

The App uses the following third-party services to provide its functionality. Only the minimum information necessary for each service is shared.

• Supabase — Used as the database and authentication infrastructure. User data is stored on Supabase cloud servers (PostgreSQL).
• Google Gemini API — Used for AI comment generation. Post content is sent for AI processing.
• Google AdMob — Used for ad delivery. Ads are displayed only to users on the free plan. The advertising ID may be used when ATT permission (described below) is granted.
• Apple — Used for In-App Purchase processing and Sign in with Apple authentication.
• Expo — Used as the push notification delivery service.

Payment Information

• Purchase tokens and receipts generated during In-App Purchases are sent to Apple for verification purposes only.
• Payment information (such as credit card numbers) is never stored on our servers. All payment processing is managed by Apple.
• Transaction records may be retained as required by tax and regulatory obligations.

4. App Tracking Transparency (ATT)

For users on iOS 14.5 or later, permission will be requested before accessing the advertising ID.

• If permitted: Personalized ads may be displayed.
• If denied: Only non-personalized ads will be displayed. App functionality is not affected.

Ads are not displayed to users on paid plans.

5. Data Storage and Security

• User data is stored on Supabase, and all communications are encrypted via SSL/TLS.
• Passwords are stored in a hashed (irreversibly transformed) state (Supabase Auth).
• The app lock passcode is stored only on the user's device and is not sent to any server.
• Row Level Security (database-level access control) is implemented to prevent unauthorized access.

6. Data Deletion

Users may delete their account at any time from "Delete Account" in the Settings screen.

Data that will be deleted:

• Posts, comments, reactions
• Friend connections
• Profile information
• Push notification tokens

Data cannot be recovered after deletion. Please note that subscription cancellation must be performed separately through iOS Settings.

7. Data Retention Period

• Data is retained for as long as the account exists.
• All data is promptly deleted after account deletion.
• If retention is required by law, data will be retained for the legally prescribed period.

8. Cookies and Tracking

• The App does not use web-based cookies.
• Secure tokens (Supabase Auth JWT) are used for session management.
• Settings information is stored in local storage on the device (not sent to servers).

9. Children's Privacy

The App is not intended for children under the age of 13. If it becomes known that a person under the age of 13 is using the App, their account and associated data will be promptly deleted. We also respond to inquiries from parents and guardians.

10. Your Rights

Users have the following rights:

• View and edit account information (from the Profile screen)
• Delete account (from the Settings screen)
• Disable push notifications (from device settings)
• Opt out of advertising ID tracking (from device settings)
• Manage or cancel subscriptions (from iOS Settings)

11. Changes to This Policy

This Policy may be modified as necessary. Users will be notified of changes through in-app notifications, and significant changes will be prominently announced within the service.

12. Contact Us