Legal
Privacy Policy
1. Introduction
Studio Parkar (“we,” “us,” or “our”) operates the Samay mobile application (“Samay,” “the App”). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use Samay.
By creating an account or using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.
2. Information We Collect
2.1 Account and Authentication Data
When you create an account, we collect:
- Email address — used for authentication and account recovery.
- Name (given name and family name) — collected if you sign in with Apple and choose to share your name.
- User ID — a unique identifier assigned to your account by our authentication provider.
We support the following sign-in methods: email and password, Sign in with Apple, and Sign in with Google (where available).
2.2 Business Profile Information
You may optionally provide business information used for invoicing:
- Business name, email, phone number
- Business address (street, city, state/region, postal code, country)
- Business logo (image file)
- Payment instructions or notes
- Preferred currency, default hourly rate, invoice number prefix, timezone
2.3 Professional Work Data
The core function of Samay involves tracking your professional work. We store:
- Time entries: project association, start/end times, duration, description, billable status
- Expenses: amount, description, billable status, receipt images
- Clients: name, email, billing contact, phone, address
- Projects: name, billing type, rate, budget hours, client association
- Invoices: invoice number, status, dates, line items, tax rates, totals, business and client snapshots
- Payments: amount, payment method, date received, reference number
2.4 Files and Media
- Business logos — uploaded to configure your invoice branding.
- Expense receipts — photos captured via camera or selected from your photo library.
2.5 Usage and Analytics Data
We collect anonymized usage data to improve the App, including feature usage events, general interaction patterns, and app version information. Analytics collection is handled by PostHog and can be limited through your device settings.
2.6 Crash and Error Reports
We collect crash reports and error logs via Sentry to diagnose and fix technical issues. This includes exception details, device/OS context, and your user ID to correlate errors with your session.
2.7 Locally Stored Data
Certain data is stored on your device to support offline functionality, including active timer state, pending sync queue, form drafts, and temporary CSV export files.
3. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide and operate the App | All professional work data, account data |
| Authenticate your identity | Email, name, sign-in credentials |
| Generate and deliver invoices | Business profile, client details, time entries, expenses |
| Send invoices via email | Client email, invoice PDF, your business details |
| Process subscriptions | User ID, purchase history (via RevenueCat and Apple App Store) |
| Support offline usage | Locally cached time entries, expenses, sync queue |
| Analyze usage and improve the App | Anonymized analytics events |
| Diagnose crashes and errors | Error reports, stack traces, user ID |
We do not use your data for advertising, sell your personal information, or build advertising profiles.
4. How We Store Your Information
4.1 Remote Storage
Your account and professional data are stored in a PostgreSQL database hosted by Supabase. Uploaded files (business logos, expense receipts) are stored in Supabase Storage buckets. All data is transmitted over encrypted connections (TLS/HTTPS).
4.2 Local Storage
Samay stores limited data on your device using iOS system storage to support offline operation, form drafts, and active timer state. This data is synced to our servers when connectivity is available.
4.3 Data Retention
We retain your data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law.
5. Third-Party Services
Samay integrates with the following third-party services. Each receives only the data necessary for its function:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Auth, database, file storage, server-side functions | All account and professional data |
| RevenueCat | Subscription management, in-app purchases | User ID, purchase history, subscription status |
| Apple | Authentication, payment processing | Apple ID token, email, name, App Store receipts |
| PostHog | Product analytics | User ID, event names and properties |
| Sentry | Crash reporting | User ID, error details, stack traces |
| Resend | Invoice email delivery | Recipient email, invoice PDF, email content |
6. Invoice Email Delivery
When you send an invoice through Samay, the invoice PDF, recipient email address, and email subject/body content are transmitted to the recipient. You are responsible for ensuring you have appropriate permission to email your clients through the App.
7. Device Permissions
| Permission | Purpose |
|---|---|
| Camera | Capture receipt photos for project expenses |
| Photo Library | Select receipt photos or business logo from your library |
| Live Activities | Display active timer on your Lock Screen and Dynamic Island |
You can manage these permissions at any time through your device’s Settings app.
8. Your Rights and Choices
8.1 Access and Export
You can export your time entry and expense data as CSV files from the Reports section of the App.
8.2 Correction
You can update your business profile, client details, and project information at any time within the App.
8.3 Deletion
You may request deletion of your account and associated data by contacting us at privacy@getsamay.com. Upon receiving a verified request, we will delete your account and data within 30 days, remove uploaded files from our storage, and clear your identifier from analytics and crash reporting systems.
8.4 Opt Out of Analytics
PostHog analytics can be limited through your device’s tracking and privacy settings.
9. Children’s Privacy
Samay is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete that information promptly.
10. Data Security
We implement reasonable technical and organizational measures to protect your data, including TLS/HTTPS encryption for all data in transit, Supabase row-level security policies ensuring users can only access their own data, owner-scoped file storage policies, and upload restrictions by file type and size.
No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
11. International Data Transfers
Your data is processed and stored on servers located in the United States (AWS US East region via Supabase). By using the App, you consent to the transfer and processing of your data in the United States.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date and may notify you through the App. Continued use of Samay after changes are posted constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern:
Studio Parkar
Email: privacy@getsamay.com
Website: getsamay.com