Privacy Notice

This Privacy Notice explains how T-Minus Zero (“T-Minus Zero”, “we”, “us”) collects, uses, and discloses information when you use our website, apps, and related services (the “Service”). This notice is written for a US audience and includes common state privacy rights.

For privacy choices and self‑serve requests (download or delete your account data), visit Privacy Choices.

Information We Collect

We collect information you provide, information collected automatically when you use the Service, and information from vendors that help run the Service.

• Account information: name, email address, account identifiers, timezone, and authentication information (handled by Supabase Auth).
• Notification information: phone number (if you opt into SMS), verification status, opt‑in/out timestamps, quiet hours, and alert preferences.
• User preferences: per‑launch notification settings.
• Billing information: subscription status and Stripe customer/subscription IDs; payment card details are processed by Stripe and are not stored in our database.
• Push notification information (if enabled): push subscription endpoint and keys, plus user agent.
• Automatic data: device and browser information, approximate location (derived from IP), and usage/diagnostic data in server logs (depending on hosting/provider settings).

How We Use Information

• Provide and operate the Service (launch schedule, notifications, and account features).
• Authenticate users, prevent abuse, and secure the Service (including optional CAPTCHA).
• Process payments and manage subscriptions.
• Send service communications (verification, alerts you request, and account/billing notices).
• Debug, maintain, and improve reliability (operational logs and monitoring).

How We Disclose Information

We disclose personal information to service providers and vendors that process data on our behalf to provide the Service, such as:

• Supabase (authentication, database, and related infrastructure).
• Stripe (payment processing and subscription management).
• Twilio (SMS delivery and phone verification). You can opt out of SMS alerts at any time by replying STOP.
• CAPTCHA providers (Cloudflare Turnstile or hCaptcha) if enabled for account protection.
• Embedded content providers (e.g., YouTube/Vimeo) if you choose to load embedded video.

We do not “sell” personal information. We do not use third‑party advertising cookies or disclose personal information for cross‑context behavioral advertising. Third‑party services you choose to use through the Service (such as Stripe checkout or embedded video) may collect information directly and use it according to their policies.

Cookies, Local Storage, and Similar Technologies

• We use cookies needed to keep you signed in and to secure the Service (Supabase session cookies).
• We use local storage for certain user experience features (for example, the iOS “Add to Home Screen” reminder cadence).
• Third‑party services you use through the Service (for example, Stripe checkout or embedded video) may set their own cookies or collect device data.

Sensitive Personal Information

Some data elements (such as account login credentials and payment information) may be considered “sensitive” under certain privacy laws. We use sensitive data only as reasonably necessary to provide the Service (for example, to authenticate you, secure the Service, and process payments through Stripe).

Data Retention

We retain personal information for as long as reasonably necessary to provide the Service, comply with law, resolve disputes, and enforce agreements. In general: account/profile and preference data is retained until you delete your account; operational records may be retained for security, troubleshooting, and compliance; and payment records are retained by Stripe and may be retained by us as required by law.

Your US Privacy Rights

Depending on your state of residence and the nature of our processing, you may have rights to access, correct, delete, or obtain a copy of your personal information, and to opt out of certain processing (such as targeted advertising or “sale”/“sharing” of personal information under some laws).

• Access/know: request the categories and specific pieces of personal information we hold about you.
• Delete: request deletion of personal information, subject to certain legal and operational exceptions.
• Correct: request correction of inaccurate personal information.
• Portability: request a copy of your information in a portable format.
• Opt out: opt out of targeted advertising and certain disclosures treated as “sale” or “sharing” under some state laws (if applicable).
• Limit: in some states, request limits on use/disclosure of “sensitive” personal information (if applicable).

• Self‑serve: use Privacy Choices to download your data or delete your account (if signed in).
• Email: send requests to privacy@tminuszero.app.

We may need to verify your identity before fulfilling requests. Authorized agents may submit requests where permitted by law, subject to verification. We will not discriminate against you for exercising privacy rights. Some states provide a right to appeal a denial; include “Appeal” in your email subject if you want to appeal a decision.

If your browser sends a Global Privacy Control (GPC) signal, we treat it as a request to opt out of targeted advertising and “sale”/“sharing” where those concepts apply.

Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information, including TLS in transit and Supabase Row Level Security controls.

Contact

Privacy questions: privacy@tminuszero.app. Support: support@tminuszero.app.

Changes

We may update this notice from time to time. Material changes will be communicated in the Service or through other appropriate channels.