Privacy Policy

Effective Date: June 26, 2026. This document governs the collection, processing, and erasure of user data within the Sound Graffiti ecosystem.

1. Data Collection

Sound Graffiti collects specific metadata and user-provided inputs necessary for the operation of our spatial network. This includes:

  • Account Data: Email addresses and randomly generated/custom handles (Alter-Egos).
  • Authentication Tokens: Secure tokens generated via our infrastructure to maintain active sessions.
  • App Analytics: Non-personally identifiable crash reports and diagnostic data to improve grid stability.

2. GPS & Location Processing

Our core feature relies entirely on physical proximity. Therefore, we require access to your device's precise location services.

Strict Use Policy: Your location is polled *only* when the app is active in the foreground. Location data is used strictly mathematically to calculate the distance between your device coordinates and the anchored coordinates of spatial audio nodes ("Whispers"). We do not sell, rent, or permanently store a history of your movements.

3. Audio Node Storage

When you record a Whisper, the audio file is uploaded to our secure Google Cloud Storage buckets. It is tagged with an encrypted representation of the coordinates where it was recorded.

While your handle is attached to the audio for other users to see, your real email identity is decoupled from the public-facing node.

4. Third-Party Sharing

We believe in absolute data sovereignty. We do not sell data to data brokers. We share data only with infrastructure providers necessary to run the app:

  • Google Firebase: Used for real-time database syncing, user authentication, and blob storage for audio files.

5. User Erasure Rights (GDPR/CCPA)

You have the absolute right to vanish from the grid. Using the "Delete Account" function inside the app settings will instantly trigger a cascading delete protocol. This will wipe your profile, authentication records, and every audio Whisper you have ever recorded from our databases.

6. Security Protocols

All traffic between the mobile application and our servers is secured using TLS 1.3 encryption. Database reads and writes are protected by strict security rules that prevent unauthorized extraction of the spatial node map.

7. Data Protection Officer (DPO)

For inquiries regarding privacy, data extraction requests, or GDPR compliance, please route your transmission to legal@soundgraffiti.com.