Privacy Policy

Last updated: December 9, 2025

Our Commitment to Your Privacy

At Citrus, we believe your personal relationships are sacred. This app was built with privacy at its core. Your connection data, notes, and interactions are yours and yours alone.

What Data We Collect

Local Data (Stored on Your Device)

  • Contact information you add (names, birthdays, notes)
  • Moments and interactions you record
  • Intentions and reminders you create
  • Your settings and preferences
  • Analytics data about your connection patterns

This data lives in your device's local database and is never sent to our servers unless you explicitly enable cloud sync.

Optional Cloud Sync Data

If you choose to enable cloud sync, your connection data is securely stored in our database (powered by Supabase) and encrypted. This allows you to:

  • Access your data across multiple devices
  • Backup your data in case you lose your phone
  • Keep your connections in sync

Account Data

If you create an account:

  • Email address (for authentication)
  • Password (hashed and encrypted)
  • Account creation date

How We Use Your Data

  • To provide the core functionality of the app (tracking connections, sending reminders)
  • To sync your data across devices (if you enable cloud sync)
  • To send you notifications about upcoming intentions (with your permission)
  • To improve the app based on anonymous usage analytics

We will NEVER:

  • Sell your data to third parties
  • Use your data for advertising
  • Share your personal information without your explicit consent
  • Access your contact data without your permission

Where Your Data Lives

Local-first architecture: All your data is stored locally on your device using SQLite. You can use Citrus completely offline.

Optional cloud backup: If you enable cloud sync, your encrypted data is stored on secure servers (Supabase, hosted on AWS) with industry-standard encryption.

Location: Cloud data is stored in the United States.

Third-Party Services

We use the following trusted services:

  • Supabase: Authentication and optional cloud sync
  • Expo: Mobile app framework and push notifications

Each of these services has their own privacy policies, which we encourage you to review.

Your Rights

You have complete control over your data:

  • Access: All your data is accessible in the app at any time
  • Export: You can export your data at any time (coming soon)
  • Delete: You can delete individual records or your entire account
  • Opt-out: You can disable cloud sync and notifications at any time

Data Retention

Local data remains on your device until you delete it. If you delete the app, all local data is removed.

Cloud-synced data remains in our database until you delete your account. When you delete your account, all associated data is permanently removed within 30 days.

Security

We take security seriously and implement industry-standard practices:

  • All data transmitted between your device and our servers is encrypted (HTTPS/TLS)
  • Passwords are hashed using bcrypt
  • Cloud data is encrypted at rest
  • We follow secure coding practices and regularly update dependencies

Children's Privacy

Citrus is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes via email or through the app. The "Last updated" date at the top of this page will always reflect the most recent version.

Contact Us

If you have questions about this privacy policy or how we handle your data, please reach out:

Email: citruscrmcontact@gmail.com

Our Promise

Citrus was created to help people stay connected, not to harvest data. Your relationships are personal, and we're committed to keeping them that way.

🍋 Made with care for your connections

Back to Home