Privacy Policy

1. Introduction

This Privacy Policy explains how Mainmo Pte. Ltd. ("jpeg," "we," "us," or "our") collects, uses, shares, and protects information when you use the jpeg.fun website, mobile applications, and related services (collectively, the "Service").

jpeg is a photo contest and social collection app. This Policy is written to match the current mobile app permission and data surface, including camera, photo library, microphone, contacts, location, motion sensors, analytics, push notifications, Supabase, and Expo services.

Some features are optional. If you deny a permission, the related feature may be unavailable, but the rest of the Service should continue to work where possible.

2. Information We Collect

2.1 Account, Profile, and Authentication Information

We collect information you provide when creating or managing an account, such as your email address, phone number, username, profile photo, profile background, bio, authentication identifiers, and settings.

Authentication may be handled through Supabase Auth and third-party sign-in providers such as Apple or Google. We receive the information needed to create, secure, and maintain your account, such as provider identifiers, email address, session metadata, and authentication tokens.

2.2 Photos, Videos, Audio, and Other User Content

jpeg is built around user-submitted media. We collect photos, videos, captions, prompts, comments, reactions, shares, follows, leaderboard activity, showcase selections, and other content or interactions you choose to submit.

Camera. If you use the in-app camera, the app requests camera access so you can capture contest submissions and profile media.

Photo library. If you choose media from your library or save/share generated media, the app requests photo library or media library access for that selected action.

Microphone and audio. If you record a video, the app requests microphone access so the video can include audio. We collect and process audio only as part of media you choose to record or upload.

Uploaded media is stored and served through our infrastructure and storage providers, including Supabase Storage. Media may be public or visible to other users depending on the feature you use.

2.3 Contacts and Friend Discovery

If you use Find Friends from Contacts, the app asks for access to your address book. The app reads contact names and phone numbers on your device to help show friend matches.

For server-side matching, the app normalizes phone numbers and sends SHA-256 hashes of phone numbers to our API. We do not upload or store your full address book for contact matching, and raw phone numbers from your contacts are not stored by us for that purpose.

If you add your own phone number to your account, we may store that phone number and its SHA-256 hash so other users who already have your number can find you.

2.4 Location and Geotagging

If you capture a photo or video and grant location permission, the app may collect foreground location data at capture time, including latitude, longitude, and a reverse-geocoded city, region, neighborhood, or similar place label.

Location data is used to geotag contest submissions, support location-aware contest experiences, and display where content was captured when that feature is enabled. If you deny location permission, capture can continue without geotagging.

We may also infer approximate location from IP address for security, fraud prevention, analytics, and regional compliance.

2.5 Motion Sensors, Device Data, Notifications, and Diagnostics

Motion and gyroscope. The app may request motion sensor or gyroscope access to power interactive tilt effects and card animations. Motion readings are used for the in-app visual effect and are not used to build an advertising profile.

Device and technical data. We collect device type, operating system, app version, language, time zone, IP address, device identifiers, and similar technical information needed to operate, secure, troubleshoot, and improve the Service.

Push notifications. If you enable notifications, we collect and store push tokens and notification preferences so we can send account, social, contest, prize, and daily theme notifications. Push delivery may use Expo and platform notification services from Apple or Google.

Diagnostics and analytics. We may collect app usage events, performance data, crash reports, error logs, and feature usage patterns to understand reliability, improve product quality, and prevent abuse.

2.6 Competition, Wallet, and Transaction Activity

We collect contest participation, posts, collections, points or in-app balance activity, prize pool activity, referrals, achievements, streaks, friend requests, and leaderboard data needed to operate jpeg's game mechanics.

If wallet, cash-out, deposit, or payment-related features are enabled, we collect the account, wallet address, ledger, transaction, and compliance information needed to provide those features and meet legal, fraud-prevention, accounting, and security obligations.

3. How We Use Information

We use information to:

• create, authenticate, secure, and maintain accounts;
• operate photo contests, posts, collections, leaderboards, achievements, rewards, and social features;
• upload, store, transcode, moderate, display, and share photos, videos, audio, and related metadata;
• provide friend discovery, including contact matching with hashed phone numbers;
• geotag submissions and support location-aware experiences when location permission is granted;
• send push notifications according to your permissions and notification preferences;
• detect, prevent, and investigate fraud, spam, abuse, policy violations, security incidents, and manipulation;
• provide customer support and respond to requests;
• measure performance, debug errors, improve reliability, and develop new features;
• comply with legal obligations and enforce our Terms, community guidelines, and other policies.

4. How We Share Information

We share information only as needed to operate, protect, and improve the Service:

• Other users and the public. Your username, profile, public posts, contest submissions, comments, leaderboard entries, showcase media, and social activity may be visible to other users or the public depending on the feature.
• Infrastructure and storage providers. We use providers such as Supabase for authentication, database, and media storage; Railway or similar hosting providers for APIs; and Vercel or similar providers for web hosting.
• Expo and platform services. We use Expo/EAS and Apple or Google services for app delivery, updates, notifications, and mobile platform functionality.
• Authentication providers. If you sign in with Apple, Google, or another provider, information is exchanged with that provider to authenticate you.
• Analytics, diagnostics, and security providers. We may use vendors that help us measure usage, detect crashes, monitor reliability, prevent fraud, and protect accounts.
• Payment, wallet, and compliance providers. If payment, wallet, or cash-out features are enabled, we may share information with providers needed to process those features, prevent fraud, and satisfy legal or accounting requirements.
• Legal, safety, and business recipients. We may disclose information when required by law, legal process, regulators, law enforcement, safety concerns, policy enforcement, or a merger, acquisition, financing, restructuring, or sale of assets.

We do not sell personal information for monetary consideration. We do not use contacts, precise location, camera, microphone, photo library, or motion sensor data to build third-party advertising profiles.

5. Your Choices and Permission Controls

• You can deny or revoke camera, microphone, photo library, contacts, location, motion, and notification permissions in your device settings.
• You can use jpeg without granting optional permissions, but features that depend on those permissions may be unavailable or degraded.
• You can update account information and notification preferences in the app where supported.
• You can request account deletion through the app or by contacting us. Some records may be retained where required for security, fraud prevention, dispute resolution, tax, accounting, or legal compliance.

6. Data Retention

We retain information for as long as needed to provide the Service, maintain accounts, operate contests, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, and protect users.

When information is no longer needed, we delete or anonymize it where reasonably possible. Some public content, moderation records, backups, logs, and transaction records may persist for limited periods or where legally required.

7. Security

We use administrative, technical, and organizational safeguards designed to protect information, including access controls, encrypted transport, provider security controls, monitoring, and internal review of sensitive systems.

No method of transmission or storage is completely secure. If we learn of a security incident that requires notice, we will notify affected users and authorities as required by law.

8. Privacy Rights

Depending on where you live, you may have rights to access, delete, correct, export, restrict, or object to certain processing of your personal information. You may also have the right to appeal a decision or opt out of certain sharing practices.

To make a privacy request, contact us at admin@mainmo.com. We may need to verify your identity before fulfilling a request.

9. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that a child under 13 has provided personal information, we will delete it as required by law.

If a future App Store submission targets children or lowers the age rating in a way that makes the Service child-directed, this Policy and the app's data practices must be reviewed before submission.

10. International Users

We are operated by Mainmo Pte. Ltd. and use service providers in multiple jurisdictions. If you use the Service from outside your country, your information may be transferred to and processed in countries with different data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service, website, or email when required. The "Last updated" date shows when this Policy was last revised.

12. Contact

For privacy questions, requests, complaints, or appeals:

Email: admin@mainmo.com

Mail: Mainmo Pte. Ltd., Attn: Privacy, 68 Circular Road, #02-01, 049422, Singapore

By using jpeg, you acknowledge that you have read and understood this Privacy Policy.