Privacy Policy for Modfest
Effective Date: May 18, 2026
This Privacy Policy explains how Dakota Long ("we," "us," "our") collects, uses, and shares information when you use the Modfest mobile application (the "App"). It applies to information processed in connection with your use of the App, regardless of whether you sign in.
If you have questions, contact us at support@modfest.app.
1. Summary
Modfest is a mobile companion for tracking your vehicles, parts, and project plans, with optional features for backing up to the cloud and sharing builds with a small community.
- You can use Modfest without creating an account. When you don't sign in, your data lives on your device and we collect very little — only the technical and analytics information described below.
- Signing in is optional and unlocks cloud backup, multi-device sync, and the social feed.
- We don't sell your personal information to third parties for monetary value or share it for cross-context behavioral advertising under California law.
- You can delete your account at any time from inside the App at Profile → Data → Delete account. Deletion is immediate and removes your account and all associated cloud data from our servers.
2. Information We Collect
2.1 Information you provide
Account information. When you sign in, we receive an email address and a unique identifier from your sign-in provider (Google or Apple). When signing in with Apple, you may choose to share or hide your name and email; if you select "Hide My Email," Apple gives us a relayed email address that forwards to your real one without revealing it.
Profile information. You may set a username, display name, biography, location, and profile picture. Your username is publicly visible to anyone who views your social profile or any builds you publish; the display name, bio, location, and picture are also public for your published content.
User content. Information you create or upload to the App, including:
- Vehicle records (year, make, model, photos, notes, public/private flag)
- Project plans and install steps (titles, descriptions, parts lists)
- Inventory items (part names, categories, costs, photos)
- Reference links and media (photos and videos)
- Build posts you publish to the social feed
- Likes, favorites, comments, follows, and content reports
User content stays on your device by default and is uploaded to our servers only when you (a) enable cloud backup (a paid feature), (b) publish a build to the social feed, or (c) interact with public content (likes, comments, follows, reports).
Subscription and purchase information. If you upgrade to Modfest Premium, our subscription processor (RevenueCat) records your purchase, the active entitlement, and renewal status. The actual payment is handled by Apple (App Store) or Google (Play Store), and we do not receive your full payment-card details.
Support communications. If you email us, we keep the messages and the email address you wrote from so we can respond and follow up.
2.2 Information collected automatically
Device and technical data. When you use the App, we automatically collect technical information needed to operate it, including a device-generated identifier, your operating system and version, application version, language, and approximate region (country) inferred from your IP address. We do not collect precise GPS location.
Usage analytics. We collect anonymous usage events to understand which features people use and where they get stuck. Events include things like "app opened," "screen viewed," and a small set of feature-level events such as creating a car, publishing a build, or hitting a feature limit. Once you sign in, these events are linked to your account; before sign-in, they're tied to a randomly generated anonymous identifier on your device. We do not record screen content or keystrokes.
Crash reports. When the App crashes or hits an unhandled error, we receive an automated diagnostic report containing the error message, a stack trace, the device model, OS version, App version, and (when you're signed in) your account identifier. These reports help us fix bugs and improve stability.
Advertising identifiers. Free-tier users see banner advertisements served by Google AdMob in the social feed. AdMob may receive your device's advertising identifier (IDFA on iOS, AAID on Android), IP address, and broad ad-targeting signals. On iOS 14.5+, you'll see a system prompt the first time AdMob asks for permission to track ("App Tracking Transparency"); if you decline, AdMob serves only non-personalized ads.
2.3 Information from third parties
Sign-in providers. When you sign in with Google or Apple, we receive a verified identity token from them, plus an email address and (for Apple, on the very first authorization) optionally your name. We do not receive your contacts, calendar, or any other Google/Apple data.
Subscription stores. Apple and Google tell us (via RevenueCat) when your subscription starts, renews, or is canceled. We don't see your payment-card details or your store-account information beyond a store-issued user identifier.
3. How We Use Information
We use the information we collect to:
- Operate, maintain, and provide the App and its features.
- Authenticate you, keep your session active, and synchronize your data across devices when you have cloud backup enabled.
- Display your published content and profile to other users when you choose to make content public.
- Process subscriptions, prevent fraudulent purchases, and honor restore-purchase requests.
- Diagnose crashes, fix bugs, monitor performance, and develop new features.
- Understand product usage in aggregate (e.g. which features are popular, where new users get stuck).
- Show advertisements to free-tier users (and not show them to paying subscribers).
- Communicate with you about service changes, important account notices, and support requests.
- Protect against fraud, abuse, and violations of our Terms of Service.
- Comply with legal obligations and respond to lawful requests.
We will not use your private (non-published) data to train machine-learning models, and we will not sell your information to third parties.
4. How We Share Information
We share information only with the categories of recipients listed below, and only to the extent necessary for the purposes described.
4.1 Service providers ("processors")
We use third-party vendors to run parts of the App. They process your information on our behalf, under contractual confidentiality and security obligations, and they are not allowed to use it for their own purposes.
| Vendor | Role | What they receive |
|---|---|---|
| Supabase | Authentication, database, file storage | Account, profile, user content, cloud backups, public content |
| Google (Sign-in with Google, OAuth) | Identity verification | OAuth identity token (no contact list, calendar, or other Google data) |
| Apple (Sign in with Apple) | Identity verification | OAuth identity token; optional name on first sign-in |
| RevenueCat | Subscription management | Account identifier, subscription state |
| PostHog | Product analytics | Anonymous or account-linked usage events |
| Sentry | Crash and error monitoring | Crash reports with device metadata and (when signed in) account identifier |
| Google AdMob | Banner advertising for free-tier users | Device advertising identifier, IP, ad-targeting signals (subject to your tracking-permission choice on iOS) |
| Apple App Store / Google Play Store | Payment processing for subscriptions | Subscription transactions; we do not receive your full card details |
| Cloudflare (if used as a CDN) | Content delivery for media | Network-level IP/log data |
4.2 Other users
Information you make public — your username, display name, profile picture, bio, location, builds you publish, comments you post, likes, follows — is visible to other Modfest users and to anyone who can view your public profile. Don't include private information in fields you intend to make public.
4.3 Legal and safety
We may share information when we have a good-faith belief that doing so is necessary to: comply with applicable law, lawful government requests, or court orders; enforce our Terms of Service; investigate fraud, security incidents, or abuse; or protect the rights, property, or safety of Dakota Long, our users, or others.
4.4 Business transfers
If we're involved in a merger, acquisition, financing, sale of assets, or similar transaction, your information may be transferred to the successor entity, subject to this Privacy Policy or an equivalent successor policy.
4.5 Aggregated or de-identified data
We may share aggregated or de-identified information that cannot reasonably be used to identify you. For example, we may publish a high-level statistic like "users created N projects last month."
5. Your Choices and Rights
5.1 In-app controls
- View and edit your profile at Profile → Edit profile.
- Make a build private by toggling off the "Public on social" switch on the car or plan detail screen.
- Delete a build, car, plan, or part from the corresponding detail screen.
- Reset local data only at Profile → Data → Delete local data only.
- Sign out at Profile → Account.
- Delete your account and all associated cloud data at Profile → Data → Delete account. This is immediate and irreversible.
5.2 Operating system controls
- Notifications: Disable in your device's Settings app.
- Camera, microphone, and photo-library access: Toggle in Settings → Privacy.
- Advertising tracking (iOS): Settings → Privacy & Security → Tracking. Set the App Tracking Transparency permission to "Ask App Not to Track" or revoke after the fact.
- Reset advertising identifier (iOS / Android): Available in Settings.
5.3 Email
If we send you marketing or service emails, you can opt out by following the unsubscribe link or contacting us at support@modfest.app. Transactional emails (account verification, security notices, receipts) cannot be opted out of without closing your account.
5.4 Region-specific rights
California residents (CCPA / CPRA). You have the right to know what personal information we collect and how we use it (set out above), the right to access a copy of your personal information, the right to deletion, the right to correct inaccurate information, the right to limit our use of "sensitive personal information" (we don't use sensitive PI for the limited purposes that would trigger this right), and the right to non-discrimination for exercising these rights. We do not "sell" personal information and we do not "share" personal information for cross-context behavioral advertising as those terms are defined in California law.
To exercise these rights, contact support@modfest.app. We may need to verify your identity before fulfilling a request.
EU / EEA / UK residents (GDPR / UK GDPR). Where GDPR or UK GDPR applies, our legal bases for processing are: (a) performance of a contract for operating the App, syncing your account, and processing subscriptions; (b) legitimate interests for analytics, crash reporting, and security; and (c) consent for advertising tracking and any optional analytics where consent is required. You have the rights to access, rectification, erasure, restriction, portability, and objection, and to lodge a complaint with your local data-protection authority.
To exercise GDPR rights, contact support@modfest.app.
6. Data Retention
- Account and profile information: Retained while your account is active. Deleted within 30 days of you deleting your account, except where we have a legal obligation to retain it longer (e.g. tax, fraud-prevention, or legal-process records).
- User content: Stored as long as you keep it. Cloud-backed content is removed when you delete the underlying record locally (synced via tombstones) or when you delete your account.
- Public content (builds, comments, likes): Removed when you delete the originating record or your account.
- Analytics events: Retained for up to 24 months in PostHog, then aggregated or deleted.
- Crash reports: Retained for up to 90 days in Sentry.
- Subscription records: Retained for the period required by Apple and Google for tax and refund handling (typically up to 7 years).
- Support correspondence: Retained for up to 24 months from the date of the last message.
- Backups: Encrypted backups of our databases may retain data for up to 30 days after deletion before they roll off the backup window.
7. Children's Privacy
Modfest is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are under 13, do not use Modfest or provide any information to us. If you believe a child under 13 has provided us with personal information, contact support@modfest.app and we will delete it.
In jurisdictions where the digital-consent age is higher than 13 (for example, some EU member states set it at 16), Modfest is not directed to users under that local age either.
8. Security
We use technical and organizational safeguards to protect your information, including:
- TLS encryption for data in transit between the App and our servers.
- At-rest encryption for the database and file storage.
- Row-level security policies that restrict access to your own data.
- Hashed authentication credentials (we never store passwords directly; OAuth tokens are short-lived).
- Secret keys held only in build pipelines and never in client code.
- Privileged-access controls within Dakota Long.
No security measure is perfect, and we can't guarantee absolute security. If we become aware of a security incident affecting your information, we will notify you in line with applicable law.
9. International Data Transfers
Our service providers — Supabase, RevenueCat, PostHog, Sentry, AdMob, Apple, and Google — operate globally and may process information in the United States and other countries. Where required (for example, transfers from the EU/EEA/UK to the United States), we rely on the EU Standard Contractual Clauses or equivalent transfer mechanisms offered by these providers.
10. Changes to this Policy
We may update this Privacy Policy from time to time. When we make a material change, we'll update the "Effective Date" at the top of the document and, where appropriate, notify you in the App or by email. Your continued use of the App after the effective date of the updated policy means you accept the updated policy.
The current version of this policy is always available at https://modfest.app/privacy.
11. Contact Us
For questions, complaints, or to exercise your rights under applicable privacy laws, contact:
Dakota Long
support@modfest.app
If you live in the EU/EEA/UK and we have not resolved your concern, you may lodge a complaint with your local supervisory authority.
This document is the privacy policy for the Modfest mobile application and the related Terms of Service available at https://modfest.app/terms.