Data & Privacy.
Last updated: 8 June 2026.
We built Capsi for people who love peppers. This page explains, in plain language, what data we hold about you, where it lives, who can see it, and how you stay in control.
If you'd rather skip the detail, the short version is right at the top.
In short
We don't sell your data, ever. We don't run ads. We don't track you across other apps or websites. We store the bare minimum we need to run the app — how to sign you in, your profile, and the content you choose to share. The app talks to Apple (Sign in with Apple), Supabase (our backend host), OneSignal (push notifications), and Resend (sign-in emails). Nobody else. You can delete your account inside the app at any time.
Who we are
Capsi is operated by the developer behind this app. You can reach us at privacy@thecapsi.app for any privacy question, data request, or complaint.
What we collect
Account basics. Your email address — either one you give us for a magic-link sign-in, or one Apple shares with us when you use Sign in with Apple. When you use Sign in with Apple, we also store an Apple refresh token we use only once: to revoke that connection with Apple if you delete your account (App Store policy 5.1.1 requires this). We also generate an internal user ID for your account.
Your profile. The display name you choose, an optional avatar image, and your preference for whether your name should appear on the photos you contribute.
Content you create. Pepper photos you submit (with their caption and the source/licence info if relevant), feed posts and comments you write (including any images you attach), garden items you add to your private collection, and the likes, reports, blocks, and feedback you send. The app also keeps the notifications generated for you, like replies to your posts or admin decisions on your photos.
Push routing. A reference to your account on OneSignal so we can send a notification to your device when something happens you've asked to hear about. We pass OneSignal your user ID — no name, no email.
Operational data. The minimum logs needed to keep the service running (database query times, error messages, rate-limit counters). These don't contain the content of your posts and aren't used to profile you.
What we don't collect
No advertising identifier. We don't ask for App Tracking Transparency permission because we don't track. No location, no contacts, no calendar, no microphone, no health data. No third-party analytics SDK — no Firebase, Mixpanel, Amplitude, Segment, Sentry, or anything similar. Nothing about your browsing outside the app.
How we use it
To run your account — sign-in, profile, content display. To show your contributions — posts to the feed, photos to the catalog galleries, garden items to your private collection. To send notifications you've asked for (replies, likes, photo approvals); you can turn these off in iOS Settings at any time. To moderate the community — on-device image checks before submission, admin review of reports, removing rule-breaking content. To prevent abuse — rate limits, blocklists, banned-keyword filters. To send transactional email — sign-in links and account messages only. No marketing.
Who sees what
Other signed-in users see your display name, avatar, approved pepper photos, feed posts, comments, likes, and the public side of your profile. The Photo by … credit on a gallery photo is public attribution by design — that's how community contributors get recognised.
Other users do not see your email, your private garden, your pending photo submissions, your reports, your blocks, your feedback, or the contents of any push notification meant for you.
The admin team sees what users see plus the moderation queue — pending photos, reports, and feedback — so the community can be kept in shape.
Your email and Apple refresh token are only visible to our backend and the people running it.
Companies that help us run the app
Each of these is a data processor: they handle data on our instructions and can't use it for their own purposes.
Apple — Sign in with Apple. Privacy policy: apple.com/legal/privacy.
Supabase — Database, file storage, authentication, and scheduled jobs. Privacy policy: supabase.com/privacy.
OneSignal — Delivers push notifications to your device. Privacy policy: onesignal.com/privacy_policy.
Resend — Sends the sign-in and account email messages. Privacy policy: resend.com/legal/privacy-policy.
Where your data lives
Our database, file storage, and scheduled jobs run on Supabase. OneSignal and Resend operate from outside the EU/UK. Where personal data crosses borders, our contracts with these providers rely on the European Commission's Standard Contractual Clauses for the transfer.
How long we keep it
Account data stays until you delete your account. After deletion, we keep nothing personally identifying about you, except:
Approved pepper photos. When you delete your account, the photos you've contributed to the public catalog stay — but your name is removed and they appear as anonymous community contributions. This keeps the catalog useful for everyone. If you want a specific photo removed too, email us before or after deletion.
Backups. Encrypted database backups roll off our backend within the short retention window kept by our host.
Moderation logs. Records of removed content (and why) are kept for up to twelve months so we can spot repeat abuse.
Your rights
You can see what we hold by viewing your profile and content in the app, or by asking us by email. You can correct anything wrong by editing your profile, or by asking us. You can export your data by asking us — we'll respond within 30 days. You can delete your account inside the app at Settings → Delete account. You can turn off push notifications in iOS Settings → Notifications → Capsi. You can object to processing where our legal basis is legitimate interest (for example, moderation logs), and withdraw consent any time we relied on it. You can complain to your local data protection authority — EU/UK users can find theirs at edpb.europa.eu/about-edpb/about-edpb/members_en.
For any of these, email privacy@thecapsi.app and we'll handle it.
Deleting your account
Tap Settings → Delete account and confirm. Here's what happens:
Your account is scheduled for deletion and you're signed out immediately. You have a 30-day grace period — sign back in inside that window and the deletion is cancelled.
After 30 days, a daily scheduled job runs. Your Sign in with Apple connection is revoked with Apple. Your avatar, posts, comments, feedback, garden items, reports, notifications, and pending photo submissions are deleted from the database, along with the image files behind them. Your approved pepper photos stay in the public catalog as anonymous community contributions — your name is removed. Finally, your authentication record is deleted so the email or Apple ID can't sign back into a leftover profile.
Children
This app isn't aimed at children under 13 (or 16 in some EU member states). We don't knowingly collect data from anyone in that age group. If you're a parent or guardian and believe we have, email us and we'll remove it.
Security
All traffic between the app and our backend goes over HTTPS/TLS. The database and file storage are encrypted at rest by Supabase. Photos go through an on-device sensitivity check (Apple's Sensitive Content Analysis) before they're uploaded. Pepper photo submissions are reviewed by a human before they're shown publicly. Text content runs through a banned-keyword filter at submission. Access to backend tooling uses strong authentication, including two-factor where possible. No system is perfect, but we treat the data you give us as if it were our own.
Changes to this statement
We may update this from time to time. If anything material changes — what we collect, who we share with, why — we'll mention it in the app the next time you open this page. The Last updated date at the top is the source of truth.
Contact
For any privacy question, data request, or to file a complaint: privacy@thecapsi.app.