Privacy Policy
Last updated: February 14, 2026
Data Controller & Accountability
Paul-Louis Renard, carrying on business as Wonderful App Studio (Ontario, Canada), is responsible for the personal information under our control. We maintain internal policies and procedures to ensure compliance with applicable privacy laws and periodically review our data handling practices.
Contact Information
The person accountable for our privacy practices is:
- Name: Paul-Louis Renard
- Address: 103-2727 Steeles Ave West Unit 719 Toronto, Ontario, M3J3G9
- Email (privacy): support@notifymehere.com
For users in the European Economic Area (EEA), the United Kingdom, or Switzerland, Paul-Louis Renard is the data controller within the meaning of the GDPR (and UK GDPR).
For users in Canada, Paul-Louis Renard is the individual accountable for compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA).
For users in Brazil, our designated Data Protection Officer (encarregado) under the LGPD is Paul-Louis Renard, reachable at support@notifymehere.com.
Applicability
This Privacy Policy applies to all users of the Notify me Here mobile application and Wear OS companion app (collectively, "the App"). Depending on your location, one or more of the following laws may govern our handling of your personal information:
- Canada: Personal Information Protection and Electronic Documents Act (PIPEDA), and applicable provincial privacy legislation including Quebec's Act respecting the protection of personal information in the private sector (as amended by Law 25), Alberta's Personal Information Protection Act (PIPA), and British Columbia's Personal Information Protection Act (PIPA)
- European Economic Area, UK, Switzerland: General Data Protection Regulation (GDPR) and UK GDPR
- California, USA: California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA)
- Brazil: Lei Geral de Proteção de Dados (LGPD)
- Other jurisdictions: Applicable local data protection and privacy laws
Where this Policy refers to rights or obligations under a specific law, those provisions apply only to individuals protected by that law.
1. Introduction
Notify me Here is operated by Paul-Louis Renard, carrying on business as Wonderful App Studio (Ontario, Canada). Google Play publisher name: Wonderful App Studio FR.
Notify me Here ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App.
We obtain your consent for the collection and use of personal information through the specific mechanisms described in this Policy, such as in-app permission dialogs and voluntary account creation. We do not require consent for the collection of personal information beyond what is necessary for the identified purposes as a condition of providing the App's services. You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice (see "Your Rights" below).
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, display name, and profile picture when you create an account
- Interest Points: Names, descriptions, and GPS coordinates of locations you save
2.2 Automatically Collected Information
- Location Data: GPS coordinates for geofencing and map functionality
- Device Information: Device type, operating system version, and Firebase Installation IDs collected by Firebase Crashlytics for crash reporting purposes
- Usage Data: Crash reports, including contextual data such as the screen active at the time of a crash, device state, and stack traces
- Infrastructure Logs: Our cloud infrastructure provider (Supabase) automatically logs IP addresses as part of standard operations for security and abuse prevention
2.3 Information from Third Parties
- Google Sign-In: Basic profile information if you choose to sign in with Google
- Google Play: Subscription status and payment confirmation (no payment details)
3. How We Use Your Information
We use personal information only for the purposes for which it was collected, except with your consent or as required by law. Specifically, we use the information we collect to:
- Provide Core Functionality: Create geofences and send location-based notifications
- Sync Your Data: Synchronize interest points across your devices (premium users)
- Improve the App: Diagnose crashes, monitor app stability, and improve performance
- Communicate: Send important updates about the App or your account
- Process Payments: Manage your subscription through Google Play
If we identify a new purpose for your personal information not described in this Policy, we will notify you and, where required by applicable law, obtain your consent before using your information for that new purpose.
Legal Bases for Processing
GDPR / UK GDPR
For users in the EEA, UK, or Switzerland, we process personal data only when we have a valid legal basis:
| Purpose | Examples of data | Legal basis |
|---|---|---|
| Provide core app functionality (geofencing, interest points, notifications, map view) | Interest points (name/description/coordinates), app settings, device/app info | Contract (Art. 6(1)(b)) |
| Premium cloud sync (if enabled) | Account info, interest point coordinates stored in cloud | Contract (Art. 6(1)(b)) |
| Authentication | Email and/or Google Sign-In basic profile (if you choose it) | Contract (Art. 6(1)(b)); Consent (Art. 6(1)(a)) where required for optional features |
| App reliability & security (diagnosis, abuse prevention, stability) | Device/app metadata, crash diagnostics, IP addresses (infrastructure logs) | Legitimate interests (Art. 6(1)(f)) |
| Crash reporting (Crashlytics) | Crash reports, stack traces, device/app info, Firebase Installation IDs | Legitimate interests (Art. 6(1)(f)) |
| Subscription administration (Google Play) | Subscription status / entitlement confirmation | Contract (Art. 6(1)(b)) and Legal obligation (Art. 6(1)(c)) where applicable |
Legitimate Interests
Where we rely on legitimate interests, we do so to maintain and improve the App, including diagnosing crashes and ensuring stability and security. You can object to this processing in certain circumstances (see "Your Rights" below).
PIPEDA (Canada)
For users in Canada, we rely on the following consent framework under the Personal Information Protection and Electronic Documents Act:
- Express consent is obtained for the collection of sensitive personal information. We treat precise location data as sensitive personal information under PIPEDA, and accordingly obtain your express consent through the Android permission dialogs presented before any location data is collected or processed.
- Implied consent is relied upon for non-sensitive information collected as part of normal app operation (e.g., device type, crash diagnostics including Firebase Installation IDs used solely as anonymous crash report identifiers) where the purposes — such as maintaining app stability, diagnosing errors, and ensuring the security of the App — would be obvious to a reasonable person. Crash reporting directly benefits all users by enabling us to identify and resolve defects that affect app reliability and safety. Firebase Installation IDs are not used to identify you personally and are not linked to any other personal information.
- Consent for account creation is obtained when you voluntarily create an account and provide your email address or sign in with Google.
Withdrawal of Consent
You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. If you withdraw consent for location data processing (by revoking location permissions in your device settings), the App's core geofencing and notification features will cease to function. If you withdraw consent for account-related data, you may request account deletion. If you wish to limit or opt out of crash reporting data collection, please contact us at support@notifymehere.com to discuss alternatives, though this may affect our ability to diagnose issues affecting your experience. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Quebec (Law 25)
For users in Quebec, the Act respecting the protection of personal information in the private sector (as amended by Law 25) applies. The person responsible for the protection of personal information (responsable de la protection des renseignements personnels) is Paul-Louis Renard, reachable at support@notifymehere.com. Our App applies privacy by default: the free tier stores all data locally on your device with no account or cloud transmission required, representing the highest level of confidentiality. Cloud features are activated only by your express choice. We conduct privacy impact assessments where required before implementing projects involving personal information. Quebec users have the right to data portability and the right to be informed of automated decision-making, in addition to the rights listed under the PIPEDA section above.
4. Data Collection and Sharing Summary
We limit the collection of personal information to what is necessary for the purposes identified in this Policy. The following table summarizes what personal data the App collects and whether it is shared with third parties, in accordance with Google Play's Data Safety requirements.
| Data type | Collected by us | Shared with third parties | Required / Optional | Purpose |
|---|---|---|---|---|
| Precise location (GPS) | Processed on-device only | Not shared | Required | Geofencing, notifications |
| Interest point coordinates | Yes (cloud, Premium only) | Supabase (cloud hosting) | Optional (Premium) | Cloud sync |
| Email address | Yes (if account created) | Supabase (authentication) | Optional | Authentication |
| Display name, profile photo | Yes (if account created) | Supabase (authentication) | Optional | User profile |
| Crash logs, stack traces | Yes | Google Firebase Crashlytics | Required | App stability |
| Firebase Installation ID | Yes | Google Firebase Crashlytics | Required | Crash report identification |
| Device info (model, OS version) | Yes | Google Firebase Crashlytics | Required | Crash diagnostics |
| IP address | Yes (infrastructure logs) | Logged by Supabase and Google | Automatic | Security, abuse prevention |
| Map search queries | Not stored by us | Google Maps APIs | When using map features | Map display, geocoding |
| Subscription status | Yes | Provided by Google Play | Premium users | Entitlement verification |
| Approximate location (via Maps SDK) | Collected by Google Maps SDK | When using map features | Map display | |
| Device identifiers (via Maps SDK) | Collected by Google Maps SDK | When using map features | Maps SDK operation |
Encryption: All data transmitted from the App to our servers or third-party services is encrypted in transit using TLS/SSL. Cloud data stored by Supabase is encrypted at rest.
No sale of data: We do not sell, rent, or trade your personal information to any third party. We do not use your data for advertising. We do not collect or access the Android Advertising ID.
No tracking: We do not engage in cross-app or cross-site tracking for advertising purposes.
Data accuracy: We take reasonable steps to ensure that personal information in our possession is accurate, complete, and up-to-date as necessary for the purposes for which it is used. You may request correction of any inaccurate information at any time.
Device identifiers: We do not collect your Android ID, Advertising ID, IMEI, or hardware serial numbers. The only device identifier collected is the Firebase Installation ID, generated automatically by Firebase Crashlytics and used solely for crash report grouping.
5. Location Data
Notify me Here uses location data to provide location-based reminders.
5.1 Live Location Processing
Geofence detection occurs on your device to trigger reminders. This live location data is processed ephemerally on your device (accessed in memory, used for immediate geofence evaluation, and never written to disk or transmitted to any server). We do not transmit your continuous or live location history to our servers.
5.2 Cloud Sync (Premium)
If enabled, we store only the saved interest point coordinates (fixed locations you created) in the cloud so they can sync across your devices.
5.3 Background Location Access
The App requires background location access to detect when you enter geofenced areas. Before requesting this permission, the App displays an explanation screen describing why background location is needed and how it is used. This data is processed locally on your device and is not transmitted to external servers for tracking.
5.4 Wear OS Companion App
The Wear OS companion app receives data one-way from the phone app. The watch app does not independently collect or transmit any data to our servers.
6. Data Storage and Security
6.1 Local Storage
Most app data (such as interest points and settings) is stored locally on your device using secure storage mechanisms provided by the Android operating system. If you create an account, we store account identifiers (such as your email address) on our servers for authentication. If cloud sync is enabled (Premium), selected data is stored in the cloud as described below.
6.2 Cloud Storage
If cloud sync is enabled, premium users' data is stored securely using Supabase, which provides:
- Encryption in transit (TLS/SSL)
- Encryption at rest
- Regular security audits
- SOC 2 Type II certification
The level of security safeguards we apply is commensurate with the sensitivity of the personal information being protected.
6.3 Data Retention
We keep personal data only as long as needed for the purposes described in this Privacy Policy:
- Local (on-device) data: Stored on your device until you delete it in the App or uninstall the App.
- Cloud data (Premium): Stored while your account is active and cloud sync is enabled.
- Account deletion: When you delete your account via the App, your personal data is removed from our active systems immediately. Residual copies in encrypted backups are purged according to our infrastructure provider's standard retention cycle. For email-based deletion requests, data is removed from active systems within 30 days. In both cases, we may retain certain information where required to comply with legal obligations or to establish, exercise, or defend legal claims. Local data (interest points and preferences) remains on your device unless you choose to remove it.
- Crash reports (Crashlytics): Retained for 90 days under Firebase Crashlytics' default retention period.
- Infrastructure logs (IP addresses): We retain infrastructure logs for the minimum period available under our service plan (currently up to 90 days) for security monitoring, after which they are automatically purged.
7. Data Sharing
We do not sell your personal information. We may share your information only in the following circumstances:
- Service Providers: Third-party services that help us operate the App (listed below)
- Legal Requirements: When required by law, regulation, legal process, or enforceable governmental request
- Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case you will be notified
- With Your Consent: When you explicitly authorize us to share your information
Our Service Providers
We use the following service providers to operate the App:
- Supabase: Cloud sync storage, authentication backend, infrastructure hosting (Canada)
- Google Firebase Crashlytics: Crash reporting and diagnostics
- Google Play / Google Payments: Subscriptions and entitlement status
- Google Maps / Google APIs: Map display, geocoding, and location search
We are accountable for the protection of your personal information while it is in the hands of our service providers, including Google Maps. Each provider listed above operates under a contractual agreement or data processing agreement that requires them to protect your personal information to a standard comparable to our own. We remain responsible under applicable privacy laws — including PIPEDA — for personal information transferred to third parties for processing on our behalf.
8. Third-Party Services
The App integrates with the following third-party services:
- Google Maps: For map display and location search functionality (Privacy Policy)
- Google Play Services: For geofencing, authentication, and payments (Privacy Policy)
- Supabase: For cloud data storage (premium users only) (Privacy Policy)
- Firebase Crashlytics: For crash reporting and app stability (Privacy Policy)
When you use map features, the Google Maps SDK embedded in the App loads map content from Google servers. As part of this process, Google may receive and process your IP address, device identifiers, approximate location, and map interaction data according to Google's privacy policy. Searches and places you type are sent to Google for geocoding and search functionality. This data sharing is required for map functionality and is disclosed in our Google Play Data Safety declaration.
Each of these services has its own privacy policy governing how they handle your data. We encourage you to review them.
9. Your Rights
You have rights regarding your personal information. The specific rights available to you depend on your location and applicable law.
All Users
Regardless of your location, you may:
- Request access to the personal information we hold about you
- Request correction of inaccurate personal information
- Request deletion of your personal information
- Request a copy of your data in a portable format
EEA, UK & Switzerland (GDPR / UK GDPR)
If you are in the EEA, UK, or Switzerland, you also have the right to:
- Restrict processing of your personal data
- Object to processing based on legitimate interests
- Data portability (receive data in a structured, commonly used, machine-readable format)
- Withdraw consent at any time where processing is based on consent (without affecting the lawfulness of prior processing)
- Not be subject to automated decision-making with legal or similarly significant effects
Canada (PIPEDA)
If you are in Canada, you have the right under PIPEDA to:
- Access your personal information held by us and be informed of its use and disclosure
- Challenge the accuracy and completeness of your personal information and have it amended
- Withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions and reasonable notice
- Challenge our compliance with PIPEDA by contacting us or filing a complaint with the Office of the Privacy Commissioner of Canada
California, USA (CCPA/CPRA)
If you are a California resident, you have the right under the CCPA/CPRA to:
- Know what personal information we collect, use, and disclose
- Delete personal information we have collected from you
- Correct inaccurate personal information
- Opt out of the sale or sharing of personal information — we do not sell or share your personal information
- Non-discrimination for exercising your privacy rights
Categories of personal information collected (CCPA): Identifiers (email, name); Geolocation data; Internet or electronic network activity information (app interactions, crash reports); Inferences drawn from the above.
Brazil (LGPD)
If you are in Brazil, you have the right under the LGPD to (our designated Data Protection Officer / encarregado is Paul-Louis Renard — support@notifymehere.com):
- Confirmation of the existence of processing
- Access, correction, anonymization, blocking, or deletion of unnecessary or excessive data
- Data portability
- Deletion of personal data processed with your consent
- Information about public and private entities with which your data has been shared
Other Jurisdictions
If you reside in another jurisdiction with applicable data protection laws — including but not limited to Japan (APPI), South Korea (PIPA), Thailand (PDPA), South Africa (POPIA), Australia (Privacy Act 1988), Turkey (KVKK), India (DPDPA 2023), and Singapore (PDPA) — you may have additional rights under your local law, including the right to access, correct, and delete your personal information. Where local law sets a higher minimum age for consent (for example, 18 in India), that higher threshold applies. We will honour valid requests in accordance with applicable local requirements.
How to Exercise Your Rights
To exercise any of these rights, email us at support@notifymehere.com from the email address associated with your account and describe your request. For account deletion specifically, you can delete your account directly from within the App (Profile → Delete Account) without needing to send an email. We will respond to other requests within 30 days of receipt. If we require an extension, we will notify you in writing within that initial 30-day period, providing the reasons for the extension and informing you of your right to complain to the relevant supervisory authority. For CCPA requests, the response period is 45 days. There is no fee to exercise your privacy rights. We may ask for additional information to verify your identity.
Complaint Rights
We have established internal procedures to receive and investigate privacy complaints and inquiries. Upon receiving a complaint, we will acknowledge receipt within 5 business days, investigate the matter, and provide a written response within 30 days. If you are not satisfied with our response, you may escalate your complaint to the relevant supervisory authority listed below.
If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant authority:
- Canada: Office of the Privacy Commissioner of Canada (OPC) — www.priv.gc.ca
- EEA / UK: Your local data protection supervisory authority
- Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
- California: California Attorney General's office
- Other: Your local data protection or privacy authority
10. Data Breach Notification
In the event of a breach of security safeguards involving your personal information that poses a risk of harm, we will:
- Canada (PIPEDA): Notify the Office of the Privacy Commissioner of Canada and affected individuals as soon as feasible where the breach creates a real risk of significant harm, and maintain records of all breaches as required
- EEA / UK (GDPR): Notify the relevant supervisory authority within 72 hours of becoming aware of the breach where feasible, and notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
- Other jurisdictions: Comply with applicable local breach notification requirements
We maintain reasonable security safeguards to protect personal information against unauthorized access, disclosure, copying, use, or modification. We keep records of all breaches of security safeguards for a minimum of 24 months, as required under PIPEDA.
11. Children's Privacy
The App is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have collected information from a person under 18, please contact us immediately at support@notifymehere.com and we will take steps to delete such information.
12. International Data Transfers
Premium users' cloud data is stored on servers located in Canada (AWS ca-central-1 region) via Supabase. Crash reporting data is processed by Google in locations where Google and its subprocessors operate, including the United States. Your information may be transferred to and processed in countries other than your country of residence.
- Supabase (Premium cloud sync): Hosted in Canada.
- Google/Firebase Crashlytics: Processed by Google in locations including the United States.
We ensure appropriate safeguards are in place for cross-border transfers:
- GDPR / UK GDPR: We rely on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum where applicable, and/or other lawful transfer mechanisms.
- PIPEDA: We remain accountable for personal information transferred to third parties for processing. We have Data Processing Agreements (DPAs) in place with our service providers (Supabase and Google) that include obligations regarding security safeguards, breach notification, and sub-processor management, ensuring your information is protected to a comparable standard.
- LGPD (Brazil): Transfers are made to countries recognized as providing adequate protection or under appropriate safeguards as recognized by the ANPD.
- South Korea (PIPA): In accordance with PIPA, we disclose the following cross-border transfers: (1) Supabase Inc. (Canada) receives email address, display name, profile photo, and interest point data (name, description, coordinates) for cloud sync and authentication, retained while your account is active; (2) Google LLC (United States and other locations) receives crash logs, stack traces, device metadata, and Firebase Installation IDs for crash reporting (retained 90 days), map interaction data and search queries for map functionality, and subscription status for payment verification; (3) Google Maps Platform receives IP address and approximate location for map display. All recipients are bound by Data Processing Agreements.
You can request more information about transfer safeguards by contacting us at support@notifymehere.com. Please be aware that personal information transferred to other jurisdictions, including the United States, may be accessible to law enforcement and government authorities under the laws of those jurisdictions.
Automated Decision-Making
We do not use your personal data for decisions based solely on automated processing (including profiling) that produce legal effects or similarly significant effects.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy in the App and updating the "Last updated" date. For material changes that affect how we collect, use, or disclose your personal information, we will provide at least 30 days' advance notice and, where required by applicable law, seek your renewed consent. We encourage you to review this Privacy Policy periodically.
14. Contact Us
If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your rights, please contact us:
Email: support@notifymehere.com
Mail: Paul-Louis Renard, 103-2727 Steeles Ave West Unit 719, Toronto, Ontario, M3J3G9, Canada
For data protection inquiries, you may also contact the relevant authority in your jurisdiction (see "Complaint Rights" above).