Effective May 7, 2026

Privacy Policy

Drawing Chank is operated by RatNest / SkiF Production ("Drawing Chank", "we", "us", or "our"). This Privacy Policy explains what information we collect, how we use it, and the choices you have when you use the Drawing Chank app, widget, API, and website.

Summary

• Drawing Chank is a paired drawing app for two linked users.
• We collect account, pairing, canvas, device, notification, and basic technical data needed to run the app.
• Drawing content is not end-to-end encrypted. It is encrypted in transit and at rest by our hosting providers.
• We do not sell personal information.
• We do not use canvas content for advertising or third-party ad targeting.

Information We Collect

Account information

The app uses Google sign-in through Supabase Auth. When you sign in, we may receive and store your Supabase user ID, email address, display name, avatar URL, authentication status, and related account metadata.

Pairing information

To link two users, we process invite codes, invite status, invite expiration time, the user who created an invite, the user who accepted it, and pair records that identify the two linked accounts.

Canvas and user content

We process shared canvas records, drawing events, event type, event order, event timestamps, and event payloads. Payloads can include stroke points, brush color, brush size, text you add to the canvas, emoji, clear events, and later supported drawing actions. When you update the widget preview, the app may upload a PNG preview image or a URL for that preview.

Device and notification information

If push notifications are enabled, we process your iOS device push token, platform, notification records, notification type, notification title and body, notification delivery metadata, and notification payloads such as canvas ID and actor ID. Device tokens are used for notification delivery and operational troubleshooting.

Local app data

The iOS app stores your current authentication session locally on your device so you can stay signed in. The widget stores the latest preview image in the app group container on your device so the Home Screen widget can display it.

Technical and server data

Our backend and infrastructure providers may process request metadata such as IP address, request path, response status, user agent, timestamps, error logs, and operational diagnostics. We use this data to secure, debug, and operate the service.

How We Use Information

• Authenticate users and maintain sessions.
• Create, accept, and manage pair invitations.
• Store, sync, and replay shared canvas events between linked users.
• Generate and display canvas preview images for the app and widget.
• Send or queue notifications when a linked canvas changes.
• Prevent abuse, enforce access controls, troubleshoot issues, and maintain service reliability.
• Comply with legal obligations and enforce our Terms of Service.

How Information Is Shared

Your canvas content and canvas updates are shared with the user you link with through the pairing flow. We also share information with service providers that help us run Drawing Chank:

• Supabase, for authentication, database, file storage, and related infrastructure.
• Fly.io, for hosting the backend API and website.
• Google, for Google sign-in.
• Apple, for iOS platform services and push notification token handling when notifications are enabled.

We may also disclose information if required by law, to protect users or the service, in connection with a business transfer, or with your consent.

Security and Encryption

We use HTTPS for app and website traffic. The production Fly.io configuration forces HTTPS for the public API and website, and Fly.io terminates TLS using TLS 1.2 or TLS 1.3. Supabase Auth, database APIs, and storage APIs are accessed over HTTPS/TLS.

Supabase encrypts database and storage data at rest on its infrastructure. This protects stored data at the infrastructure layer, but it does not mean that canvas content is end-to-end encrypted. Drawing Chank's backend must be able to read and write canvas events, previews, device tokens, and account records to operate the app.

Access to user data is restricted by authentication, bearer-token validation, pair and canvas authorization checks, backend-only service-role credentials, request validation, payload size limits, and standard HTTP security headers. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

Retention

We keep account, pair, canvas, preview, device, and notification information for as long as needed to provide the service, maintain security, resolve disputes, enforce agreements, or comply with legal obligations. Invite codes are designed to expire after 24 hours. You can request deletion of your account or app data using the contact information below.

Your Choices and Rights

You may stop using Drawing Chank at any time, disable push notifications in iOS settings, sign out of the app, or request access, correction, export, or deletion of your personal information. Depending on where you live, you may have additional privacy rights under applicable law.

Children

Drawing Chank is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us so we can review and delete it where required.

International Processing

We and our service providers may process information in countries other than your own. Those countries may have privacy laws that differ from the laws where you live.

Changes

We may update this Privacy Policy as the product and legal requirements change. If changes are material, we will take reasonable steps to notify users, such as updating this page or providing notice in the app.

Contact

For privacy requests or questions, contact RatNest / SkiF Production at [email protected].