Effective date: 1 January 2026 · Last updated: April 2026
01 Who we are
Smelldar is a crowdsourced environmental awareness app that lets people anonymously report bad smells on a shared map. Our purpose is to surface ecological pollution — odours caused by industrial discharge, waste mismanagement, and environmental negligence — so that communities have the data they need to hold authorities accountable.
This policy explains what information we collect when you use the Smelldar app, how it is stored, and what rights you have over it.
02 Data we collect
We collect only the minimum data needed to operate the app:
Smell reports — approximate location (see §5), smell intensity level (1–10), and timestamp. Reports are retained permanently as an anonymous historical record for environmental statistics. Map visibility is controlled by clusters, which expire after 24 hours — but the underlying report data is kept.
Anonymous user identifier — a random UUID assigned on first launch. No name, email, or phone number is associated with it unless you choose to link an account (see §6).
Anonymous username (codename) — a randomly generated display name shown publicly within the app. You do not choose it and it is not linked to your real identity.
Comments and confirmations — text you write in the app and smell confirmations (upvotes) you submit, attached to your anonymous codename.
Achievements — milestone records tied to your anonymous user ID (e.g. number of reports, confirmations received).
Session data — managed by Supabase Auth. No persistent session tokens are stored outside Supabase's infrastructure.
03 Data we do not collect
We do not collect your real name, email address, phone number, IP address, device identifiers, advertising IDs, or any biometric data. We do not run analytics SDKs, advertising SDKs, or crash-reporting tools that exfiltrate data to third parties.
No advertising identifiers (IDFA, GAID)
No behavioural tracking or cross-app profiling
No purchase history or payment data (the app is free)
No contacts, photos, microphone, or camera access
04 Anonymous accounts & identity
Smelldar does not require registration. When you first open the app, Supabase Auth creates an anonymous user account — a random UUID with no personal information attached. You are assigned a randomly generated codename (e.g. "TangyBadger42") which is your only public identity inside the app.
Your codename is never linked to your real identity. Other users see only your codename. We do not know who you are.
If you uninstall the app without linking an account, your anonymous account and all associated data can no longer be accessed. It will be deleted automatically in accordance with §8.
05 Location data
When you submit a smell report, your device's GPS coordinates are used only on-device to generate an approximate report location. Before any data is sent to our servers:
Your coordinates are randomized by 50–150 metres in a random direction.
The randomized position is encoded into an H3 hexagonal cell index (resolution 9, approximately 100m diameter).
Only the H3 index and the approximate latitude/longitude are stored. Your exact GPS position is never transmitted or stored.
Location permission is requested only when you open the report sheet or view the map. We do not track your location in the background.
06 Account linking (Apple & Google)
You can optionally link your anonymous account to an Apple ID or Google account. This allows you to recover your history if you reinstall the app or switch devices. Linking is entirely optional.
When you link an account:
Supabase Auth receives a cryptographic token from Apple or Google confirming authentication. We do not receive your Apple ID email or Google account email unless Apple or Google explicitly provides it as part of the sign-in flow.
If an email is provided by the identity provider, it is stored by Supabase Auth for account recovery purposes only. It is never shown to other users and is not used for marketing.
Your codename and all existing data remain unchanged. Linking does not change your public identity.
You can unlink or delete your account at any time (see §10).
Account linking is processed through Supabase Auth, which acts as the OAuth intermediary. We do not directly communicate with Apple or Google sign-in APIs from our own servers.
07 How data is stored
All application data is stored in Supabase, a managed open-source backend platform built on PostgreSQL. Supabase infrastructure is hosted on AWS and is SOC 2 Type II certified.
Data is stored in the EU (eu-west-1) region by default.
All data in transit is encrypted with TLS 1.2 or higher.
All data at rest is encrypted using AES-256.
Row-level security (RLS) policies ensure that users can only read and write their own data. Smell reports are publicly readable (they appear on the shared map) but cannot be modified or deleted by anyone other than the system.
We do not operate our own database infrastructure. Supabase's privacy policy applies to the infrastructure layer: supabase.com/privacy.
08 Data retention
Smell reports — retained permanently as an anonymous environmental record. Your codename and approximate location are stored but are not linked to your real identity.
Map clusters — the aggregated map view of reports expires and is removed after 24 hours. This controls what is visible on the map, but the underlying reports remain.
Comments and confirmations — deleted when the associated map cluster expires (after 24 hours).
Profile stats and achievements — retained indefinitely while your account exists, as they form your permanent history.
Anonymous accounts with no activity — purged after 90 days of inactivity.
Linked accounts — retained until you request deletion.
To request full account deletion, contact us at [email protected]. We will delete all personal data within 30 days.
09 Third-party services
We use the following third-party services in the operation of Smelldar:
Supabase — database, authentication, and real-time infrastructure. Data processor under GDPR.
Apple Sign In — optional account linking on iOS devices. Apple's privacy policy applies: apple.com/legal/privacy.
Google Sign In — optional account linking on Android and iOS. Google's privacy policy applies: policies.google.com/privacy.
Expo / React Native — the app framework. No data is sent to Expo from production builds.
We do not sell, rent, or share your data with any third parties for advertising or commercial purposes.
10 Your rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Access — request a copy of the data we hold about you.
Rectification — request correction of inaccurate data.
Erasure — request deletion of your account and all associated data.
Portability — request an export of your data in a machine-readable format.
Objection — object to certain types of processing.
Because most accounts are fully anonymous, we may be unable to verify your identity without an account-linking step. To exercise any of these rights, contact [email protected].
11 Children
Smelldar is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided personal information through the app, please contact us and we will delete it promptly.
12 Contact
Questions, requests, or concerns about this policy: