This Privacy Policy explains how CoxinhaGo (“we”, “our”, or “us”)
collects, uses, discloses, and protects your personal information when
you use our mobile application and website (collectively, the
“Service”).
1.1 1. Information We Collect
1.1.1 1.1 Information You Provide
to Us
Account Information: When you sign in with Google,
we collect your email address, name, and avatar/profile picture URL from
your Google account.
Places Data: When you submit a place, we collect
the place name, latitude/longitude coordinates, address (optional),
phone number (optional), and photos (optional).
Comments and Images: When you comment on a place,
we collect the comment text and any images you attach (up to 16 per
comment).
Ratings: When you rate a place, we collect your
rating (1–5 stars).
City: You may optionally set a city for your
profile to enable city-specific leaderboards.
Content Reports: When you report a comment, we
collect the reason for the report (optional).
1.1.2 1.2 Information Collected
Automatically
Device Location: With your permission, we access
your device’s precise location via expo-location to show
nearby places on the map and calculate distances. You can deny location
permissions and still use the Service (with reduced functionality).
Authentication Tokens: We issue JWT (JSON Web
Token) access tokens (valid for 7 days) and refresh tokens (valid for 30
days) to maintain your session. On web, these are stored in httpOnly
cookies. On mobile (iOS/Android), they are stored securely using
expo-secure-store.
Device Language: We detect your device’s language
settings via expo-localization to display the app in your
preferred language (English, Spanish, or Portuguese).
Map Region Data: When browsing the map, your
current viewport coordinates (latitude/longitude bounds) are sent to our
server to fetch places in that area. This data is not stored
long-term.
1.1.3 1.3 Information from Third
Parties
Google Account: When you authenticate via Google
Sign-In, we receive your email, name, and avatar URL from Google. We do
not receive your Google password.
1.2 2. How We Collect
Information
We collect information through: - Google Sign-In OAuth flow - Forms
within the app (place submission, comment creation, rating, city
selection) - Device location APIs (expo-location) - Device
locale APIs (expo-localization) - Cookies and local storage
for session management
1.3 3. Why We Collect
Information
We use your information for the following purposes: - To
provide and maintain the Service: Displaying places, comments,
ratings, and maps. - To personalize your experience:
Showing content in your language, remembering your map viewport, and
displaying nearby places. - To enable gamification:
Awarding points for contributions (creating places, rating, commenting)
and displaying leaderboards. - To moderate content:
Reviewing reported comments and managing place submissions. - To
communicate with you: We do not send marketing emails. We may
contact you via in-app notifications if needed. - To improve the
Service: Analyzing usage patterns to enhance features. -
To ensure security: Protecting against unauthorized
access and abuse.
1.4 4. Third-Party Services
We use the following third-party services. Each processes data under
its own privacy policy:
Service
Purpose
Data Shared
Google Identity Platform
Authentication via Google Sign-In
Google ID token, email, name, avatar URL
Google Maps Platform
Map display, geocoding, place search
Location coordinates, search queries, map viewport data
OpenStreetMap Nominatim
City and place search fallback
Search query text
We do not use any analytics services, advertising
networks, or third-party tracking tools.
1.5 5. How We Store and Protect
Data
Database: User accounts, places, comments, ratings,
and reports are stored in a PostgreSQL database hosted on our own
infrastructure.
Images: Uploaded images are stored on our server’s
filesystem.
Passwords: We never store passwords. Authentication
is handled entirely through Google OAuth.
Encryption: Data in transit is encrypted via
HTTPS/TLS (production). JWT tokens are signed with a secret key.
Access Controls: Only authenticated users can
access their own data. Admin users have access to moderation tools.
No third-party data processors: We do not sell,
rent, or share your personal data with third parties for their own
use.
1.6 6. Data Retention
We retain your personal data for as long as your account is active or
as needed to provide the Service:
Account data: Retained until you request
deletion.
Places, comments, ratings: Retained until you or an
admin deletes them. Comments marked as “deleted” are hidden from public
view but may remain in the database.
Authentication tokens: Access tokens expire after 7
days; refresh tokens expire after 30 days.
Uploaded images: Retained until the associated
content (comment or place) is deleted.
Backups: Database backups may retain data for up to
30 days.
1.7 7. User Rights
You have the following rights regarding your data:
Access: You can view your own profile data (name,
avatar, points, level, city) in the Settings screen.
Correction: You can update your city and your
comment text at any time.
Deletion: You can delete your own comments. To
delete your account entirely, please contact us directly via email.
Location Control: You can revoke location
permissions at any time through your device settings.
Logout: You can log out at any time, which clears
your session tokens.
Data Portability: Upon request, we can provide a
copy of your data in a machine-readable format.
1.8 8. Children’s Privacy
The Service is not intended for children under 13 (or the equivalent
minimum age in your jurisdiction). We do not knowingly collect personal
information from children. If we become aware that a child has provided
us with personal data, we will delete it.
1.9 9. International Data
Transfers
Your data is stored on servers located in the United States. If you
access the Service from outside that country, your data may be
transferred to and processed in that country. By using the Service, you
consent to such transfer.
1.10 10. Changes to This Privacy
Policy
We may update this Privacy Policy from time to time. We will notify
you of any changes by posting the new Privacy Policy on this page and
updating the “Last updated” date. Material changes may be communicated
via in-app notification.
1.11 11. Contact Us
If you have any questions, concerns, or requests regarding this
Privacy Policy or your data, please contact us at: