Privacy Policy

Effective date: April 24, 2026 · HRDNOX Labs (“HRDNOX,” “we,” “us,” or “our”)

This Privacy Policy describes how we collect, use, and share information when you use the Tumbler Buddy mobile application and related websites or services that link to this policy (collectively, the “Services”).

Contact: support@hrdnoxlabs.com

1. Summary

• Tumbler Buddy is designed to work offline-first: much of your tumbling data stays on your device.
• If you choose to create an account or use cloud features, we (and our service providers) may process account and sync data as described below.
• We use local notifications on your device to remind you about stages and timers — we do not need to read your messages or contacts for that.
• We do not sell your personal information.

2. Information we collect

2.1 You provide

• Account data. If you sign in (for example, via email or a third-party identity provider supported in the app), we receive identifiers and profile fields needed to maintain your account.
• User content. Notes, batch details, rock type labels, photos you attach to batches or equipment, and similar content you enter in the app.
• Support communications. If you email support@hrdnoxlabs.com, we keep that correspondence to help you.

2.2 Automatically collected

• Device & diagnostics. Basic technical data such as app version, device type, and crash or performance logs may be collected through platform tools or analytics we enable to keep the Services reliable.
• Usage data. Aggregated or de-identified information about how features are used, where we implement analytics.

2.3 Local storage on your device

Core tumbling records, preferences, and photos may be stored locally using on-device databases and files. This data remains on your phone unless you enable features that upload it to our cloud backend.

3. How we use information

We use information to:

• Provide, maintain, and improve the Services;
• Authenticate users and enforce security;
• Sync data across devices when you use cloud features;
• Schedule and deliver local notifications you configure;
• Respond to support requests and communicate about the Services;
• Comply with law and protect rights, safety, and integrity.

4. Cloud backend (Supabase)

When you use online features, we may use Supabase (or similar infrastructure) for authentication, database storage, and private file storage (for example, user media in a bucket scoped to your account). Supabase processes data under its own terms and as our processor. We configure access controls (such as row-level security) so that your cloud records are tied to your user identity.

Premium / subscription features may enable additional cloud backup or sync for photos and related metadata. Those features will only run when implemented in the app and authorized by you.

5. Local notifications

Notifications are scheduled on your device to alert you about stage timing, cleaning, or burnishing based on your settings (including quiet hours). We do not need to access your personal messages for this feature.

6. Sharing of information

We may share information with:

• Service providers who assist us (hosting, authentication, storage, analytics, crash reporting), bound by confidentiality and processing agreements where required;
• App stores (Apple, Google) as needed to distribute the app and process purchases;
• Authorities if required by law or to protect safety and rights.

We do not sell personal information as “sale” is defined under U.S. state privacy laws.

7. Retention

We retain information as long as needed to provide the Services and for legitimate business purposes (security, legal compliance, dispute resolution). Local data on your device persists until you delete the app or erase data in-app where supported. Cloud data may be deleted when you delete your account, subject to backup and legal retention requirements.

8. Security

We use reasonable administrative, technical, and organizational measures to protect information. No method of transmission or storage is 100% secure; use the Services at your own risk.

9. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to object to or restrict certain processing. Contact support@hrdnoxlabs.com to make a request. We may verify your identity before responding. You may also control notifications through your device settings and in-app toggles.

10. Children

The Services are not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps.

11. International users

If you access the Services from outside the United States, your information may be processed in the United States or other countries where we or our providers operate, which may have different data protection laws than your country.

12. California & other U.S. state privacy rights

Residents of certain U.S. states may have additional rights under local law (for example, access, deletion, and opt-out of certain sharing). Contact us to exercise those rights. We do not discriminate for exercising privacy rights.

13. European Economic Area, UK, and Switzerland

If applicable law provides you rights under the GDPR or similar regimes, we will describe our legal bases (such as contract, legitimate interests, or consent) in supplemental materials or upon request. You may have the right to lodge a complaint with a supervisory authority.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the new version with an updated effective date and, where required, provide additional notice.

15. Contact

HRDNOX Labs — Privacy inquiries: support@hrdnoxlabs.com

← Back to Tumbler Buddy