Launching in May 2026 — iOS and Android

Plok

Last updated : 2026-04-26

Privacy Policy

This policy explains how Plok ("Plok", "we") collects, uses, and protects your personal data. It applies to the Plok mobile application and the getplok.app website.

1. Data Controller

The data controller is Plok (à compléter), — à compléter —, France. For any question about your data: privacy@getplok.app.

2. Data we collect

We collect only the data needed to operate Plok:

  • Account: email address, Apple or Google identifier depending on your sign-in method, password (hashed, never stored in clear).
  • Profile: first name or nickname, handle, avatar, short bio, preferred language, settings (notifications, haptics).
  • Challenge activity: assigned challenges, accepted or refused challenges, proofs you provide (text, audio, video depending on chosen format), comments and reactions on your friends' proofs.
  • Relationships: friendships (requests, accepts, refusals), blocks.
  • Reports: reported content, reason, date.
  • Technical: push notification token (if you enable notifications), device language, Supabase user identifier.

We do not collect your geolocation, your contacts, or advertising identifiers. Plok performs no advertising tracking whatsoever.

3. Why we collect this data

  • To provide the Plok service: create your account, send you the daily challenge, let you save a proof, connect you to your friends.
  • To moderate user content: process reports, remove illegal or rule-breaking content, sanction abusive behavior.
  • To send the notifications you have enabled (daily reminder, friend requests, reactions).
  • To improve the service through aggregated, anonymous usage statistics.
  • To comply with legal obligations and defend our rights in case of dispute.

4. Legal bases (GDPR)

  • Performance of contract: account creation and operation, access to challenges and feed.
  • Legitimate interest: moderation, security, fraud prevention.
  • Consent: push notifications (revocable at any time in app settings).
  • Legal obligation: retention and disclosure to competent authorities upon legal request.

5. Retention period

  • Active account: as long as you use Plok.
  • Deleted account: your personal data is erased within 30 days. Proofs visible to your friends may be retained in anonymized form to preserve their history.
  • Reports and moderation logs: 12 months after processing, to handle possible disputes.
  • Billing data (if applicable): 10 years, in accordance with accounting regulations.

6. Who we share with

Your data is never sold. It is shared only with:

  • Supabase, Inc. (États-Unis (régions UE disponibles)) — database hosting, authentication, and file storage (proofs). Processor under GDPR, bound by a Data Processing Agreement.
  • Apple and Google — only for "Sign in with Apple" / "Sign in with Google" connections (authentication token, never your password).
  • Apple Push Notification Service / Firebase Cloud Messaging — to deliver push notifications if you enabled them.
  • Competent authorities — only upon valid legal request.

7. Transfers outside the EU

Some of our processors (Supabase, Apple, Google) may process data from the United States. These transfers are governed by the Standard Contractual Clauses adopted by the European Commission, and, for certified US processors, by the EU-US Data Privacy Framework.

8. Your rights

Under the GDPR, you have the following rights:

  • Access: get a copy of the data we hold about you.
  • Rectification: correct inaccurate information (from your profile in the app).
  • Erasure: delete your account and your data from Settings > Delete my account. Deletion is definitive after 30 days.
  • Restriction and objection: ask us to stop a specific processing.
  • Portability: receive your data in a structured, machine-readable format.
  • Complaint: file a complaint with your data protection authority (e.g., CNIL in France) if you believe your rights are not respected.

To exercise these rights, write to us at privacy@getplok.app.

9. Minors

Plok is intended for people aged 13 and over. If you are under 13, do not use Plok. In some jurisdictions, additional parental consent is required for minors under 16. If we learn that an account has been created by a child under 13, we will delete it.

10. Security

We apply technical and organizational measures to protect your data: encryption in transit (HTTPS), hashed passwords, per-user data isolation (Row Level Security), and internal access limited to authorized staff. No system is invulnerable; we encourage you to use a strong, unique password.

11. Cookies

The getplok.app website uses no tracking or analytics cookies. No cookie consent is required. The Plok mobile application contains no advertising SDKs.

12. Changes

We may update this policy. The last update date is shown at the top of the page. For any substantial change, we will inform you via the application.

13. Contact

For any question: privacy@getplok.app.