G
GoBagPlus

Legal · Privacy

Privacy Policy

Last updated: 9 May 2026

GoBagPlus is operated by QuikTipz Limited ("we", "us", "GoBagPlus"). This policy explains what personal data the GoBagPlus iOS app and www.gobagplus.app collect, why, and what your rights are. We try to collect as little as possible.

What we collect

  • Apple ID identifier when you Sign in with Apple. Apple gives us a stable, opaque user ID (sub) and an email address — usually a private-relay address (@privaterelay.appleid.com). We never see your real Apple ID password.
  • Display name if you choose to share it on first sign-in.
  • Subscription transaction IDs when you start, cancel, or restore a paid subscription. We use these only to verify your premium entitlement.
  • Reading progress (current page, percentage complete) for items you open from the library, so your position syncs across iPhone and the web.
  • Files you upload to your private library. They live in your private Supabase Storage folder and only you (and our service role on your behalf) can read them.
  • Optional inventory data (Go Bag contents, Home Reserve) which is stored in your own private iCloud database via Apple's CloudKit. We don't have access to this data — it stays in your iCloud.

What we don't collect

  • No location data. We never request location permissions.
  • No contacts, calendar, photos. We don't ask for these permissions.
  • No advertising identifiers (IDFA). No ads, no third-party advertising trackers.
  • No analytics SDKs. No Firebase, no Mixpanel, no Amplitude, no Segment.
  • No social login. We only support Sign in with Apple.

Where the data lives

  • Authentication and metadata — Supabase EU-West-1 (Ireland), GDPR-compliant.
  • Library content files — Supabase Storage EU-West-1.
  • Personal inventory (Go Bag, Reserve) — your iCloud private database. Apple's policy applies.

Why we collect it

Lawful basis under UK GDPR / EU GDPR is contract: we need this data to provide the service you signed up for. We do not use any personal data for marketing without explicit, separate opt-in.

Who we share it with

  • Apple — for Sign in with Apple verification, App Store transactions, and CloudKit sync. Apple's privacy policy applies.
  • Supabase — our authentication and database provider. Supabase processes data on our behalf under a Data Processing Agreement.
  • Vercel — hosts our website and API. Vercel processes traffic logs for security and operations.
  • No-one else. We don't sell, rent, or trade personal data.

Your rights

You have the right to:

  • Access the personal data we hold about you
  • Correct it if it's wrong
  • Have it deleted ("right to erasure")
  • Take it elsewhere ("data portability") — we'll export your data on request
  • Withdraw consent at any time

To exercise any of these rights, email privacy@gobagplus.app. We'll respond within 30 days.

Children

GoBagPlus is rated 12+ and not directed at children under 13. We don't knowingly collect personal data from children. If you believe a child has provided us data, contact us and we'll remove it.

Cookies

Our website uses only strictly-necessary cookies for authentication (Supabase session). We don't set analytics or advertising cookies. No cookie banner needed because we don't set anything that requires consent under UK / EU rules.

Security

Data is encrypted in transit (TLS 1.2+) and at rest. Authentication uses Apple's OAuth flow plus Supabase JWT. Subscription verification uses Apple's ES256-signed JWT against the App Store Server API.

Changes to this policy

Material changes will be announced via in-app notice and on this page. Continued use after a change means you accept the updated policy.

Contact

QuikTipz Limited (UK) · privacy@gobagplus.app