Privacy Policy — LocalPony

Last updated: April 16, 2026

Eastop LLC ("we," "us," or "our") operates the LocalPony mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Information You Provide Directly

• Account information: email address, password (stored encrypted), display name, date of birth
• Profile information: optional photo, bio, barn name, location
• Horse information: names, photos, breed, age, personality tags, medications, emergency contacts, care records, documents (Coggins, vaccine records, health certificates)
• Classifieds and posts: text, photos, videos, and other content you upload
• Messages: direct messages you send through the App
• Provider profiles: if you're a provider, your business name, photos, bio, hours, service area, and contact information
• Subscription status: managed by Apple; we receive your subscription tier but not payment details

Information Collected Automatically

• Device information: device model, operating system version, app version
• Usage data: screens viewed, features used, errors encountered (via Sentry)
• Location data: approximate location for weather-based blanket recommendations. You can disable this at any time in iOS Settings; the App will prompt you to enter a ZIP code instead.
• Push notification token: if you enable notifications, so we can send you blanket alerts and message notifications

Information From Third Parties

• Apple: subscription status, App Store receipt validation
• Supabase (our backend): authentication tokens, database records

2. How We Use Your Information

We use the information we collect to:

• Provide and improve the App (including weather-based blanket recommendations)
• Authenticate your account and secure your data
• Enable social features (follows, messages, posts, reviews)
• Send push notifications you've opted into
• Moderate uploaded content (images are scanned by Sightengine for prohibited content)
• Process subscriptions via Apple
• Communicate with you about the App, your account, or important updates
• Detect and prevent fraud, abuse, and scam listings
• Respond to your support requests

3. How Your Information Is Shared

We do not sell your personal data.

Your information may be shared in these limited ways:

Other Users

• Public profile: your display name, avatar, and posts are visible to other users
• Horse profiles: visible only to you unless you share them
• Provider profiles: publicly visible in the directory if you're a provider
• Messages: visible only to you and the recipient

Barn Providers

• If you link your horse to a boarding barn, the barn can see your horse's basic info (name, photo, age, blanket threshold) and your name as the owner

Service Providers

We share data with the following third-party services to operate the App:

• Supabase (backend hosting, auth, storage) — supabase.com/privacy
• Apple (subscription processing, push notifications) — apple.com/privacy
• Expo (push notification delivery) — expo.dev/privacy-explained
• Open-Meteo (weather data — we send them your approximate location, nothing else)
• Google Places API (location autocomplete only)
• Sightengine (image moderation — photos you upload are scanned for prohibited content, not retained by them)
• Sentry (crash reporting — error messages and stack traces, anonymized)

Legal Requirements

We may disclose your information if required by law, subpoena, or court order, or to protect our rights, the safety of our users, or the public.

4. Your Rights and Choices

• Access and correction: you can view and edit most of your information in the App
• Account deletion: you can delete your account in Settings. All associated data will be permanently removed within 30 days.
• Location: disable in iOS Settings at any time
• Push notifications: disable in iOS Settings or in-app
• Marketing communications: we don't send marketing emails, so nothing to opt out of
• Data export: email team@localpony.app to request a copy of your data

California Residents (CCPA)

You have the right to know what personal information we collect, request deletion, and opt out of "sales" of your data. We do not sell your data. To exercise these rights, email team@localpony.app.

EU Residents (GDPR)

You have rights to access, correct, delete, restrict processing, and port your data. Our legal basis for processing is contract performance (to deliver the App) and legitimate interests (fraud prevention, analytics). To exercise these rights, email team@localpony.app.

5. Children's Privacy

LocalPony is not intended for children under 13. We do not knowingly collect information from children under 13. Users under 18 require parental consent. If we learn we have collected information from a child under 13, we will delete it promptly.

6. Data Security

We use industry-standard security measures including:

• TLS encryption for all data in transit
• Encrypted password storage (bcrypt via Supabase Auth)
• Row-level security on our database
• Server-side image moderation API keys
• Regular security audits

No system is 100% secure. If we detect a breach affecting your information, we will notify you and applicable regulators as required by law.

7. Data Retention

• Active accounts: we retain your data as long as your account is active
• Deleted accounts: permanently removed within 30 days
• Inactive accounts: after 3 years of inactivity, we may delete your account with 30 days email notice
• Backups: may persist for up to 90 days after deletion for disaster recovery purposes

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify you through the App or via email. The "Last updated" date at the top reflects the latest revision.

9. Contact Us

Questions? Email us at team@localpony.app.

Eastop LLC [Your business address] United States