Privacy Policy

Last Updated: December 29, 2025

Introduction

Kebab is a privacy-first mobile application for tracking charitable donations and calculating Fair Market Values for tax purposes. This Privacy Policy explains how information is handled when you use the App.

Night Owl Studio ("we," "our," or "us") develops and maintains Kebab. We are committed to protecting your privacy.

Information Collection by Subscription Tier

FREE Tier (No Data Collection)

If you use the FREE tier of Kebab, we collect minimal information about you. Specifically, we do not collect:

• Your donation records
• Organization information you enter
• Item descriptions or valuations
• Export files you generate
• Personal identifying information
• Usage analytics or statistics
• Device identifiers (UDID, Advertising ID, etc.) - except a temporary UUID for rate limiting (see below)
• Your location data (see Location Services below)
• Contact information

FREE tier users have strong privacy protection with minimal tracking.

STANDARD and PREMIUM Tiers (Limited Data Collection)

If you purchase a STANDARD or PREMIUM subscription through Apple's App Store or Google Play Store, we collect only your transaction identifier to enforce subscription limits and prevent abuse:

Transaction ID Collection

• What We Collect: Your unique transaction ID (iOS) or order ID (Android) from your in-app purchase receipt
• How We Get It: Provided automatically by Apple/Google when you subscribe
• Why We Collect It: To track your AI valuation quota usage and verify your subscription status
• What It's NOT Linked To:
  • Your personal identity
  • Your device hardware identifiers
  • Your email address or Apple/Google account information
  • Your donation records or any App data
• Data Retention: Transaction IDs are stored only for the current and previous calendar year for quota tracking
• Third-Party Access: Transaction IDs are validated with Apple/Google servers but not shared with any other third parties

What We Still Don't Collect (Paid Tiers)

Even with a paid subscription, we still do not collect:

• Your donation records or organization information
• Item descriptions or valuations
• Personal identifying information beyond the transaction ID
• Device identifiers (UDID, Advertising ID, etc.) - except a temporary UUID for rate limiting (see below)
• Usage analytics or behavioral data
• Your location data (see Location Services below)
• Contact information

Your donation data always remains under your control, regardless of subscription tier.

Data Storage

Local Storage Only: All donation records, organization data, and valuation information are stored exclusively in a local SQLite database on your device. We have no access to this data and cannot retrieve it remotely.

Your Control: You have complete control over your data. You can export, delete, or clear all donation records at any time through the App's interface.

Optional Cloud Storage (Coming Soon)

In a future update, Kebab will offer optional native cloud storage integration to sync your donation records across your devices:

How It Will Work

• Default Setting: Opt-out (disabled). Your data will remain stored only on your device unless you choose to enable cloud storage.
• Opt-In: You will be able to enable cloud storage in the App's Settings to sync data across your devices using:
  • iOS: iCloud (Apple's cloud storage service)
  • Android: Google cloud storage services (such as Google Drive or Android Backup Service)

What Will Happen When You Enable Cloud Storage

If you choose to opt-in to cloud storage:

• Your donation records will be uploaded to your personal iCloud account (iOS) or Google cloud storage account (Android)
• Data will sync across all devices signed into the same Apple ID or Google account
• Apple's Privacy Policy (iOS): https://www.apple.com/legal/privacy/
• Google's Privacy Policy (Android): https://policies.google.com/privacy

Night Owl Studio's Access

We will have NO access to your cloud-stored data.

• Cloud storage will be managed entirely by Apple (iCloud) or Google (Google cloud storage services)
• Your data will be stored in your personal cloud storage account
• Night Owl Studio will not be able to access, retrieve, or view your cloud-stored donation records
• Cloud storage will operate using Apple/Google's APIs; we will not be a data processor for your cloud data

Disabling Cloud Storage

You will be able to disable cloud storage at any time:

• Turn off cloud sync in the App's Settings
• Data will revert to local-only storage on your device
• Existing cloud data may remain in your iCloud account or Google cloud storage until you manually delete it through Apple's iCloud settings or Google's account settings

Uninstalling the App

If you uninstall Kebab:

• Local data: All donation records stored on your device will be permanently deleted
• Cloud data: If cloud storage was enabled, your data will remain in your iCloud account or Google cloud storage until you manually delete it
  • To completely remove all data before uninstalling, manually delete cloud data through your iCloud settings (iOS) or Google account settings (Android)

Note: Cloud data is stored in your personal cloud account and persists independently of the app installation. This ensures your data is not lost if you reinstall the app, but also means you are responsible for deleting it if desired.

Your Choice: Cloud storage will be entirely optional. The App will continue to work fully without cloud storage enabled.

Third-Party API Services

While we don't collect your donation data, the App uses external services for Fair Market Value lookups. When you use AI-powered valuations:

eBay Browse API

• Purpose: Search sold items for comparable Fair Market Values
• Data Sent: Item descriptions and condition information
• Subscription Receipt (STANDARD/PREMIUM only): Your transaction ID is sent to verify your subscription status
• IP Address: Your IP address may be visible to eBay during API requests
• eBay's Privacy Policy: https://www.ebay.com/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy

Claude AI (Anthropic)

• Purpose: Analyze marketplace data for valuation recommendations
• Data Sent: Item descriptions and marketplace search results
• Subscription Receipt (STANDARD/PREMIUM only): Your transaction ID is sent to verify your subscription status and quota
• IP Address: Your IP address may be visible to Anthropic during API requests
• Anthropic's Privacy Policy: https://www.anthropic.com/privacy

Sentry (Error Monitoring)

• Purpose: Crash reporting and error monitoring to help us identify and fix bugs
• Data Sent: When the App crashes or encounters an error, Sentry receives:
  • Crash logs and stack traces
  • Device details (device model, operating system version)
  • App version and build number
  • Timestamp of the crash
• What Night Owl Studio Receives: Crash reports with device technical details to help diagnose and fix bugs. We do NOT receive:
  • Your name or contact information
  • Your donation records or financial data
  • Any personally identifying information
• IP Address: Your IP address may be visible to Sentry during crash report transmission
• Data Retention: Crash reports are retained for 90 days to help us identify and fix recurring issues
• Sentry's Privacy Policy: https://sentry.io/privacy/

Important Notes:

• FREE tier users: No subscription receipt is sent. Your requests are anonymous.
• STANDARD tier users: Transaction ID is used only to enforce the 25 AI valuations per year limit
• PREMIUM tier users: Transaction ID is used only to verify unlimited access
• Item descriptions sent to eBay and Claude are not linked to your identity

Offline Value Guide

The App includes a bundled offline guide with 1,757 common donation items. Using the offline guide sends no data to any external service.

Location Services

The App may request permission to access your device's location for automatic charitable mileage tracking:

Purpose: When you enable location services, the App can automatically calculate the distance you travel for charitable purposes (e.g., driving to donation centers, volunteering sites).

Your Choice: Location access is entirely optional. If you decline location permission, you can always enter mileage manually.

Data Handling:

• Location data is used only to calculate travel distance
• We do not save your location data
• We do not share your location with any third parties
• Location information is never transmitted to our servers
• Only the calculated mileage distance is stored locally on your device

Privacy Protection: The App processes location information locally on your device. No location coordinates, routes, or tracking data leave your device.

Cached Data

To reduce API costs and improve performance, the App caches Fair Market Value lookup results locally on your device. This cache:

• Stores only anonymous item descriptions and values
• Is stored exclusively on your device
• Can be cleared at any time through Cache Management in Settings

Device Identifier for Abuse Prevention

To prevent abuse of our Fair Market Value API, we collect a temporary device identifier:

• What We Collect: A randomly generated UUID created when you first install the App
• Why We Collect It: To prevent excessive AI valuation requests that would incur significant API costs
• How Long We Keep It: 24 hours only (usage counters automatically deleted after 24 hours)
• Rate Limits:
  • FREE tier: 50 AI valuations per device per day
  • STANDARD tier: 100 AI valuations per device per day
  • PREMIUM tier: 200 AI valuations per device per day
• What It's NOT:
  • Not linked to your personal identity
  • Not linked to your donation records
  • Not linked to hardware identifiers (UDID, Advertising ID)
  • Not shared with third parties
  • Cannot be used to track you across apps
• Purpose: Rate limiting only to prevent API abuse

This applies to all tiers (FREE, STANDARD, PREMIUM) and is necessary to protect our service.

When your daily limit is reached:

• The App automatically falls back to the Offline Value Guide (1,757 items)
• You can search eBay manually using the provided link
• Your limit resets at midnight UTC

Subscription Enforcement and Compliance

How Subscription Limits Work

• FREE Tier: AI valuation limit (5 per install) is enforced by the App on your device only. No backend tracking.
• STANDARD Tier: AI valuation limit (25 per year) is enforced by our backend server using your transaction ID
• PREMIUM Tier: No limits. Receipt validation ensures you have an active subscription.

Multi-Device Behavior

If you use the same subscription on multiple devices (iPhone and iPad, for example):

• Your transaction ID is the same across all devices
• STANDARD tier: The 25 AI valuations per year quota is shared across all your devices
• This is intentional behavior to prevent abuse while allowing legitimate multi-device use

GDPR and CCPA Compliance

Transaction IDs are not considered Personally Identifiable Information (PII) under GDPR or CCPA because:

• They cannot be used to identify you as an individual
• They are not linked to your name, email, phone number, or other personal data
• They are generated by Apple/Google, not by us
• They exist solely to verify subscription status

Your Rights:

• FREE tier: No data to access, delete, or modify
• STANDARD/PREMIUM tier: You may contact us to request deletion of your transaction ID from our quota tracking system
• Unsubscribing automatically stops all data collection

Subscription Management Service

Kebab uses RevenueCat to manage in-app subscriptions and purchases:

What is RevenueCat?

RevenueCat is a third-party subscription management platform that handles:

• Processing subscription purchases through Apple App Store and Google Play
• Validating subscription status
• Managing subscription lifecycle and renewals
• Providing anonymized analytics to help us improve the App

Data Collection by RevenueCat

When you purchase a subscription, RevenueCat collects and processes:

• Your transaction identifier (iOS) or order ID (Android)
• Subscription status and purchase history
• Device type and platform (iOS/Android)
• Purchase timestamps and renewal information

Important: Night Owl Studio receives only anonymized, aggregated reports from RevenueCat. We do NOT receive:

• Your name or personal identifying information
• Your email address or contact information
• Individual purchase details linked to your identity
• Any data that could be used to identify you personally

RevenueCat's Privacy Policy

For complete details on how RevenueCat processes subscription data:

https://www.revenuecat.com/privacy

Data Sharing

RevenueCat shares only anonymized, aggregated subscription metrics with Night Owl Studio for business analytics purposes. Individual user data is not shared.

Export Functionality

Kebab allows you to export your donation records in multiple formats for tax preparation and record-keeping:

Supported Export Formats

• CSV (Comma-Separated Values): For spreadsheet import
• PDF (Portable Document Format): For printing and archival

How Exports Work

• All export files are generated locally on your device
• Export files are never transmitted to our servers
• You control where export files are saved or shared (device storage, email, cloud services, etc.)

Your Responsibility for Exported Files

Important Security Notice: Once you export your donation records, you are solely responsible for securing those files.

• Physical Security: Printed PDF records should be stored securely
• Digital Security: Exported files contain sensitive financial information. Ensure they are:
  • Stored in secure locations (password-protected folders, encrypted drives)
  • Shared only through secure channels (encrypted email, secure file sharing)
  • Protected from unauthorized access
  • Deleted securely when no longer needed
• Cloud Storage: If you save exported files to cloud services (Dropbox, Google Drive, iCloud Drive, etc.), those services' privacy policies and security practices apply
• Email Transmission: Emailing export files to yourself or others may expose data to interception. Use secure, encrypted email when possible

Disclaimer: Night Owl Studio bears no responsibility for the security, privacy, or misuse of exported files once they leave the App. You are responsible for protecting your own financial records.

Customer Support and Refund Processing

When you contact us for customer support or to request a refund (such as Android beta tester refunds), we collect and process limited information:

Information Collected

• Email Address: Your contact email (from your message or Google account)
• Purchase Receipt: Google Play purchase receipt forwarded by you (Android only) or App Store transaction ID (iOS, when you contact Apple directly for refunds)
• Support Request Details: Your name (if provided), description of issue, or refund request information

How We Use This Information

• Refund Processing: To verify your purchase and process partial or full refunds
• Customer Support: To respond to questions, troubleshoot issues, and provide assistance
• Communication: To follow up on your request and confirm completion

Legal Basis for Processing (GDPR)

For users in the European Economic Area, United Kingdom, and Switzerland, we process your customer support data based on:

• Contractual Necessity (Article 6(1)(b)): Processing refund requests is necessary to fulfill our contractual obligations when you purchased the App
• Legitimate Interests (Article 6(1)(f)): Providing customer support serves our legitimate interest in maintaining customer satisfaction and product quality, balanced against minimal data collection
• Legal Obligation (Article 6(1)(c)): Retaining financial records for tax compliance and consumer protection laws

Data Retention

• Refund Records: Purchase receipts and refund documentation are retained for 90 days after processing to allow for payment reversals, dispute resolution, and financial reconciliation, then permanently deleted
• Support Correspondence: Email communications may be retained for up to 1 year to maintain service quality, track recurring issues, and protect against fraudulent refund claims. After 1 year, emails are automatically purged unless required for active legal proceedings
• Early Deletion: You may request deletion of your support records at any time by emailing privacy@nightowlstudio.us. We will honor deletion requests within 30 days, except where retention is required by law

Data Security

Customer support data is:

• Stored in encrypted email services (Google Workspace with 2FA and encryption at rest)
• Third-Party Processors: Google LLC processes emails on our behalf under their data processing terms
• Never shared with third parties except as required for refund processing (Google Play, Apple) or as required by law
• Accessed only by authorized Night Owl Studio personnel
• Never used for marketing, advertising, or third-party sharing for commercial purposes

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovery.

International Data Transfers

Customer support data may be processed on servers located in the United States and other countries where our service providers operate. When transferring data internationally, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Service providers' compliance with applicable data protection frameworks
• Appropriate technical and organizational security measures

Third-Party Refund Processing

For refunds, we interact with:

• Google Play Store: To process Android refunds through Google's Developer Console
• Apple App Store: To verify iOS subscription status (Apple processes refunds directly; we don't handle iOS refunds)

These platforms have their own privacy policies governing how they handle your purchase information.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate information
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Objection: Object to processing based on legitimate interests
• Portability: Request your data in a structured, commonly-used format (where applicable)
• Restriction: Request limitation of processing in certain circumstances
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise these rights, contact us at privacy@nightowlstudio.us. We will respond within 30 days (or as required by applicable law).

Right to Lodge a Complaint

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, or shared
• Right to Delete: Request deletion of personal information (subject to exceptions)
• Right to Opt-Out: We do not sell your personal information and have not done so in the past 12 months
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To submit a CCPA request, email privacy@nightowlstudio.us with "CCPA Request" in the subject line.

Legal Disclosures

We may disclose your personal information when required by law, such as:

• Compliance with court orders, subpoenas, or legal process
• Enforcement of our Terms of Service
• Protection of our rights, property, or safety, or that of others
• Prevention of fraud or illegal activity

We will notify you of legal demands for your information unless prohibited by law.

No User Accounts

The App does not require account creation, registration, or authentication. We collect no email addresses, usernames, or passwords within the App itself.

Note: If you contact us for support or refunds via email, we will collect your email address as described in the "Customer Support and Refund Processing" section above.

Children's Privacy

The App does not knowingly collect information from children under 13. The App is intended for adults managing charitable donation records for tax purposes.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last Updated" date. Continued use of the App after changes constitutes acceptance of the updated Privacy Policy.

Legal Disclaimer

Not Tax Advice: Kebab is a record-keeping tool, not tax preparation software. We provide no tax advice. Consult a qualified tax professional for tax guidance.

No Warranty: Fair Market Values are estimates based on marketplace data. We make no warranty as to their accuracy or IRS acceptance.

Data Security

Since your data never leaves your device (except during exports you initiate), your data security depends on:

• Your device's security settings
• Your device's encryption
• Your backup practices
• How you secure exported files

We recommend:

• Using device encryption
• Setting a device passcode/password
• Regularly backing up your device
• Securely storing exported files

Your Rights

FREE Tier Users

Because we don't collect any data from FREE tier users, there is no data for us to:

• Access or retrieve
• Delete or modify
• Share or sell
• Transfer to another service

All data management is performed directly on your device through the App's interface.

STANDARD/PREMIUM Tier Users

For paid subscribers, we only store your transaction ID for quota enforcement. You have the right to:

• Access: Request confirmation of what transaction ID we have stored
• Deletion: Request deletion of your transaction ID from our system (this will end your subscription benefits)
• Portability: Transaction IDs are generated by Apple/Google and can be retrieved from your purchase history
• Opt-Out: Cancel your subscription at any time through Apple App Store or Google Play Store

To Exercise Your Rights: Contact us at privacy@nightowlstudio.us with your request.

Data on Your Device

Regardless of subscription tier, all donation records on your device are under your complete control:

• Export to CSV at any time
• Delete individual donations or clear all data
• No remote access or retrieval by us
• Your device's security settings protect your data

Contact Us

For privacy questions, data requests, or to exercise your rights, contact:

Night Owl Studio
Privacy Officer
Email: privacy@nightowlstudio.us
Website: https://kebab.tax/privacy
Response Time: Within 30 days

Recent Changes

• December 29, 2025: Added RevenueCat subscription management disclosure. Added PDF export format and enhanced export security warnings. Added disclosure for planned Optional Cloud Storage feature for iCloud/Google cloud storage integration (opt-out by default, not yet released). Added Sentry error monitoring disclosure for crash reporting.
• December 4, 2025: Added Customer Support and Refund Processing section to disclose email collection and purchase receipt handling for beta tester refunds. Added comprehensive privacy rights disclosures for GDPR and CCPA compliance.