ShowUp Privacy Policy

Effective date: 2026-05-10
Last updated: 2026-05-10
Operator: Kuldeep Singh, Pune, Maharashtra, India
Privacy contact: contact@uvbolt.com

ShowUp is an Android voluntary-accountability app. It helps you choose a place, set an accountability amount and 30-day target, and verify show-ups using foreground location. This policy explains what data ShowUp collects, why it is used, who processes it, and how you can request deletion.

ShowUp does not sell personal data. ShowUp does not use third-party advertising. ShowUp does not collect background location, photos, face data, microphone audio, contacts, SMS content, health records, or workout data. Witness invites are optional and cycle-scoped; ShowUp does not upload contacts, provide free-form chat, or send Witness email digests.

Data We Collect

We collect only the data needed to run the app, keep cycle receipts and the payment ledger accurate, prevent abuse, and support users.

Account data: Firebase user ID, sign-in provider, email address, phone number when used for phone sign-in, account status, and single-device state.
Spot and cycle data: chosen spot, spot source, spot category where available, target show-ups, cycle dates, accountability amount, commitment tier, missed show-ups, check-in state, optional check-out time-at-spot stats, and dispute state.
Location data: precise foreground location when you set a spot, start a check-in, or optionally check out after a same-day check-in. ShowUp uses this to verify presence at your selected spot. The app does not collect location in the background.
Payment data: Google Play product ID, order ID, purchase token, purchase state, payment-obligation state, charge amount, and reconciliation status. ShowUp does not receive your full card number, bank account, UPI handle, or Google Play payment credentials.
Witness data: user-chosen display name for Witness sharing, invite and access public IDs, relation public IDs, token hashes, route family, authenticated-binding state, relation status, visibility choices, nudge status, report/block status, audit events, and limited progress/result data needed to render Witness pages and app surfaces. Raw invite and access secrets are not stored after creation.
Support and dispute data: messages, notes, attachments if enabled later, review decisions, and audit history needed to resolve support requests.
Device and security data: app version, device/app signals needed for fraud prevention and single-device enforcement, Firebase Cloud Messaging token, Play Integrity results where available, App Set ID where used, crash logs, diagnostics, IP-derived request metadata, and server logs.

How We Use Data

To create and secure your account.
To let you select a spot and verify show-ups.
To calculate the final cycle charge from your accountability amount, target, and missed show-ups.
To process Google Play Billing purchases and reconcile payment state.
To create optional Witness invite links, enforce Witness visibility choices, support revocation and reports, and show limited Witness progress when you choose to share it.
To prevent fraud, location spoofing, duplicate payments, and account abuse.
To send essential notifications about account, cycle, check-in, dispute, payment, and security events, and to send user-disableable adaptive check-in reminders based on your cycle rhythm when they can help.
To answer support requests and review disputes.
To maintain service reliability, debug crashes, and comply with legal, tax, accounting, and platform obligations.

Location Use

ShowUp is built around a place selected by you. The app requests foreground location so it can place or confirm your spot, verify a check-in when you ask it to, and optionally record a check-out after a same-day check-in. ShowUp does not request background location. Optional check-out duration is a personal stat only and does not affect check-in credit, target progress, missed show-up calculation, payment, disputes, or Witness sharing.

Raw GPS coordinates are not sent to advertising networks or third-party analytics. Operational location records are used for check-in verification, dispute review, abuse prevention, and audit integrity.

Payments

All in-app payments are handled through Google Play Billing. If a final charge remains after a cycle, Google Play processes the payment method. ShowUp stores the purchase and ledger records needed to know whether a cycle charge is pending, paid, not completed, refunded, voided, or under reconciliation.

Witnesses

Witness is optional and cycle-scoped. A Witness may use a private bearer invite link, or accept in the Android app while signed in. Opening a link or previewing an invite does not bind a signed-in account; binding happens only after an explicit accept action. ShowUp does not import contacts, request contacts permission for Witness invites, provide free-form Witness chat, or send Witness email digests.

Current public Witness invite and access links use /showup/witness/*. Old /showup/partner/* links become generic unavailable after the Witness cutover; the page asks for a new Witness invite and does not reveal user, cycle, spot, target, or progress details.

A Witness can see only your chosen display name, target show-ups, aggregate verified show-up count after acceptance, cycle day/window, optional spot name if you turn it on, and final result if result sharing remains enabled. Spot name sharing is off by default. Final result sharing is on by default for active-cycle invites, is disclosed before sharing, and can be turned off before backend cycle closure.

Witnesses cannot see live location, raw GPS, check-in dates or times, check-out existence, check-out time, check-out duration, distance, accuracy, integrity signals, routine data, payment state, charge amount, Google Play order details, disputes, support messages, fraud/admin state, phone number, email address, device data, identity hashes, authenticated app-user identity, or private account details.

Witnesses can send bounded canned nudges when backend state allows, leave, or report a concern. They cannot verify location truth, approve check-ins, change a cycle, arbitrate disputes, collect money, settle charges, receive payouts, or enforce payment. You can remove or block Witness access from the app. When Witness access is removed, blocked, expired, disabled by account deletion, or held for review, the Witness sees generic unavailable copy.

Processors and Cross-Border Transfers

ShowUp uses service providers to operate the app. These providers process data for the service functions below, under their own terms and privacy practices where applicable.

Google Play (United States), for Play Billing and purchase management.
Google Cloud (United States and other Google Cloud regions), for Play Developer API access and Pub/Sub purchase notifications.
Firebase (United States and other Google Cloud regions), for authentication and push notifications.
Mapbox (United States), for maps and spot search.
Hetzner (Germany or Finland, European Union), for backend and PostgreSQL hosting.
Cloudflare R2 (United States and Cloudflare's global edge), for database backups.
Resend (United States), for operational support and admin email delivery.
Sentry (United States/EU regions), for backend exceptions and Android crash reporting.
UptimeRobot or an equivalent uptime monitor (United States), for public health checks and outage alerts.

Several of these processors operate outside India. Operational data described above is transferred to these processors as needed for them to perform the listed functions. Each processor handles data under its own terms, security practices, and applicable cross-border transfer safeguards.

Data Security

Data is transmitted over HTTPS. Production data is stored in PostgreSQL with access limited to operational need. Payment and check-in workflows use server-side validation, audit records, and idempotency controls so client state alone cannot decide payment or product state.

Retention

We keep account, cycle, check-in, payment, dispute, and audit records while your account is active and while they are needed to operate ShowUp. Some records may be kept after account deletion when required for security, fraud prevention, payment reconciliation, tax, accounting, legal compliance, dispute handling, or platform enforcement.

Witness result access expires 7 days after backend cycle closure. Non-reported Witness access audit events and nudge events are kept until cycle close plus 90 days, then deleted, de-identified, or reduced to aggregate-only counts. Report, block, abuse, dispute, fraud, legal/accounting, or support cases may keep event-level Witness records while the case remains open. Witness audit and nudge records do not inherit the 365-day identity-restore retention window used for deleted-account charge restoration.

When retention is no longer needed, records are deleted or de-identified. Exact location records are treated as sensitive operational data and are not used for general analytics.

Your Choices and Rights

You may request access, correction, or deletion of your account data by contacting contact@uvbolt.com. You may also request account deletion at /delete-account at any time.

You can remove Witness access, mute nudges, block the current Witness relation, keep spot-name sharing off, or turn final-result sharing off before backend cycle closure where the app allows. If you ask us to delete your account, Witness invites and access links are disabled and Witnesses see generic unavailable copy. We will delete or de-identify account data that is no longer needed. If there is an active cycle, unresolved final cycle charge, dispute, fraud review, Witness report, or legal retention requirement, some processing or retention may continue until that issue is resolved.

Grievance Officer

For complaints, requests, or questions about your data under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the Digital Personal Data Protection Act, 2023, contact the Grievance Officer:

Name: Kuldeep Singh
Address: Pune, Maharashtra, India
Email: contact@uvbolt.com

We respond to grievances within 30 days of receipt. Where a grievance requires further investigation (for example, an active cycle, an unresolved payment, a fraud review, or platform enforcement), we will explain the status and the next steps within that 30-day window even if a final resolution requires additional time.

Children

ShowUp is for users who are at least 18 years old. The app is not directed to children.

Changes

We may update this policy when the app, processors, law, or platform requirements change. We will post material changes on this page at least 30 days before they take effect, and where you have an active cycle we will surface a notice in the app or send an email to the address on file.