1. Introduction

This Privacy Policy describes how Throwback ("the App," "we," "us," or "our") handles information in connection with your use of the Throwback iOS application. By using the App, you agree to the practices described in this policy.

Throwback is a privately distributed iOS application that allows users to browse photos and popular posts from GroupMe group chats they are members of. The App is available exclusively through Apple TestFlight and is not offered to the general public.

2. Information We Do Not Collect

We do not operate any servers that receive, store, or process user data. We do not collect:

• Names, email addresses, or other identifying information
• Location or geolocation data
• Device identifiers or advertising identifiers
• Usage data, analytics, or behavioral information
• Crash reports or diagnostic data transmitted to us

3. Information Stored on Your Device

The App stores the following information locally on your device:

• GroupMe Access Token. Following authentication, the access token issued by GroupMe is stored in the iOS Keychain. This token is used solely to make authorized requests to GroupMe's API on your behalf and is never transmitted to any server other than GroupMe's.
• Group Message History. When you initiate an export, the App downloads your group's message history from GroupMe's API and stores it in the App's private Documents directory. This data includes post content, metadata, member information, and engagement data associated with the group.
• App Preferences. Settings such as your selected group and content preferences are stored in iOS UserDefaults on your device.

All locally stored files are protected using iOS Data Protection (FileProtectionType.completeUnlessOpen), which encrypts data at rest and restricts access when the device is locked. Export data is excluded from iCloud backups.

4. How We Use Information

Information stored on your device is used solely to operate the App's core features: authenticating with GroupMe, displaying your group's content, and persisting your preferences between sessions. No information is used for advertising, profiling, or any purpose beyond local app functionality.

5. Information Sharing and Disclosure

We do not sell, rent, license, or otherwise disclose your information to third parties. The App does not transmit any user data to servers operated by us or any third party, with the exception of requests made directly to GroupMe's official API as described in Section 6.

6. Third-Party Services

The App communicates exclusively with GroupMe's official services:

• oauth.groupme.com — account authentication
• api.groupme.com — group and message data retrieval
• i.groupme.com — image and avatar delivery

Your use of GroupMe through the App is subject to GroupMe's Terms of Service and GroupMe's Privacy Policy. The App does not integrate any third-party analytics, advertising, or tracking SDKs.

7. Children's Privacy

The App is not directed to children under the age of 13. We do not knowingly collect or solicit personal information from anyone under 13. Access to the App is limited to individuals who have received an explicit TestFlight invitation.

8. Data Retention and Deletion

All data stored by the App resides on your device and is under your control. You may delete all App data at any time by removing the App from your device. Signing out of the App clears the stored access token from the Keychain.

9. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be reflected by an updated effective date at the top of this page. Continued use of the App following any changes constitutes your acceptance of the revised policy.

10. Contact

If you have questions or concerns regarding this Privacy Policy, please contact us at admin@ostrel.ai.