Privacy Policy

1. Data We Collect

Account information

When you create an account, we receive:

• Display name (first and last name) — only if you choose to share it. Stored on our servers to personalize your experience.
• Phone number — if you sign up with phone + password, we store your number to authenticate you and, with your opt-in, to send you SMS alerts when your watches trigger. See Section 4 (SMS / Text Messaging) below.
• Email address — if you sign in with Apple or Google, provided by the identity provider and used only for account identification.
• SMS consent record — the timestamp and disclosure text you agreed to when opting into SMS alerts. Kept as an audit trail for carrier compliance.

We do not store your passwords in the clear. Authentication is handled by Supabase Auth (phone + password), Sign In with Apple, or Google Sign-In.

Watch data

When you create a watch, we store:

• The URL of the web page you want to monitor
• Your watch condition (e.g., “price drops below $50”)
• Watch name, emoji, action preferences, and check frequency
• Product images fetched from the watched URL (og:image metadata)

Push notification tokens

If you enable push notifications, we store your device's push token linked to your account so we can send you alerts when your watches trigger.

Photos you share

If you attach a screenshot or photo in the Steward AI chat, the image is compressed and sent to our server for AI analysis. Photos are processed in real-time and are not permanently stored on our servers.

Activity log

We record in-app events such as watches created, alerts triggered, and actions completed. This powers the Activity tab in the app.

App preferences

Settings like dark mode and default check frequency are stored locally on your device only.

2. How We Use Your Data

We do not use your data for advertising, user profiling, or cross-app tracking.

3. Third-Party Services

We use the following third-party services to operate Steward:

Supabase (backend infrastructure)

Your account data, watches, and activity history are stored on Supabase servers. Supabase provides database hosting, authentication, and serverless functions. Data is stored in the United States.

Anthropic (AI processing)

When you use the Steward AI chat or when a watch check runs, text data (your messages, web page content up to 4,000 characters, and any attached photos) is sent to Anthropic's Claude AI for processing. Anthropic processes this data to generate responses and does not use it to train their models. See Anthropic's Privacy Policy.

Serper (product search)

When you share a product screenshot in chat, a search query may be sent to Serper.dev to find matching product listings. Only the product search query is sent — no personal information.

Apple & Google (authentication)

Sign In with Apple and Google Sign-In handle authentication when you choose those options. Your Apple ID / Google credentials are never shared with us.

Payments (Apple In-App Purchase & Stripe)

Subscriptions purchased from the iOS app are processed entirely by Apple through the App Store. Subscriptions purchased from the web app (joinsteward.app) are processed by Stripe. In both cases we never receive or store your full card details — we only receive a transaction identifier, subscription status, and the last four digits of the card (Stripe only) for billing support.

Twilio (SMS delivery)

If you opt in to SMS alerts, we transmit your phone number and the text of each message to Twilio solely so they can deliver the message to your wireless carrier. Twilio is a processor; we do not use Twilio for marketing, profiling, or any purpose other than message delivery.

Product analytics (web)

The web app (joinsteward.app) uses PostHog and Vercel Analytics to measure aggregate product usage — page views, clicks, and conversion funnels — so we can improve the app. These tools may record your user ID, coarse geolocation (country/region), and device type. We do not use them for advertising, cross-site tracking, or selling data to third parties. The iOS app does not use these tools.

4. SMS / Text Messaging

If you sign up with your phone number and affirmatively opt in at the point of signup, Steward may send you recurring automated text messages to the number you provided.

Types of messages you'll receive

• Transactional — one-time verification codes (OTP) and password-reset codes. These are required to use the service and cannot be opted out of.
• Alerts — price-drop, restock, and watch-triggered notifications based on the watches you create. These require your explicit opt-in and can be stopped at any time.

Opt-in

You opt in to alert messages by checking the SMS consent box on the signup screen. Consent is not a condition of purchaseor of using Steward — you can use Apple or Google sign-in and the in-app / push notification channels instead. We record the timestamp and the exact disclosure text you agreed to as an audit trail.

Frequency & cost

Message frequency varies based on how many watches you've created and how often their conditions are met. Message and data rates may apply from your wireless carrier. Steward does not charge you for SMS.

Opt-out and help

You can opt out of alert messages at any time by replying STOP to any Steward text message, or by turning off SMS alerts in the app's Settings screen. For help, reply HELP or email hello@joinsteward.app. After you reply STOP you will receive one confirmation message and no further alerts. You may re-opt-in at any time by re-enabling SMS alerts in Settings.

Sharing of SMS data

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All categories of personal information exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties or affiliates. Phone numbers and the content of alert messages are transmitted only to our SMS delivery provider (Twilio) solely to deliver the message to your carrier.

5. Data We Do NOT Collect

• We do not store full credit card numbers — payments are handled entirely by Apple or Stripe
• We do not serve advertisements
• We do not sell, rent, or share your personal data with third parties for marketing
• We do not track you across other apps or websites
• We do not use advertising SDKs, ad networks, or third-party ad trackers

6. Data Retention

Your data is retained as long as your account is active. Watch check results are kept to power price history and insights. If you delete your account, all associated data (profile, watches, activities, and check results) will be permanently removed from our servers within 30 days.

7. Data Security

We protect your data using:

• HTTPS encryption for all data in transit
• Supabase Row Level Security ensuring users can only access their own data
• API keys and secrets stored as server-side environment variables, never in the app binary
• Rate limiting on all server endpoints to prevent abuse

8. Your Rights

You have the right to:

• Access your data — all your watches, activity, and profile are visible in the app
• Delete your data — contact us at the email below and we will delete your account and all associated data
• Revoke notification permissions — disable push notifications at any time in your device settings
• Revoke Apple Sign In — go to Settings → Apple ID → Sign-In & Security → Sign in with Apple to stop using your Apple ID with Steward

9. Children's Privacy

Steward is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by updating the effective date at the top of this page. Your continued use of Steward after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to request data deletion, contact us at: