Joyn
PrivacyTermsSign in

Privacy Policy

Last updated July 10, 2026

Joyn is an app for making plans and messaging with small groups of friends. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

This policy covers the Joyn iOS app and our companion website at joynevents.com. Joyn is currently in closed testing. When we say we, us, or Joyn, we mean Kasper Fellkjær Thoring, the Norwegian sole proprietorship that operates Joyn. When we say you, we mean a person who uses Joyn.

Joyn uses the information listed below for its current account, planning, messaging, location search, calendar, notification, and AI features. Joyn has no analytics, telemetry, advertising, or tracking SDKs, no advertising or tracking identifiers, and no App Tracking Transparency prompt. We do not sell your personal data.

Contents

  1. Our privacy principles
  2. 1. Information we collect
  3. 2. iOS permissions we ask for
  4. 3. How we use your information
  5. 4. AI features and your content
  6. 5. How your information is shared
  7. 6. Third-party services
  8. 7. Cookies on our website
  9. 8. Data retention
  10. 9. Your choices and rights
  11. 10. Security
  12. 11. Children and age
  13. 12. International users and data transfers
  14. 13. Changes to this policy
  15. 14. How to contact us

Our privacy principles

A few commitments guide everything below:

  • Feature-tied data. The app asks for information used by current Joyn features, and keeps app-only caches local where it can, such as recent place searches.
  • No ads, no tracking, no selling. Joyn has no analytics or tracking SDKs and no advertising identifiers, and we never sell your data or use it to advertise to you.
  • You stay in control. You can delete your account, manage AI memories, tune notifications, and manage calendar sync.
  • Protected by design. Joyn is configured to use Supabase over HTTPS, database access is scoped by Row-Level Security, private storage uses storage policies and signed URLs.

One thing we want to be upfront about: Joyn is not an end-to-end encrypted messenger. Messages are stored server-side in Supabase and cached locally on your device so Joyn can sync them, operate message features, and power AI features you use or AI agents that are triggered in conversations you participate in. The sections below explain the details.

1. Information we collect

We collect the information you give us and the limited technical information we need to run the app. Here is what that includes.

Account and identity

  • When you sign up or sign in with an email one-time code (OTP), Supabase Auth processes your email address and the one-time code sent to that address. Joyn does not ask you to create separate Joyn account credentials for the current signup or sign-in flow.
  • If you use Sign in with Apple with your Apple ID, Joyn requests your name and email where supported, sends Apple's identity token or OAuth callback through Supabase Auth, and may use profile metadata when Apple or Supabase returns it.

Profile

Your profile includes your full name, username, avatar image, email, time zone, locale, notification settings, and default assistant choice. Joyn does not ask for your birthday.

Messages and conversations

When you message in Joyn, we process the content you send: text (up to 4000 characters), images, GIFs and stickers (searched through Klipy), arbitrary emoji-style reactions, @-mentions, replies, read receipts, and delivery state. Messages are stored in our backend (Supabase) and cached locally on your device so the app works quickly and offline. When a message contains a web link, the device displaying it may fetch a preview — such as the title and image — directly from that website, which lets the site see that request, including your device's IP address.

Activities, events, and hangouts

When you create or join plans, we process the details you and others add: titles, descriptions, a venue or location entered as free text, dates and times, cover images, recurring occurrences, RSVPs, time-polls and votes, discussion posts, comments, post images and reactions, and hangout photos.

Your social graph

We store your friends, friend requests, friend groups, and invite claims. These are created through explicit Joyn actions such as username search, invite links, and accepting requests. You can block and report other users, and we keep a record of the blocks and reports you make.

Location

If you grant location permission ("While Using the App"), Joyn can request your current location to suggest a nearby address, and place search/autocomplete uses Apple MapKit. Venue or location text may be stored on activities or occurrences, and location poll or finalized location options may store optional coordinates when a MapKit result provides them. Recent searches are cached only on your device. Joyn does not collect continuous, background, or live location.

Device and technical information

  • An Apple Push Notification service (APNs) device token (and a flag noting whether it is a sandbox or production token) so we can deliver notifications.
  • Your time zone and locale, so times and content display correctly.
  • A local-only crash logger writes to your device logs to help with debugging on the device. This is not transmitted to us.

There are no analytics, telemetry, advertising, or third-party crash-reporting SDKs in Joyn, no advertising or tracking identifiers, and no App Tracking Transparency prompt, because we do not track you.

2. iOS permissions we ask for

Joyn asks for a permission only when a feature needs it, and the feature explains why. You can change any of these in your device settings.

  • Camera — to take photos for messages and activities.
  • Photo Library — to add images, set your avatar, and save Joyn photos or images to your library.
  • Location (While Using the App) — for place search when you add a venue.
  • Calendars (full access) — optional sync that adds, updates, and removes Joyn activities in your iOS Calendar. You can turn calendar sync off at any time.

We do not request microphone, contacts, health, or tracking permissions.

3. How we use your information

We use the information above to provide and operate Joyn. Specifically, we use it to:

  • Create and secure your account, and sign you in.
  • Deliver your messages, reactions, RSVPs, posts, and other content to the people you share them with.
  • Power core features like place search, time-polls, calendar sync, and push notifications.
  • Keep the app working reliably, including local caching and offline behavior.
  • Respond to your requests, and keep Joyn safe by handling blocks, reports, and abuse.
  • Comply with our legal obligations.

We do not use your information for advertising, and we do not profile you for marketing.

4. AI features and your content

Joyn includes AI features powered by the OpenAI API: a private assistant, pull-aside help from a chat, and AI agents that can be added to conversations. AI can help plan, summarize, search Joyn context you can already access, prepare drafts, and create reviewable action cards.

When you use AI features, or when a conversation assistant is triggered in a chat you participate in, Joyn sends the relevant request and context to OpenAI to generate a response. Depending on the request, that context can include:

  • Your message to the assistant and recent relevant assistant history.
  • Recent conversation messages, and older or relevant messages when the assistant uses permitted chat search.
  • Participant names.
  • Your time zone and locale.
  • Relevant activity details, RSVPs, polls, friends, and messages that Joyn's AI tools retrieve under your account permissions.
  • AI memories that are visible to you, when the private assistant uses memory to personalize a response.
  • Live web search or restaurant booking details when you ask the assistant to use those features.

Joyn sets `store: false` on OpenAI Responses API requests. According to OpenAI's API data controls and OpenAI's data-use article, API inputs and outputs are not used to train OpenAI models by default, but OpenAI may retain abuse-monitoring logs for up to 30 days unless a different OpenAI data-retention control applies.

Separately, to run AI features safely and prevent abuse, Joyn keeps a minimal internal log of AI activity — such as which assistant ran, the lens and data scopes it was allowed, and the conversation it acted in. This log does not store your message content or the assistant's replies. We automatically delete these AI activity logs after 30 days.

Private AI assistants may save AI memories about you to personalize future help. Memories are short notes such as people, places, preferences, habits, or activity-planning facts the assistant saves while helping you. You can view, edit, delete individual memories, or clear all memories from AI memory in the app.

Personal memories are private to your account. Conversation assistants do not receive your private memories when they respond publicly in a group chat; they use the conversation context they are allowed to read instead.

AI actions that change Joyn data — such as sending messages, creating or editing activities, RSVP actions, or restaurant booking requests — are prepared for review in Joyn where the app supports that action. In-chat assistants can also post their own assistant replies into the conversation when triggered.

If you do not want your content processed by OpenAI, do not use AI features and avoid adding or triggering AI agents in conversations that include your content. If another participant triggers a conversation assistant in a chat you share, recent relevant chat context may be processed so the assistant can respond. Daily and weekly per-user usage limits apply to AI features.

Content moderation and reports

To keep Joyn safe, when content is reported we process the reported content through automated content-moderation tools — OpenAI's moderation endpoint and an OpenAI model that classifies the report — to assess whether it breaks our rules. We send only the reported item and the report details, not your wider conversation history, and the same `store: false` and OpenAI retention terms described above apply. Suspected illegal content is handled separately and is not sent to these AI tools.

Based on that assessment, content involving clear and serious violations may be automatically hidden, and less clear or higher-stakes reports are sent to a person for review. Automated hiding is reversible. We keep a tamper-evident internal record of moderation decisions and the reasons for them.

If your content is hidden or your account is actioned by an automated decision, you can ask a person to review it by replying to the notification or contacting us using the details at the end of this policy. We rely on our legitimate interest in keeping Joyn safe, and on meeting our legal obligations, as the basis for this processing.

5. How your information is shared

We share information in a few limited ways: with the people you choose to share it with inside the app, and with the service providers (sub-processors) that help us run Joyn. We do not sell personal data, and we do not share it with advertisers.

With other users

Messages, posts, RSVPs, and photos are visible to the relevant conversation or activity participants. Your public profile summary, such as name, username, and avatar, may also appear in username search, invite, friend, conversation, and activity surfaces.

With our service providers (sub-processors)

We use the following providers to operate Joyn. This table explains what each provider supports:

  • Supabase — authentication, database/RPC access, private file storage, realtime sync for the app, and Edge Functions. Supabase stores most of your account and content data.
  • OpenAI — powers Joyn's AI agent and assistant features, and the automated content-moderation of reported content, as described in section 4.
  • Apple — Sign in with Apple (identity), Apple Push Notification service (delivering notifications, including preview text such as a name, message snippet, or activity title), and the App Store (distribution). Apple MapKit powers place search and current-location address lookup.
  • Klipy — GIF and sticker search. When you search, your query is sent to Klipy to return results.
  • Resend — sends notification fallback emails and selected transactional emails; Supabase Auth handles standard auth email flows such as email one-time code delivery.
  • Vercel — hosts Joyn's website and server routes, processes web requests, and issues short-lived service identity tokens that authenticate the waitlist route to Supabase.

We require these providers to process your information only on our instructions and to protect it, under data processing agreements where applicable.

When you book a place through Joyn

If you ask Joyn to help book a place (for example, a restaurant), we send your booking request to that venue or its booking provider so they can act on it. This can include your name and email, the date and time, party size, an optional contact phone number, and any notes you add — which may include details like allergies or accessibility needs. Only include details you are comfortable sharing with the venue.

For legal and safety reasons

We may disclose information when we believe it is reasonably necessary to comply with the law, respond to lawful requests, enforce our terms, or protect the rights, safety, and property of our users, the public, or Joyn.

6. Third-party services

Some features rely on the third parties listed in section 5. When you use those features, your information is handled under their privacy practices as well as ours. We encourage you to review their policies:

  • Supabase
  • OpenAI
  • OpenAI API data controls
  • Apple
  • Klipy
  • Resend

Choosing a venue through MapKit, or signing in with Apple, also involves Apple as described above.

7. Cookies on our website

On our website joynevents.com you can sign in with email one-time code or Sign in with Apple where configured, view invite previews, view and RSVP to supported activities, open profile links that hand off to the app, manage basic web profile details such as name and username, and have username availability checked when you create or update a web profile.

If you join the launch waitlist, we store the email address you submit, the date you consented, and the consent wording version so we can send Joyn launch and early-access updates. To protect the form from abuse, the website sends your source IP address to Joyn's Supabase Edge Function, which immediately converts it to an hour-scoped, keyed one-way value. The raw address is not written to Joyn's database; the keyed rate-limit record is automatically deleted after its 24-hour retention window. We do not attach advertising profiles, analytics identifiers, or browsing history to a waitlist signup. You can unsubscribe from those updates at any time.

The website uses Supabase session cookies to keep you signed in, plus time-limited Joyn cookies for invite handoff (up to 7 days) and sign-in confirmation handoff (10 minutes). We do not use analytics, advertising, or tracking cookies on the website.

8. Data retention

Most account and content records remain while your account is active unless you delete content or your account. Account deletion is described in section 9, including the current cascade behavior for related records.

Some technical records have shorter retention, such as read receipts and local link-preview cache. Some information may be kept afterward where we need it to comply with legal obligations, resolve disputes, protect Joyn, or enforce our agreements.

Waitlist email addresses remain on the launch list until you unsubscribe or the launch-update purpose ends. After an unsubscribe, we may keep the minimum suppression record needed to avoid sending you more waitlist email.

Internal AI activity logs — which record AI feature usage for safety and abuse prevention, without message content — are automatically deleted after 30 days. Transient AI processing-queue records are cleared within a day.

9. Your choices and rights

You have meaningful control over your information in Joyn.

Deleting your account

You can delete your account in the app at Settings → Security → Delete account. Deleting your account calls Joyn's account-deletion flow, which removes your push tokens, profile, and auth account, and relies on database cascade rules for related rows such as messages, posts, comments, reactions, RSVPs, blocks, reports, AI memories, and AI history. For activities you own, Joyn promotes the oldest co-host when one exists so the plan can continue; some activity or guest records may remain without your user account attached.

Other controls in the app

  • Block and report other users.
  • Notifications — granular, per-type notification controls.
  • Calendar sync — turn Joyn calendar sync on or off.
  • AI memory — view, edit, delete, or clear saved AI memories.
  • Sign-in — available on the web where supported.

Data access and portability

There is currently no self-serve data-export download in Joyn. To request access to or a copy of your data, contact us at privacy@joynevents.com and we will help.

Your legal rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. Laws such as the GDPR and the CCPA provide these kinds of rights. To exercise them, contact us at privacy@joynevents.com. We will respond as required by applicable law, and we will not discriminate against you for exercising your rights.

10. Security

We take reasonable steps to protect your information, including:

  • Encryption in transit using HTTPS/TLS.
  • Row-Level Security on our database, so accounts can only reach the data they are allowed to.
  • Private file storage, accessed through storage policies and signed URLs.
  • Auth tokens stored in the iOS Keychain, with Supabase credentials mirrored into shared app-group storage for the notification service extension.

No method of transmission or storage is perfectly secure, but we work to protect your information and to keep these protections current.

11. Children and age

Joyn is not intended for young children. You must be at least 13 years old to use Joyn. If you live somewhere that sets a higher age of digital consent, you must meet that age instead.

We do not knowingly collect personal information from children under the applicable minimum age. If you believe a child has provided us information, contact us at privacy@joynevents.com and we will take appropriate steps to remove it.

12. International users and data transfers

Joyn is operated by Kasper Fellkjær Thoring, a sole proprietorship (enkeltpersonforetak) registered in Norway (organisation number 926 450 042). Your information is stored and processed by Supabase, OpenAI, Apple, Klipy, Resend, and other providers as described in this policy.

If you use Joyn from another country, your information may be transferred to and processed in countries whose data protection laws differ from your own. Where required, we rely on appropriate safeguards for these transfers.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "last updated" date at the top, and for significant changes we will provide a more prominent notice where appropriate.

Your continued use of Joyn after an update means you accept the revised policy.

14. How to contact us

If you have questions about this policy or how we handle your information, or if you want to exercise your privacy rights, contact us at privacy@joynevents.com.

You can also reach us by mail at Kasper Fellkjær Thoring, Husebyskogen 74, 1570 Dilling, Norway.

Privacy PolicyConsumer TermsHome
© 2026 Joyn