Privacy Policy
Last updated July 10, 2026
Joyn is an app for making plans and messaging with small groups of friends. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.
This policy covers the Joyn iOS app and our companion website at joynevents.com. Joyn is currently in closed testing. When we say we, us, or Joyn, we mean Kasper Fellkjær Thoring, the Norwegian sole proprietorship that operates Joyn. When we say you, we mean a person who uses Joyn.
Joyn uses the information listed below for its current account, planning, messaging, location search, calendar, notification, and AI features. Joyn has no analytics, telemetry, advertising, or tracking SDKs, no advertising or tracking identifiers, and no App Tracking Transparency prompt. We do not sell your personal data.
Our privacy principles
A few commitments guide everything below:
- Feature-tied data. The app asks for information used by current Joyn features, and keeps app-only caches local where it can, such as recent place searches.
- No ads, no tracking, no selling. Joyn has no analytics or tracking SDKs and no advertising identifiers, and we never sell your data or use it to advertise to you.
- You stay in control. You can delete your account, manage AI memories, tune notifications, and manage calendar sync.
- Protected by design. Joyn is configured to use Supabase over HTTPS, database access is scoped by Row-Level Security, private storage uses storage policies and signed URLs.
One thing we want to be upfront about: Joyn is not an end-to-end encrypted messenger. Messages are stored server-side in Supabase and cached locally on your device so Joyn can sync them, operate message features, and power AI features you use or AI agents that are triggered in conversations you participate in. The sections below explain the details.
1. Information we collect
We collect the information you give us and the limited technical information we need to run the app. Here is what that includes.
Account and identity
- When you sign up or sign in with an email one-time code (OTP), Supabase Auth processes your email address and the one-time code sent to that address. Joyn does not ask you to create separate Joyn account credentials for the current signup or sign-in flow.
- If you use Sign in with Apple with your Apple ID, Joyn requests your name and email where supported, sends Apple's identity token or OAuth callback through Supabase Auth, and may use profile metadata when Apple or Supabase returns it.
Profile
Your profile includes your full name, username, avatar image, email, time zone, locale, notification settings, and default assistant choice. Joyn does not ask for your birthday.
Messages and conversations
When you message in Joyn, we process the content you send: text (up to 4000 characters), images, GIFs and stickers (searched through Klipy), arbitrary emoji-style reactions, @-mentions, replies, read receipts, and delivery state. Messages are stored in our backend (Supabase) and cached locally on your device so the app works quickly and offline. When a message contains a web link, the device displaying it may fetch a preview — such as the title and image — directly from that website, which lets the site see that request, including your device's IP address.
Activities, events, and hangouts
When you create or join plans, we process the details you and others add: titles, descriptions, a venue or location entered as free text, dates and times, cover images, recurring occurrences, RSVPs, time-polls and votes, discussion posts, comments, post images and reactions, and hangout photos.
Your social graph
We store your friends, friend requests, friend groups, and invite claims. These are created through explicit Joyn actions such as username search, invite links, and accepting requests. You can block and report other users, and we keep a record of the blocks and reports you make.
Location
If you grant location permission ("While Using the App"), Joyn can request your current location to suggest a nearby address, and place search/autocomplete uses Apple MapKit. Venue or location text may be stored on activities or occurrences, and location poll or finalized location options may store optional coordinates when a MapKit result provides them. Recent searches are cached only on your device. Joyn does not collect continuous, background, or live location.
Device and technical information
- An Apple Push Notification service (APNs) device token (and a flag noting whether it is a sandbox or production token) so we can deliver notifications.
- Your time zone and locale, so times and content display correctly.
- A local-only crash logger writes to your device logs to help with debugging on the device. This is not transmitted to us.
There are no analytics, telemetry, advertising, or third-party crash-reporting SDKs in Joyn, no advertising or tracking identifiers, and no App Tracking Transparency prompt, because we do not track you.
2. iOS permissions we ask for
Joyn asks for a permission only when a feature needs it, and the feature explains why. You can change any of these in your device settings.
- Camera — to take photos for messages and activities.
- Photo Library — to add images, set your avatar, and save Joyn photos or images to your library.
- Location (While Using the App) — for place search when you add a venue.
- Calendars (full access) — optional sync that adds, updates, and removes Joyn activities in your iOS Calendar. You can turn calendar sync off at any time.
We do not request microphone, contacts, health, or tracking permissions.
3. How we use your information
We use the information above to provide and operate Joyn. Specifically, we use it to:
- Create and secure your account, and sign you in.
- Deliver your messages, reactions, RSVPs, posts, and other content to the people you share them with.
- Power core features like place search, time-polls, calendar sync, and push notifications.
- Keep the app working reliably, including local caching and offline behavior.
- Respond to your requests, and keep Joyn safe by handling blocks, reports, and abuse.
- Comply with our legal obligations.
We do not use your information for advertising, and we do not profile you for marketing.
4. AI features and your content
Joyn includes AI features powered by the OpenAI API: a private assistant, pull-aside help from a chat, and AI agents that can be added to conversations. AI can help plan, summarize, search Joyn context you can already access, prepare drafts, and create reviewable action cards.
When you use AI features, or when a conversation assistant is triggered in a chat you participate in, Joyn sends the relevant request and context to OpenAI to generate a response. Depending on the request, that context can include:
- Your message to the assistant and recent relevant assistant history.
- Recent conversation messages, and older or relevant messages when the assistant uses permitted chat search.
- Participant names.
- Your time zone and locale.
- Relevant activity details, RSVPs, polls, friends, and messages that Joyn's AI tools retrieve under your account permissions.
- AI memories that are visible to you, when the private assistant uses memory to personalize a response.
- Live web search or restaurant booking details when you ask the assistant to use those features.
Joyn sets `store: false` on OpenAI Responses API requests. According to OpenAI's API data controls and OpenAI's data-use article, API inputs and outputs are not used to train OpenAI models by default, but OpenAI may retain abuse-monitoring logs for up to 30 days unless a different OpenAI data-retention control applies.
Separately, to run AI features safely and prevent abuse, Joyn keeps a minimal internal log of AI activity — such as which assistant ran, the lens and data scopes it was allowed, and the conversation it acted in. This log does not store your message content or the assistant's replies. We automatically delete these AI activity logs after 30 days.
Private AI assistants may save AI memories about you to personalize future help. Memories are short notes such as people, places, preferences, habits, or activity-planning facts the assistant saves while helping you. You can view, edit, delete individual memories, or clear all memories from AI memory in the app.
Personal memories are private to your account. Conversation assistants do not receive your private memories when they respond publicly in a group chat; they use the conversation context they are allowed to read instead.
AI actions that change Joyn data — such as sending messages, creating or editing activities, RSVP actions, or restaurant booking requests — are prepared for review in Joyn where the app supports that action. In-chat assistants can also post their own assistant replies into the conversation when triggered.
If you do not want your content processed by OpenAI, do not use AI features and avoid adding or triggering AI agents in conversations that include your content. If another participant triggers a conversation assistant in a chat you share, recent relevant chat context may be processed so the assistant can respond. Daily and weekly per-user usage limits apply to AI features.
Content moderation and reports
To keep Joyn safe, when content is reported we process the reported content through automated content-moderation tools — OpenAI's moderation endpoint and an OpenAI model that classifies the report — to assess whether it breaks our rules. We send only the reported item and the report details, not your wider conversation history, and the same `store: false` and OpenAI retention terms described above apply. Suspected illegal content is handled separately and is not sent to these AI tools.
Based on that assessment, content involving clear and serious violations may be automatically hidden, and less clear or higher-stakes reports are sent to a person for review. Automated hiding is reversible. We keep a tamper-evident internal record of moderation decisions and the reasons for them.
If your content is hidden or your account is actioned by an automated decision, you can ask a person to review it by replying to the notification or contacting us using the details at the end of this policy. We rely on our legitimate interest in keeping Joyn safe, and on meeting our legal obligations, as the basis for this processing.
6. Third-party services
Some features rely on the third parties listed in section 5. When you use those features, your information is handled under their privacy practices as well as ours. We encourage you to review their policies:
Choosing a venue through MapKit, or signing in with Apple, also involves Apple as described above.
8. Data retention
Most account and content records remain while your account is active unless you delete content or your account. Account deletion is described in section 9, including the current cascade behavior for related records.
Some technical records have shorter retention, such as read receipts and local link-preview cache. Some information may be kept afterward where we need it to comply with legal obligations, resolve disputes, protect Joyn, or enforce our agreements.
Waitlist email addresses remain on the launch list until you unsubscribe or the launch-update purpose ends. After an unsubscribe, we may keep the minimum suppression record needed to avoid sending you more waitlist email.
Internal AI activity logs — which record AI feature usage for safety and abuse prevention, without message content — are automatically deleted after 30 days. Transient AI processing-queue records are cleared within a day.
9. Your choices and rights
You have meaningful control over your information in Joyn.
Deleting your account
You can delete your account in the app at Settings → Security → Delete account. Deleting your account calls Joyn's account-deletion flow, which removes your push tokens, profile, and auth account, and relies on database cascade rules for related rows such as messages, posts, comments, reactions, RSVPs, blocks, reports, AI memories, and AI history. For activities you own, Joyn promotes the oldest co-host when one exists so the plan can continue; some activity or guest records may remain without your user account attached.
Other controls in the app
- Block and report other users.
- Notifications — granular, per-type notification controls.
- Calendar sync — turn Joyn calendar sync on or off.
- AI memory — view, edit, delete, or clear saved AI memories.
- Sign-in — available on the web where supported.
Data access and portability
There is currently no self-serve data-export download in Joyn. To request access to or a copy of your data, contact us at privacy@joynevents.com and we will help.
Your legal rights
Depending on where you live, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. Laws such as the GDPR and the CCPA provide these kinds of rights. To exercise them, contact us at privacy@joynevents.com. We will respond as required by applicable law, and we will not discriminate against you for exercising your rights.
10. Security
We take reasonable steps to protect your information, including:
- Encryption in transit using HTTPS/TLS.
- Row-Level Security on our database, so accounts can only reach the data they are allowed to.
- Private file storage, accessed through storage policies and signed URLs.
- Auth tokens stored in the iOS Keychain, with Supabase credentials mirrored into shared app-group storage for the notification service extension.
No method of transmission or storage is perfectly secure, but we work to protect your information and to keep these protections current.
11. Children and age
Joyn is not intended for young children. You must be at least 13 years old to use Joyn. If you live somewhere that sets a higher age of digital consent, you must meet that age instead.
We do not knowingly collect personal information from children under the applicable minimum age. If you believe a child has provided us information, contact us at privacy@joynevents.com and we will take appropriate steps to remove it.
12. International users and data transfers
Joyn is operated by Kasper Fellkjær Thoring, a sole proprietorship (enkeltpersonforetak) registered in Norway (organisation number 926 450 042). Your information is stored and processed by Supabase, OpenAI, Apple, Klipy, Resend, and other providers as described in this policy.
If you use Joyn from another country, your information may be transferred to and processed in countries whose data protection laws differ from your own. Where required, we rely on appropriate safeguards for these transfers.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "last updated" date at the top, and for significant changes we will provide a more prominent notice where appropriate.
Your continued use of Joyn after an update means you accept the revised policy.
14. How to contact us
If you have questions about this policy or how we handle your information, or if you want to exercise your privacy rights, contact us at privacy@joynevents.com.
You can also reach us by mail at Kasper Fellkjær Thoring, Husebyskogen 74, 1570 Dilling, Norway.