Privacy Policy

Last updated June 9, 2026

Joyn is an app for making plans and messaging with small groups of friends. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

This policy covers the Joyn iOS app and our companion website at joynevents.com. Joyn is currently in closed testing and is free to use. When we say we, us, or Joyn, we mean Kasper Fellkjær Thoring, the Norwegian sole proprietorship that operates Joyn. When we say you, we mean a person who uses Joyn.

We try to collect as little as we reasonably can. Joyn has no analytics, telemetry, advertising, or tracking SDKs, no advertising or tracking identifiers, and we do not read your device's contacts or address book. We do not sell your personal data.

Our privacy principles

A few commitments guide everything below:

  • We collect the minimum. We ask only for what a feature needs, and keep work on your device where we can — like place search.
  • No ads, no tracking, no selling. Joyn has no analytics or tracking SDKs and no advertising identifiers, and we never sell your data or use it to advertise to you.
  • You stay in control. You can delete your account, manage your AI memories, and tune your notifications at any time.
  • Protected by design. Your data is encrypted in transit and at rest, access is tightly scoped, and you can turn on two-factor authentication.

One thing we want to be upfront about: Joyn is not an end-to-end encrypted messenger. Your messages are encrypted in transit and at rest, but we can access them to run the service — for example, to sync them across devices and to power the AI features you choose to use. The sections below explain the details.

1. Information we collect

We collect the information you give us and the limited technical information we need to run the app. Here is what that includes.

Account and identity

  • Your email and password when you sign up. Your password is hashed by our authentication provider, Supabase; we never see or store it in plain text.
  • If you use Sign in with Apple, Apple gives us an email address (which may be a private relay address), your name, and an identity token.
  • If you turn on multi-factor authentication (MFA), we store the information needed to verify your time-based one-time passwords (TOTP) from your authenticator app.

Profile

Your profile includes your full name, username, avatar image, email, time zone, locale, and notification settings. We do not collect a phone number or birthday.

Messages and conversations

When you message in Joyn, we process the content you send: text (up to 4000 characters), images, GIFs and stickers (searched through Klipy), reactions (love, laugh, like, cry), @-mentions, replies, read receipts, and delivery state. Messages are stored in our backend (Supabase) and cached locally on your device so the app works quickly and offline. When a message contains a web link, the device displaying it may fetch a preview — such as the title and image — directly from that website, which lets the site see that request, including your device's IP address.

Activities, events, and hangouts

When you create or join plans, we process the details you and others add: titles, descriptions, a venue or location entered as free text, dates and times, cover images, recurring occurrences, RSVPs, time-polls and votes, discussion posts, comments, post images and reactions, and hangout photos.

Your social graph

We store your friends and friend requests. These are created only through explicit in-app requests and username search. Joyn does not read your device's contacts or address book. You can block and report other users, and we keep a record of the blocks and reports you make.

Location

If you grant location permission ("While Using the App"), we use your location on your device to power place search and autocomplete through Apple MapKit. The venue you choose is saved as plain text, and recent searches are cached only on your device. Joyn does not collect or transmit continuous, background, or precise live location.

Device and technical information

  • An Apple Push Notification service (APNs) device token (and a flag noting whether it is a sandbox or production token) so we can deliver notifications.
  • Your time zone and locale, so times and content display correctly.
  • A local-only crash logger writes to your device logs to help with debugging on the device. This is not transmitted to us.

There are no analytics, telemetry, advertising, or third-party crash-reporting SDKs in Joyn, no advertising or tracking identifiers, and no App Tracking Transparency prompt, because we do not track you.

2. iOS permissions we ask for

Joyn asks for a permission only when a feature needs it, and the feature explains why. You can change any of these in your device settings.

  • Camera — to take photos for messages and activities.
  • Photo Library — to add images and set your avatar, and to save activity invitations to your library.
  • Location (While Using the App) — for place search when you add a venue.
  • Calendars (full access) — optional, two-way sync of your activities to your device calendar. You can turn this off at any time.

We do not request microphone, contacts, health, or tracking permissions.

3. How we use your information

We use the information above to provide and operate Joyn. Specifically, we use it to:

  • Create and secure your account, sign you in, and support MFA.
  • Deliver your messages, reactions, RSVPs, posts, and other content to the people you share them with.
  • Power core features like place search, time-polls, calendar sync, and push notifications.
  • Keep the app working reliably, including local caching and offline behavior.
  • Respond to your requests, and keep Joyn safe by handling blocks, reports, and abuse.
  • Comply with our legal obligations.

We do not use your information for advertising, and we do not profile you for marketing.

4. AI features and your content

Joyn includes optional AI features: per-conversation AI agents (up to 5 per conversation) and an app-wide AI assistant we call copilot, which can take actions you direct it to take, such as sending a message, creating an activity, or voting in a poll. These features are powered by OpenAI.

These features are off until you use them. When you do use them, we send the relevant content to OpenAI to generate a response. That content includes:

  • Recent conversation messages (about the last 20).
  • Participant names.
  • Your time zone and locale.
  • Relevant activity details.

OpenAI processes this content only to generate your response. We send it with retention turned off, so OpenAI does not keep it after the request, and — under its API terms — OpenAI does not use it to train its models.

To personalize responses, Joyn may store AI memories — facts such as people, places, and preferences. You can view and delete these memories. A monthly per-user usage budget applies to AI features.

If you do not want your content processed by OpenAI, do not use the AI features.

5. How your information is shared

We share information in a few limited ways: with the people you choose to share it with inside the app, and with the service providers (sub-processors) that help us run Joyn. We do not sell personal data, and we do not share it with advertisers.

With other users

Content you share — messages, posts, RSVPs, photos, and your profile — is visible to the people you share it with. That is the point of the app, so share thoughtfully.

With our service providers (sub-processors)

We use the following providers to operate Joyn. Each receives only the data it needs for its purpose:

  • Supabase — cloud hosting, authentication, database, file storage, realtime sync, and serverless functions. Supabase stores essentially all of your account and content data.
  • OpenAI — powers the optional AI agent and assistant features, and processes the AI content described in section 4 only when you use those features.
  • Apple — Sign in with Apple (identity), Apple Push Notification service (delivering notifications, including preview text such as a name, message snippet, or activity title), and the App Store (distribution). Apple MapKit powers place search on your device.
  • Klipy — GIF and sticker search. When you search, your query is sent to Klipy to return results.
  • Resend — sends transactional and authentication emails, such as email verification, password reset, and invitations.

When you book a place through Joyn

If you ask Joyn to help book a place (for example, a restaurant), we send your booking request to that venue or its booking provider so they can act on it. This can include the date and time, party size, a contact phone number, and any notes you add — which may include details like allergies or accessibility needs. Only include details you are comfortable sharing with the venue.

For legal and safety reasons

We may disclose information when we believe it is reasonably necessary to comply with the law, respond to lawful requests, enforce our terms, or protect the rights, safety, and property of our users, the public, or Joyn.

6. Third-party services

Some features rely on the third parties listed in section 5. When you use those features, your information is handled under their privacy practices as well as ours. We encourage you to review their policies:

Choosing a venue through MapKit, or signing in with Apple, also involves Apple as described above.

7. Cookies on our website

On our website joynevents.com you can sign in (with email and password or Apple), RSVP to activities, view activities and profiles through invite or deep links, recover your password, manage your account, and check username availability.

The website uses Supabase session cookies for authentication only — to keep you signed in. We do not use analytics, advertising, or tracking cookies on the website.

8. Data retention

We keep your information for as long as your account is active and as needed to provide Joyn. When you delete your account, we delete your data as described in section 9.

Some information may be kept for a short period afterward where we need it to comply with legal obligations, resolve disputes, or enforce our agreements. Copies that remain in our encrypted backups are overwritten within 30 days. We do not keep your personal information for longer than we need it.

9. Your choices and rights

You have meaningful control over your information in Joyn.

Deleting your account

You can delete your account in the app at Settings → Security → Delete account. Deleting your account removes your profile and cascades to your messages, activities, posts, friendships, blocks, and reports. If you co-host an activity, ownership of that activity is transferred to another host so the plan can continue.

Other controls in the app

  • Block and report other users.
  • Notifications — granular, per-type notification controls.
  • Calendar sync — turn the two-way calendar sync on or off.
  • Read receipts — control whether read receipts are shared.
  • MFA — turn on multi-factor authentication for extra security.
  • Sign-in and password reset — available on the web.

Data access and portability

There is currently no self-serve data-export download in Joyn. To request access to or a copy of your data, contact us at privacy@joynevents.com and we will help.

Your legal rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. Laws such as the GDPR and the CCPA provide these kinds of rights. To exercise them, contact us at privacy@joynevents.com. We will respond as required by applicable law, and we will not discriminate against you for exercising your rights.

10. Security

We take reasonable steps to protect your information, including:

  • Encryption in transit using HTTPS/TLS.
  • Row-Level Security on our database, so accounts can only reach the data they are allowed to.
  • Private file storage, accessed through short-lived signed URLs.
  • Auth tokens stored securely in the iOS keychain and a shared app group.
  • Optional MFA for an extra layer of account protection.

No method of transmission or storage is perfectly secure, but we work to protect your information and to keep these protections current.

11. Children and age

Joyn is not intended for young children. You must be at least 13 years old to use Joyn. If you live somewhere that sets a higher age of digital consent, you must meet that age instead.

We do not knowingly collect personal information from children under the applicable minimum age. If you believe a child has provided us information, contact us at privacy@joynevents.com and we will take appropriate steps to remove it.

12. International users and data transfers

Joyn is operated by Kasper Fellkjær Thoring, a sole proprietorship (enkeltpersonforetak) registered in Norway (organisation number 926 450 042). Your information is stored and processed by our providers in the European Union (EU/EEA) — our database and storage run in a Supabase EU region, and our email provider Resend processes in the EU.

If you use Joyn from another country, your information may be transferred to and processed in countries whose data protection laws differ from your own. Where required, we rely on appropriate safeguards for these transfers. By using Joyn, you understand your information may be processed as described in this policy.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "last updated" date at the top, and for significant changes we will provide a more prominent notice where appropriate.

Your continued use of Joyn after an update means you accept the revised policy.

14. How to contact us

If you have questions about this policy or how we handle your information, or if you want to exercise your privacy rights, contact us at privacy@joynevents.com.

You can also reach us by mail at Kasper Fellkjær Thoring, Husebyskogen 74, 1570 Dilling, Norway.