Privacy Policy
Last updated: 4 May 2026
See also our Terms of Service.
1. Who We Are
Same Page is operated by i4innovation LLC, a company registered in the United Arab Emirates. If you have questions about this policy, contact us at email.
2. What We Collect
Information you provide
| Data | When |
|---|---|
| Email address | When you sign in (one-time passcode) |
| Display name | If you choose to set one in your profile |
| Documents and related presentation materials (PDF, PPTX, DOCX) | When you upload materials for a live session |
Information collected automatically
| Data | Purpose |
|---|---|
| IP address | Rate limiting, security, Cloudflare edge operation, Sentry diagnostics, PostHog analytics, and transient Google Analytics web traffic processing. Google Analytics 4 does not log or store individual IP addresses. |
| Approximate location | PostHog may derive city or country from IP address while IP anonymization is disabled in our launch analytics project. Google Analytics may derive coarse location from IP address before discarding it. We do not collect GPS or precise location. |
| Device information (user agent, platform) | Error tracking and analytics |
| Crash reports (stack traces, screenshots) | App stability. Screenshots captured on crash may include content visible on-screen at the time. |
| Session replay | Diagnosing app issues through sampled Sentry replay and native PostHog replay. Text and images are masked in recordings. |
| Usage events | Understanding how the app is used (e.g. sessions created, documents uploaded) |
| User interaction traces | Recording which buttons and controls are tapped, for performance monitoring |
| App lifecycle events | App open, close, and background events |
| Anonymous viewer identifier | When someone views a session without signing in, a pseudonymous identifier is generated on the viewer's device and sent to our server, where it is hashed (SHA-256) before storage, to track session participation without revealing the original identifier |
| Purchase history | When you make an in-app purchase, your subscription status, product identifiers, and transaction data are processed by RevenueCat (our subscription management provider) and synced to our server to determine your plan tier and enforce feature limits. We do not store payment card details or financial account information. |
Information we do not collect
- We do not use advertising SDKs or ad-tracking identifiers.
- We do not track you across other apps or websites.
- We do not sell or share your data with data brokers.
- We do not collect precise GPS location.
For California privacy law purposes, including the CCPA/CPRA, we do not sell personal information and do not share personal information for cross-context behavioural advertising.
Device permissions
The app may request camera access (for QR code scanning) and photo library access (for selecting documents). Camera images are not stored or transmitted. Selected materials are uploaded to our servers so presenters can run live sessions.
Local storage and cookies
On mobile devices, authentication credentials are stored securely on your device (iOS Keychain or Android encrypted storage). Analytics data is stored in the platform's native storage. The mobile apps do not use cookies.
The web version of Same Page uses cookies set by PostHog for analytics identification and Google Analytics for web traffic measurement. These cookies are not used for advertising or cross-site tracking by Same Page.
3. Why We Collect It
Under European data protection law, we need a legal reason for each type of data we collect. Here is what justifies each:
| Data | Legal basis (GDPR Art. 6(1)) |
|---|---|
| Email, display name, uploaded files, session data | Contract performance (Art. 6(1)(b)) — necessary to provide the service |
| Crash reports, IP address, device info, session replay (error diagnosis) | Legitimate interest (Art. 6(1)(f)) — maintaining app stability and security |
| Usage analytics, approximate location, product session replay, lifecycle events, interaction traces | Legitimate interest (Art. 6(1)(f)) — improving the product. You may object to this processing (see Section 6). |
| Anonymous viewer identifier | Legitimate interest (Art. 6(1)(f)) — tracking session participation without requiring sign-in |
Automated decisions and rate limits
Same Page uses automated security and abuse-prevention checks, including rate limits for sign-in codes, API requests, uploads, and realtime sessions. These checks may temporarily block or slow a request when traffic looks abusive or exceeds product limits. We do not use automated decision-making that produces legal or similarly significant effects about you.
4. Third-Party Services
We use the following services to operate Same Page:
| Service | Purpose | Data residency |
|---|---|---|
| Cloudflare | Infrastructure (hosting, database, file storage) | Worldwide edge network |
| Sentry | Error tracking, crash reporting, and session replay | Germany |
| PostHog | Product analytics and native session replay | European Union |
| Google Analytics | Web traffic measurement for the marketing site and public web routes | Google global infrastructure |
| Zoho ZeptoMail | Transactional email (sign-in codes only) | Zoho infrastructure |
| RevenueCat | Subscription management (purchase validation, entitlement checks, webhook processing) | United States |
These are the service providers we use to operate Same Page. If you purchase through the Apple App Store or Google Play Store, Apple or Google also process the transaction under their own privacy terms.
5. Cross-Border Data Transfers
Your data may be transferred to and processed in countries outside the United Arab Emirates, including the European Union, Germany, the United States, and other jurisdictions where Cloudflare and Google operate infrastructure. We have entered into Data Processing Agreements (DPAs) with all service providers that process personal data on our behalf, including Sentry, PostHog, Google Analytics, and RevenueCat, to protect your data during these transfers.
6. Your Rights
Under the EU General Data Protection Regulation (GDPR) and the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data (edit your display name in the app, or email us for other corrections)
- Delete your account and associated Same Page data (use the "Delete Account" button in the app, or visit same-page.app/delete-account). In-app deletion takes effect immediately; file storage cleanup may take a few moments to complete.
- Restrict processing of your data while a dispute is being resolved
- Port your data to another service
- Object to processing based on legitimate interest
- Lodge a complaint with your local data protection authority, where applicable, including an EU supervisory authority if you are in the European Economic Area.
To exercise any of these rights, email us. We will respond within 30 days.
7. Data Retention
- Account data: Retained while your account is active. When you delete your account (in-app or via email request), your account, sessions, viewer participation records, and uploaded documents are deleted promptly. Email-based deletion requests are processed within 7 business days.
- Crash reports and diagnostic replay: Retained by Sentry for up to 90 days, including any crash-related screenshots, replay samples, or diagnostics captured at the time of the error. Account deletion does not immediately remove historic Sentry diagnostic events that are already stored for stability and security review.
- Analytics and replay data: Retained by PostHog and Google Analytics in accordance with their retention policies. Account-linked analytics deletion is requested during account deletion where supported, but de-identified, aggregated, or provider-retained records may remain for their retention periods.
- Uploaded files and derived presentation assets: Retained while your account is active and deleted as part of account deletion. The in-app deletion request takes effect immediately for your account; file storage and CDN cleanup may continue briefly after the success message.
8. Children's Privacy
Same Page is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this policy from time to time. If we make material changes, we will notify you via email or an in-app notice. The "last updated" date at the top indicates when the policy was most recently revised.
10. Contact Us
i4innovation LLC
License No. 2325553.01 — Sharjah Media City (SHAMS), Sharjah, UAE
email