Privacy Policy
Last updated 10 July 2026
Who we are
Out of the Blue (outoftheblue.app) is a small, private coordination tool for one person and the family and friends who support them. It is operated from Australia. Questions about this policy: support@outoftheblue.app.
What we collect
- Account details: your first name, email address, and a password (stored only as a secure hash — we cannot read it).
- Phone numbers: supporters may save a mobile number so check-in alerts can reach them by SMS.
- Circle content: the tasks, times, and short notes your circle creates. Notes may include personal or health-related information — we treat all circle content as private correspondence: we don't read it, analyse it, or use it for anything except showing it to your circle.
- Billing: payments are handled by Stripe. We never see or store card numbers — only subscription identifiers and payment status.
- Technical logs: ordinary server logs (IP addresses, requests, errors) kept briefly for security and reliability.
How we use it
Only to run the service: deciding and sending check-in alerts, showing your circle its own history, processing subscriptions, and sending password-reset emails. We send no marketing, run no ads, do no profiling, and never sell or share personal information for anyone else's purposes.
Who can see your circle's content
Only the members of that circle. Circles are strictly isolated from one another. The operator can technically access data for support and troubleshooting, and does so only when needed to help you.
Service providers we rely on
- Stripe — payments and subscriptions
- Twilio — sending check-in SMS to supporters' numbers
- Resend — sending password-reset emails
- Fly.io — hosting; data is stored in Sydney, Australia
Each receives only what it needs to do its job (for example, Twilio receives the phone number and the alert text).
Keeping and deleting data
Your circle's data is kept while the circle exists. If a subscription lapses, everything is preserved and the circle simply pauses — nothing is deleted for non-payment. You can ask for your account or your whole circle to be permanently deleted at any time by emailing us; deletion is complete and includes task history and notes.
Security
All traffic is encrypted (HTTPS). Passwords are hashed with bcrypt. Access to production systems is limited to the operator.
Your rights
You may ask to access, correct, or delete your personal information at any time via support@outoftheblue.app. We handle personal information in accordance with the Australian Privacy Principles; if you're unhappy with our response you can complain to the Office of the Australian Information Commissioner (oaic.gov.au).
Changes
If this policy changes, the new version will be posted here with an updated date. Meaningful changes will be flagged on the sign-in page.