Privacy Policy

2) Data We Collect

We only collect the data necessary to provide and improve our services:

• Account Data: phone number, username, display name, profile photo/status, email (if provided), and verification data.
• Contacts (optional): with your permission, hashed identifiers or address book entries to help you find and connect with contacts.
• Communication Data: messages, photos, videos, voice notes, documents and call signaling metadata needed to establish delivery and calls. Message content is stored only as necessary for delivery (e.g., temporarily in queue) and then deleted from our servers.
• Voice & Video Calls: technical signaling and quality metrics (e.g., timestamps, connection type) to set up and improve calls.
• Stories/Status: content you post and the audience you choose; stories are automatically removed after their display period (e.g., 24 hours).
• Offline/Bluetooth Chats: messages transmitted locally between devices via Bluetooth/Wi-Fi Direct. These are not routed through our servers.
• Store & Payments: order details, delivery info, and payment confirmations. Card details are handled by our payment provider; we do not store full card numbers.
• Device & Diagnostics: device model, OS version, app version, language, crash logs, and performance metrics.
• Support Communications: content of requests you send to our support channels.
• Location (optional): only if you choose features that require it (e.g., location sharing).

Note: If you do not use certain features (e.g., location, contacts sync), those related data are not collected.

3) Purposes & Legal Bases (Art. 6 GDPR)

• Provide the service (messaging, voice/video calls, stories, store, Bluetooth chat) and operate the app — Art. 6(1)(b) GDPR (contract).
• Process payments and prevent fraud — Art. 6(1)(b) & 6(1)(f) GDPR (legitimate interests).
• Improve safety and reliability (troubleshooting, analytics strictly necessary for quality, securing our systems) — Art. 6(1)(f) GDPR.
• Comply with legal obligations (e.g., tax/audit, responding to lawful requests) — Art. 6(1)(c) GDPR.
• Optional features with permissions (contacts, camera/mic, notifications, location) — Art. 6(1)(a) GDPR (consent). You can withdraw consent at any time via device settings or in-app controls.

Encryption

Communications are encrypted in transit. If your chat/call feature uses end-to-end encryption, content is encrypted so that only you and your intended recipients can read or listen; we cannot access message or call content.

4) Sharing & Recipients

• We do not sell personal data.
• Processors: trusted vendors under data processing agreements (e.g., cloud hosting, push notifications, analytics strictly necessary, payment processors, content delivery).
• Other recipients you choose: people you message/call or who view your stories, and merchants you interact with in the store.
• Legal: authorities or third parties where required by law or to protect rights, safety, and security.

Upon request, we can provide a current list of our main processors.

5) International Data Transfers

Where data is transferred outside the EU/EEA, we ensure appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and additional technical/organizational measures, or we rely on an adequacy decision.

6) Retention

• Messages/media: retained only until delivered; undelivered items are deleted after a short period.
• Stories: deleted after [24 hours] unless you remove them earlier.
• Account data: kept while your account is active; deleted or anonymized after you request deletion or after legal retention periods expire.
• Payments: retained as required by tax and accounting laws.

7) Security

We implement appropriate technical and organizational measures to protect data (e.g., encryption in transit, access controls, logging, backups, least-privilege). No method of transmission or storage is 100% secure, but we continuously improve our safeguards.

9) Children

Our services are not directed to children under 13 years of age, and we do not knowingly process their personal data. If you believe a child has provided us data, please contact us to delete it.

10) Cookies & Tracking

Our mobile app does not use traditional browser cookies. We may use device identifiers and similar technologies that are strictly necessary to operate core features (e.g., push notifications, security, diagnostics). If we introduce optional analytics or marketing technologies, we will ask for your consent where required.

11) Changes to This Policy

We may update this Policy from time to time. We will post the new version in the app and/or on our website and update the “Effective date” above. Material changes will be communicated through in-app notice or email where appropriate.