Privacy Policy
What we collect, why, how long we keep it, and the choices you have.
This Privacy Policy explains how ConnectIRL and its affiliates ("ConnectIRL," "we," "us," or "our") collect, use, disclose, and protect personal information when you use the ConnectIRL mobile application, the website at https://connectirl.app, and related services (together, the "Service"). By using the Service, you agree to this Policy and to our Terms of Service. If you do not agree, do not use the Service.
ConnectIRL is an opt-in, real-world proximity social app for adults. Its design principle is simple: you only ever appear to other people who chose to be seen too, and only while you choose to be discoverable. Much of this Policy describes not only what we collect, but the many things we deliberately do not collect or do.
1. Who we are and how to reach us
The data controller/business responsible for your personal information is ConnectIRL, United States. For any privacy question or to exercise your rights, contact us at privacy@connectirl.app. See also our Contact page and, if you are a U.S. state resident, our U.S. State Privacy Notice.
2. A quick summary
- We collect the minimum needed to run an opt-in proximity social app: your account identifiers, the profile you choose to show, the social links you choose to share, and — only while you are discoverable — your approximate location.
- We never use facial recognition or any biometric identification. We never scrape third-party services. We never access your contacts or use background location. We never keep a location history.
- We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws.
- Other users never see your exact location, and never learn who viewed them. Distance is shown only as a deliberately fuzzed, rounded, capped approximation.
- You can pause visibility instantly, and delete your account and data yourself, anytime.
3. Information we collect
We collect the following categories of personal information:
3.1 Information you provide
| Data | Why we collect it |
|---|---|
| Email address | To create and secure your account, sign you in, prevent duplicate accounts, and contact you about your account. |
| Authentication credential — a password you choose, or a sign-in through Google or Facebook, or a one-time email code | To verify it is you. Passwords are stored only in salted, hashed form by our authentication provider; we never see or store your plaintext password. If you sign in with Google or Facebook, we receive basic profile information they provide (such as name and profile photo) per your settings with them — we do not receive your third-party password. |
| Age confirmation (that you are 18 or older) | The Service is for adults only. We do not knowingly create accounts for anyone under 18. |
| Display name and profile photo | This is what nearby users see when you are discoverable. You choose and can change or remove them. |
| Optional self-declared gender | Optional. Used only for an optional profile label and the viewer-side "Show me" filter. Never inferred from your photo or any other signal. |
| Social links (for example Instagram, TikTok, X, LinkedIn) | Provided only by you — via an official connection (OAuth) or by typing a handle/URL. Shown to others only according to the visibility you set. We store the handle/link you give us; we do not import or store content from those platforms. |
| Support messages and correspondence | To respond to you and keep records of support and safety matters. |
3.2 Information created when you use the Service
| Data | Why we collect it |
|---|---|
| Approximate location — only while the app is open and you are discoverable (not paused), or when you run a nearby scan | To compute who is near you. Captured with your device permission, in the foreground only. See Section 5 for the full location lifecycle. It is never shown to anyone as coordinates and is deleted quickly. |
| Push notification token | To send notifications about connection requests and approvals only — never about who viewed you or who is nearby. |
| Device and technical information (for example a device identifier, app version, platform, and IP address) | To keep the Service secure, enforce rate limits, detect and prevent abuse and ban-evasion, and diagnose problems. |
| Aggregate usage analytics | Counts only (for example how many people viewed your profile in total). These carry no coordinates, no viewer identity, and no personal content. They power the aggregate stats you see about your own profile. |
| Security and operational logs | To investigate abuse reports, enforce our rules, and protect the Service. These never contain your coordinates. |
4. What we do NOT collect or do
- No facial recognition and no biometric identifiers. We do not scan, measure, template, or match faces or any other biometric identifier, and we do not use your photo to identify you or anyone else. We are the opposite of a face-search app.
- No scraping and no unofficial data collection. We do not scrape, crawl, or use unofficial APIs of Instagram, TikTok, LinkedIn, or any other service. Social links come only from you.
- No contacts or address-book access. We do not import your contacts and have no "find friends" feature that reads your address book.
- No background location. The app does not access your location when it is closed or in the background. There is no geofencing and no "notify me when someone is near" tracking.
- No location history. We keep a single current, fuzzed location record that is deleted within the hour — never a trail, route, or "where you have been."
- No exact location to anyone. Other users never receive your coordinates, a map pin, a bearing, or a precise distance — only a fuzzed, rounded, capped approximation.
- No information about people who did not sign up. There is no way in the Service to see anyone who did not register and choose to be discoverable.
- No "who viewed you." We never tell anyone who viewed their profile or tapped their links; those stats are aggregate totals only.
5. How location works (the full lifecycle)
Location is the most sensitive data we handle, so here is exactly how it is treated:
- Foreground only, with your permission. Location is read only while the app is open, using "while in use" permission. We request only balanced accuracy — we take less from the sensor, not just store less.
- Captured only when relevant. Either while you are discoverable (to keep your current position fresh) or for a single nearby scan you initiate. If you scan without being discoverable yourself, your location is used only to run that query and is not stored.
- One record, short-lived. We store at most one current location record for you. It automatically expires within 60 minutes, and a cleanup job deletes expired records. Because there is exactly one record per person, it is structurally impossible for us to keep a history.
- Never readable as coordinates. Your stored location is accessible only to secure server functions that compute distance. No app, user, or client ever reads back raw coordinates. Distance shown to others is deterministically fuzzed, rounded to the nearest 10 feet, collapsed to a non-numeric "Right here" below 50 feet, and capped at about 1 mile.
- Fast deletion, three ways. Pausing visibility or using the instant invisible control deletes your location record immediately; expiry deletes it within the hour; deleting your account deletes it as part of that process.
6. How we use information
- To provide the Service — create your account, show your chosen profile to nearby users when you are discoverable, and route connection requests.
- To compute proximity and show approximate, fuzzed distance.
- To send transactional messages and notifications you have enabled (for example connection requests, security and account emails).
- To keep the Service safe — enforce our Community Guidelines, apply rate limits, and investigate reports of abuse, impersonation, or underage use.
- To measure aggregate usage and improve the Service.
- To comply with law and enforce our agreements.
- With your separate consent, to send optional marketing or product-update emails. You can withdraw consent and unsubscribe at any time.
Where required by law, our legal bases for processing include performing our contract with you, your consent (for example for location access and optional marketing), our legitimate interests in operating and securing the Service, and compliance with legal obligations.
7. How we share information
We do not sell your personal information. We share it only as follows:
- With other users, by your choice. When you are discoverable, nearby users see your display name, photo, optional gender label, a fuzzed distance, and the social links you chose to show. When you approve a connection, that person can see the links you revealed. Blocking someone removes each of you from the other, in both directions, everywhere.
- With service providers (processors) who run the Service on our behalf under contract, only to provide it. These currently include: our cloud/database, authentication, and server-function provider; our website and app hosting provider; our app-build and push-notification infrastructure provider (which uses Apple and Google push services to deliver notifications); and our transactional email provider. If you choose to sign in with Google or Facebook, that provider processes your login.
- For legal reasons — to comply with law, a valid legal request, or to protect the rights, safety, and security of users, the public, or ConnectIRL.
- In a business transfer — if we are involved in a merger, acquisition, financing, or sale of assets, information may transfer as part of that deal, subject to this Policy.
We may also share aggregated or de-identified information that cannot reasonably be used to identify you.
8. How long we keep information
| Data | Retention |
|---|---|
| Current location record | Up to 60 minutes; deleted immediately on pause, invisible mode, or account deletion. |
| Presence/session metadata (no location) | Up to 90 days, then deleted (aggregate counts may persist). |
| Profile, photo, social links, connections | Until you delete them or delete your account. |
| Security and abuse logs; safety records | Up to 180 days for routine logs; records tied to enforcement or legal obligations may be kept up to 2 years, or longer where the law requires. |
| Backups | Purged on a rolling basis after deletion propagates. |
9. Your choices and rights
- Access and correct your profile information any time in the app.
- Pause visibility instantly — the default is always "not visible."
- Delete your account and data yourself, any time, from Settings. Deletion removes your profile, photo, links, connection requests, push token, and location record, as described above.
- Control notifications — manage push and email preferences; unsubscribe from optional marketing at any time.
- State privacy rights. Depending on where you live, you may have additional rights (to know, access, correct, delete, and to opt out of sale/sharing). See our U.S. State Privacy Notice and Do Not Sell or Share page.
10. Security
We protect information using data minimization (what we do not collect cannot leak), encryption in transit, strict server-side access controls including row-level security, and sensitive data (such as location) that is reachable only through secure server functions and never by direct client access. No system is perfectly secure, so we cannot guarantee absolute security, but we design the Service to limit what could ever be exposed.
11. Children
The Service is strictly for adults 18+ and is not directed to children. We do not knowingly collect personal information from anyone under 18. If we learn that an account belongs to someone under 18, we will suspend and delete it. If you believe a minor is using the Service, contact safety@connectirl.app.
12. International users and data transfers
The Service is operated from, and information is processed and stored in, the United States and other countries where our service providers operate. If you access the Service from outside the United States, you understand your information will be transferred to and processed in the United States, which may have different data-protection laws than your country. Where required, we rely on appropriate safeguards for such transfers.
13. Third-party links and platforms
The social links users share lead to third-party platforms with their own privacy practices, which we do not control. Following a link, and anything that happens on that platform, is governed by that platform's terms and privacy policy, not ours.
14. Changes to this Policy
We may update this Policy from time to time. If we make a material change, we will provide notice (for example in the app or on this site) before it takes effect where required. Continued use of the Service after an update means you accept the revised Policy.
15. Contact
Questions or requests: privacy@connectirl.app or ConnectIRL, United States.