Privacy Policy
Last Updated: March 8, 2026
At NearbySecrets, we value your privacy. This policy explains how your personal data is collected, used, and protected.
1. Data We Collect
Depending on how you use the app, we may collect:
- Account identifiers (e.g., user ID)
- Email address (if you provide it)
- Date of birth / age-verification information (to enforce 18+ access rules)
- User-generated content (posts, comments, direct messages)
- Photos/Videos (if you upload media)
- Customer support requests/messages (if you contact us)
- Location information (when you grant permission)
- Usage data (e.g., product interactions, impressions, engagement signals, and optional analytics where permitted by your region and settings)
- Device identifiers and device tokens (for security, notifications, diagnostics, and advertising where permitted)
- Advertising data and ad identifiers (for third-party advertising where permitted)
- Subscription / purchase status (if you buy or restore premium access)
- Crash logs/diagnostics (to improve stability)
2. How We Use Your Data
We use the data we collect for the following purposes:
- To provide and maintain our service
- To provide customer support
- To deliver core features (nearby feed, Hot Zones, messaging)
- To prevent abuse/spam and enforce age gating (18+)
- To process purchases, restores, and premium entitlement status
- To personalize recommendations and measure product usage where permitted by your region and settings
- To send notifications if you enable them
- To improve reliability (crash diagnostics) and product quality
3. Location Information
With your permission, we may use your location information to provide and enhance our services (nearby moments and Hot Zones). Location requests are used for app functionality and may be associated with your account session while you use the service. Your exact location is never shown publicly to other users. You can enable or disable this feature at any time through your device settings.
4. Data Security
The security of your data is important to us. While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the Internet is 100% secure.
- Direct Messages: Message text is protected with end-to-end encryption (X25519 key agreement + AES-256-GCM). We store encrypted message content and limited metadata (such as sender/recipient IDs and timestamps) needed to deliver messages and support features like unread counts and delivery status.
- Media Safety: Media sent in direct messages may be subject to safety checks (for example, file-type validation and automated scanning). Until a media item is approved, it may be hidden from recipients. Reported content may be flagged for review.
- Abuse Prevention: We apply age gating (18+) and rate limiting to reduce spam and abuse.
5. Your Rights
You have the right to access, correct, delete, and restrict the processing of your personal data. To exercise these rights, you can contact us through the settings menu or delete your account directly from the app. Account deletion revokes account access immediately and permanently removes your data. This action cannot be undone. You can also manage optional analytics and personalization from the in-app privacy settings, and you can control app tracking from iOS Settings > Privacy & Security > Tracking.
6. Data Retention
We retain your personal data only for as long as necessary for the purposes set out in this policy. When you delete your account, your account access is revoked immediately and your data is permanently removed. This action cannot be undone.
7. Children's Privacy
Our service is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18.
8. Third-Party Services
We use the following third-party services:
- Supabase (authentication and database)
- Apple Push Notification Service (notifications)
- Google Sign-In / Apple Sign-In (authentication)
- RevenueCat (subscriptions and purchase state)
- Google Mobile Ads (AdMob) (advertising)
- Google User Messaging Platform (ad consent prompts where required)
- Firebase Crashlytics (essential crash diagnostics)
- Firebase Analytics (optional usage metrics, depending on your region and settings)
We do not sell your data to any third parties. Optional analytics and in-app personalization are controlled by your region and privacy settings. In EEA/UK, optional analytics and personalization stay off until you opt in. Outside EEA/UK, some first-party analytics and personalization may be enabled by default and can be managed in-app. If you grant App Tracking Transparency permission, advertising identifiers (IDFA) may be used for personalized ads. If you deny permission, IDFA is not used.
9. Changes to This Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.