Privacy Policy

1. What We Collect

Account Information

When you create an account, we collect: your name, email address, phone number, age, gender pronouns, bio, interests, and profile photo (only displayed after mutual poke). We also collect your ID verification data (processed by our third-party provider Onfido; we do not store raw document images).

Activity Data

We collect data about your interactions on the platform: pokes sent and received, match status, chat session metadata (not content of ephemeral chats), and any reports or blocks you submit.

Device Information

We collect basic device identifiers, OS version, and app version for security and debugging purposes. We do not collect persistent advertising identifiers without explicit consent.

2. How We Use Your Data

We use your data solely to:

Match you with nearby users based on shared interests
Facilitate poke and chat interactions
Maintain your account and verify your identity
Calculate and display trust scores
Investigate and act on safety reports
Send you app notifications (pokes, matches, safety alerts)
Provide café partners with anonymised aggregate analytics (never individual user data)
Improve the platform through anonymised, aggregated usage analysis

We do not use your data for advertising targeting. We do not sell your data to third parties. We do not build behavioural profiles for marketing purposes.

3. Location Data

📍 This is our most important privacy commitment: We never store your precise location permanently. Location data exists only in real-time cache (Redis) while your app is open, and is deleted automatically when you close it.

Here is the full lifecycle of your location data:

Collection: Only when the app is open and you've granted location permission
Storage: Held in-memory (Redis cache), never written to our primary database
Retention: Maximum 1 hour in cache; deleted immediately when you close the app
Sharing: Never shared with third parties in any form
History: We do not build location history. We cannot tell you where you've been.

At the time of a match, we record only which café (by café ID, not precise coordinates) the match occurred at. This café-level record is stored to power repeat-visit analytics for café partners. It contains no precise location data.

4. Data Sharing

We share your data only in the following circumstances:

With café partners: Anonymised, aggregated analytics only. Cafés see match counts, peak hours, and interest demographics — never individual user identities or messages.
With service providers: Identity verification (Onfido), cloud infrastructure (AWS), push notifications (Firebase), and analytics (Mixpanel). All are bound by data processing agreements.
Legal requirements: If required by law, court order, or to prevent imminent harm, we may share data with authorities. We will notify you where legally permitted to do so.
Business transfers: In the event of a merger or acquisition, your data would transfer to the successor entity under the same privacy commitments.

We do not sell, rent, or trade personal data. Period.

5. Data Retention

Location data: Deleted within 1 hour (usually immediately on app close)
Ephemeral chat messages: Deleted when the chat session ends (both users leave proximity)
Persistent chat messages: Retained while your account is active; deleted when account is deleted
Account data: Retained while your account is active
Safety reports: Retained for 3 years for moderation and legal compliance
Deleted accounts: All personal data deleted within 30 days; anonymised aggregate stats may be retained

6. Your Rights

Under applicable Indian data protection law (DPDP Act 2023) and GDPR principles, you have the right to:

Access: Request a copy of all data we hold about you
Rectification: Correct inaccurate data via your profile settings
Erasure: Delete your account and all associated data (Settings → Delete Account)
Portability: Export your data in a machine-readable format
Objection: Object to specific processing activities
Restriction: Request that we restrict processing in certain circumstances

To exercise any right, email privacy@cafeconnects.in. We respond within 30 days.

7. Security

We implement industry-standard security measures: encryption in transit (HTTPS/TLS), encryption at rest for sensitive fields, access controls, and regular security audits. Contact info shared after the 3rd poke is encrypted with a user-specific key.

No system is perfectly secure. If you discover a vulnerability, please report it responsibly to security@cafeconnects.in.

8. Cookies & Tracking

Our website uses minimal cookies: session cookies for authentication, and anonymised analytics cookies (you can opt out). We do not use cross-site tracking or advertising cookies.

9. Contact

For privacy questions, requests, or concerns:

Email: privacy@cafeconnects.in
Address: CafeConnects, Bangalore, Karnataka, India

If you're not satisfied with our response, you may lodge a complaint with the relevant data protection authority.

Table of Contents