Legal & Transparency
Privacy Policy
Friend Finder ("we", "our", or "us") is built on a simple principle: your location is yours. This policy explains exactly what data we collect, why we collect it, and the controls you have over it. We've written it in plain language — no legalese, no surprises.
01
Information We Collect
We collect only what is necessary to make the app work. Here is a complete picture:
| Category | Data | Source |
|---|---|---|
| Account | Display name, username, email address | You provide at sign-up |
| Location | Latitude, longitude, accuracy (foreground only) | Your device GPS — only when sharing is enabled |
| Social | Friend connections, request history | Your in-app actions |
| Technical | Last-seen timestamp, app version | Automatically on app use |
We do not collect: contacts, photos, microphone, camera, browsing history, advertising identifiers, or any data from other apps.
02
How We Use Your Data
Your data is used exclusively to operate Friend Finder:
Authentication — Your email and password authenticate your identity via Supabase Auth. We never store plaintext passwords.
Friend matching — Your username and display name let other users find and add you. You control who can see your profile via friend requests.
Location sharing — When you enable location sharing, your coordinates are written to our database and made visible only to your accepted friends in real time.
Service improvement — Aggregated, anonymised usage patterns (never individual location data) may be reviewed to improve reliability.
We do not sell your data, use it for advertising, or share it with data brokers.
03
Location Data
Location is the core of what Friend Finder does, so we hold it to the highest standard:
Opt-in only. Location sharing is disabled by default. You must explicitly enable it in the Profile screen.
Foreground only. We only read your location while the app is open on screen. We do not request background location permission.
Friends only. Your coordinates are readable only by users you have mutually accepted as friends. This is enforced at the database level using Row Level Security — not just in the app code.
Instant revocation. Turning off location sharing or removing a friend immediately revokes their access. Removing a friend deletes the friendship record, and database policies prevent them from reading your location row.
No historical log. We store only your most recent location. Each update overwrites the previous one. We do not build a history or timeline of your movements.
04
Sharing & Disclosure
We share your data only in these narrow circumstances:
| Recipient | What & Why |
|---|---|
| Supabase | Our backend provider. Stores your profile, friendships, and location rows. Supabase processes data under a Data Processing Agreement and does not use your data for its own purposes. |
| Google Maps | When you tap "Navigate to them", your device opens Google Maps or Apple Maps with the destination coordinates only. No personal account data is passed to these services. |
| Legal | If required by law, court order, or to prevent imminent harm, we may disclose data. We will notify you if legally permitted to do so. |
No other sharing occurs. We do not sell, rent, or license your data to any third party.
05
Data Retention
We keep data only as long as it is needed:
Account data is retained while your account is active and for up to 30 days after deletion, to allow recovery from accidental deletion.
Location data is a single row per user that is overwritten on each update. It is deleted immediately upon account deletion or when you turn off sharing.
Friend data (connections and requests) is deleted immediately when you remove a friend or delete your account.
When you delete your account, all associated data is permanently removed within 24 hours. This action is irreversible.
06
Security
We take the following measures to protect your data:
Encryption in transit — All communication between the app and our servers uses TLS 1.2+.
Encryption at rest — Data stored in Supabase is encrypted at rest using AES-256.
Row Level Security — Database policies ensure each user can only read data they are authorised to see, enforced independently of the app layer.
Minimal permissions — The app requests only the permissions it needs. Location is requested only when you attempt to enable sharing.
No system is perfectly secure. If you believe your account has been compromised, please contact us immediately.
07
Your Rights & Controls
You have full control over your data at all times:
| Right | How to exercise it |
|---|---|
| Stop sharing location | Toggle off in Profile screen — takes effect immediately |
| Remove a friend | Friends tab → swipe or tap remove — revokes location access immediately |
| Access your data | Email us and we will provide a full export within 30 days |
| Correct your data | Update display name and username in Profile settings |
| Delete your account | Profile → Delete Account, or email us — all data removed within 24 hours |
| Withdraw consent | Uninstall the app and email us to request full deletion |
If you are in the EEA, UK, or California, you may have additional rights under GDPR, UK GDPR, or CCPA respectively. We honour all applicable requests.
08
Children's Privacy
Friend Finder is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us and we will delete it promptly.
09
Changes to This Policy
We may update this policy as the app evolves. When we make material changes, we will notify you via an in-app notice at least 14 days before the change takes effect. The "Last updated" date at the top of this page always reflects the most recent revision.
Continued use of the app after the effective date of any changes constitutes acceptance of the updated policy.
10
Contact Us
Questions about this policy, data requests, or anything else — we're here.
privacy@friendfinder.app