Privacy Policy

Last updated May 15, 2026

This Privacy Policy describes how FriendZone ("we", "us", "our") handles information when you use the FriendZone app on Android, iOS, or desktop. By using FriendZone, you agree to the practices below.

Information we collect

• Account information. When you sign in with Apple or Google, we receive your email address and a stable user identifier. We do not store passwords.
• Profile information. A username and display name, plus any profile details you choose to add.
• Zones and friends. The friend zones you create, who you've invited or added, and the membership of each zone.
• Messages. Messages you send in a zone are end-to-end encrypted. We can see metadata (sender, zone, timestamp, size) but we cannot read message contents.
• Photos and other shared content. Photos ("candy"), notes, and similar content you create and share with a zone are end-to-end encrypted in the same way as messages — we cannot see them. Taking a photo requires camera access, which you grant on your device and can revoke at any time.
• Location (optional). If you enable location sharing or check-ins in a zone, your device shares your latitude and longitude with the zone members you've authorized. Location coordinates are end-to-end encrypted before leaving your device — we cannot read them. See "Location" below for details.
• Device data. Push notification tokens, app version, and OS version, used to deliver notifications and operate the service. Each device you sign in on registers its own encryption key entry so messages can be delivered to that device.
• Server logs. Our infrastructure provider records standard request metadata, including IP addresses and timestamps, for operational, security, and abuse-prevention purposes.
• Diagnostic data. Crash reports and error traces sent to Sentry to help us fix bugs. These may include stack traces and limited app state. They are not used for advertising.

How we use information

• To operate the core features of the app: signing in, creating zones, exchanging messages, sharing location with people you've authorized, and delivering notifications.
• To diagnose crashes and improve reliability.
• To enforce our terms and prevent abuse.

We use your email address only for account-related communications (sign-in, security, and important service notices). We do not send marketing emails. We do not sell your personal information. We do not show ads in FriendZone and do not use your data for advertising profiling.

End-to-end encryption

Message contents are encrypted on your device before being sent to our servers, and decrypted only on the recipient's device. We do not have access to the plaintext of your messages. Encryption keys are generated on-device. Losing access to all of your devices may mean losing access to message history that has not been backed up.

Location

Location sharing is off by default. You choose, per zone, whether to share your location, whether to share precise versus approximate location, whether to share automatic check-ins, and whether to allow background location. You can change or revoke any of these at any time in the app or your device settings.

When sharing is enabled, your device captures your coordinates, encrypts them on-device, and sends the ciphertext to our servers, which deliver it to the authorized zone members' devices. We cannot read your location. We do not retain a long-term server-side history of your location for our own use, and we never use location for advertising.

Third-party services

We rely on a small number of providers to run FriendZone:

• Supabase — hosts our database, authentication, and message delivery infrastructure.
• Protomaps — serves the map tiles used to display the map. When the map is shown, your device requests map imagery from Protomaps, which receives your device's IP address and the map area being viewed. The location coordinates you share with friends are end-to-end encrypted and are never sent to Protomaps.
• Sign in with Apple and Sign in with Google — used only to authenticate you. Their respective privacy policies apply when you sign in.
• Apple Push Notification service and Firebase Cloud Messaging — used to deliver push notifications to your device.
• Sentry — receives crash and error reports.

Data retention

We keep your account information and zone data for as long as your account exists. Messages are retained until they are deleted by you or another participant, or until your account is deleted. Server logs and diagnostic data are retained for a limited period set by our infrastructure providers and then discarded.

Your choices

• Delete your account. You can delete your account from within the app. When you do, we mark your account, profile, and messages as deleted (a "soft delete") and we destroy your encryption key. Because the key is gone, the encrypted copies of your messages on our servers can no longer be decrypted — including by you. Soft-deleted records may be retained in our database for a period afterward for operational and abuse-prevention reasons. Note that other zone members already have decrypted (or independently decryptable) copies of messages you sent them on their own devices; those copies remain under their control and account deletion does not remove them.
• Notifications. You can turn off push notifications globally in your device settings, or per-zone within the app.
• Contact us. Email dgilkbiz@gmail.com with any questions or requests about your data.

Your rights (EU, UK, and similar jurisdictions)

If you are in the European Union, the United Kingdom, or another jurisdiction with similar data protection laws, you have rights regarding your personal information, including:

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to fix inaccurate or incomplete information.
• Deletion — ask us to delete your information (see "Delete your account" above).
• Portability — request your information in a structured, machine-readable format.
• Objection or restriction — object to or restrict how we process your information.
• Withdrawal of consent — where our processing is based on your consent.

You also have the right to lodge a complaint with your local data protection authority.

California residents

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what personal information we collect, the right to correct inaccurate information, the right to delete your information, and the right not to be discriminated against for exercising these rights. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

To exercise any of the rights above, email us at dgilkbiz@gmail.com. We may need to verify your identity before responding.

Children

FriendZone is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

International users

FriendZone is operated from the United States. If you use the app from outside the U.S., you understand that your information will be transferred to and processed in the U.S., where data protection laws may differ from those in your jurisdiction.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this page periodically.

Contact

Questions? Email dgilkbiz@gmail.com.