Privacy Policy
Real events, real conversations.
This Privacy Policy applies to the Match Circle mobile application, version 1.0.0 (hereinafter referred to as the "Application"), developed by Ralph Jabbour (hereinafter referred to as the "Service Provider") as a free service. This service is provided "AS IS". This Privacy Policy is effective as of 2026-05-14.
What information does the Application obtain and how is it used?
The Application is intended for users aged 18 and over. You provide information when you register and use the Application. The Service Provider may collect the following personally identifiable information:
- Phone number — for account verification (SMS OTP) and as your primary account identifier
- Email address — for account verification (email OTP) and account communications
- Name — to identify you to other users within the Application
- Date of birth — used to enforce the 18+ age gate and to display your age in the Application
- Gender — used to personalize matching
- Gender preference — which may indicate sexual orientation, used solely to facilitate event-based matching and is never sold or used for advertising
- Instagram handle — optional; shared only with mutual matches at your discretion
- Push notification token — to deliver event and match notifications to your device
- In-app usage events — screen views and event names used to improve the Application
The Service Provider may use the information you provide to contact you with important information and required notices.
What information does the Application collect automatically?
The Application may collect limited technical information automatically, including the type of mobile device you use, your mobile operating system, and information about the way you interact with the Application. The Application does not collect precise real-time device location in version 1.0.0.
Device contacts
If you opt in to contact sync, the Application uploads raw phone numbers, email addresses, and contact names from your device to our backend. On the backend, phone numbers and email addresses are immediately hashed using HMAC-SHA256 with a secret pepper of at least 32 characters, and only those hashes are stored — the raw phone numbers and email addresses from your contacts are not retained.
Contact names are stored in plaintext so that you can recognize entries in your in-app block list. Contact names are the only contact field stored unhashed.
You can wipe all synced contacts at any time from the in-app contacts settings screen.
Does the Application process sensitive personal information?
The Application collects gender preference information, which may be considered sensitive as it can indicate sexual orientation. This information is collected solely to provide the core matching functionality of the Application. The Service Provider:
- Does not sell this information to any third party
- Does not use this information for advertising purposes
- Stores this information securely and limits access to authorized personnel only
- Will delete this information upon request (see data retention section below)
If you are subject to GDPR (European Economic Area residents), the legal basis for processing this special category data is your explicit consent provided at registration. You have the right to withdraw consent at any time by contacting the Service Provider.
Does the Application use Artificial Intelligence (AI) technologies?
The Application does not use Artificial Intelligence (AI) technologies to process your data or provide features.
Do third parties see and/or have access to information obtained by the Application?
The Service Provider relies on the following third-party processors to operate the Application. Each has its own Privacy Policy governing how it handles data:
- PostHog Cloud (EU region, eu.i.posthog.com) — product analytics. We send a user UUID and properties including age, gender, gender_preference, role, and auth_scope, along with screen views and event names. We do not send raw phone numbers or email addresses to PostHog.
- Expo Push Notification Service — used to deliver push notifications. Our backend sends your Expo push token to Expo's servers so notifications can be delivered to your device.
- Resend (resend.com) — transactional email delivery for one-time passcodes (OTPs).
- Twilio — SMS delivery for phone one-time passcodes (OTPs).
- Cloudflare — web infrastructure, DNS, and DDoS protection.
The Service Provider may disclose User Provided and Automatically Collected Information:
- as required by law, such as to comply with a subpoena or similar legal process;
- when they believe in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- with their trusted service providers who work on their behalf, do not have an independent use of the information disclosed to them, and have agreed to adhere to the rules set forth in this privacy statement.
SMS and messaging
The Application uses SMS text messages solely to deliver one-time passcodes (OTPs) for phone number verification and account security. By providing your phone number at registration, you consent to receive these messages. Message frequency depends on your account activity, and message and data rates may apply.
No mobile information — including your phone number and your consent to receive SMS — will be shared with or sold to third parties or affiliates for marketing or promotional purposes. Your phone number is shared only with our SMS delivery provider (Twilio) for the sole purpose of transmitting verification messages to you, and is never used for any other purpose.
What are my rights under GDPR (EEA residents)?
If you are located in the European Economic Area, you have the following rights regarding your personal data:
- Right of access — you may request a copy of the personal data the Service Provider holds about you
- Right to rectification — you may request correction of inaccurate data
- Right to erasure — you may request deletion of your personal data ("right to be forgotten")
- Right to restriction — you may request that the Service Provider restrict processing of your data
- Right to data portability — you may request your data in a structured, machine-readable format
- Right to withdraw consent — you may withdraw consent for processing of sensitive data (such as gender preference) at any time
EEA users' data is processed primarily in the European Union (PostHog EU region and Cloudflare's EU infrastructure).
To exercise any of these rights, contact the Service Provider at support@matchcircle.app. Requests will be responded to within 30 days.
What are my opt-out rights?
You can halt all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.
What is the data retention policy and how can you manage your information?
If you delete your account from within the Application, your account data — including hashed contacts and analytics identifiers — will be deleted within 30 days. Analytics events older than 12 months are aggregated and no longer associated with an individual user identifier. If you'd like the Service Provider to delete data outside of the in-app deletion flow, please contact support@matchcircle.app and we will respond in a reasonable time.
How does the Application address children's privacy?
The Application is intended for users aged 18 and over. The Service Provider does not knowingly solicit data from or market to anyone under the age of 18. The in-app sign-up flow blocks anyone under 18 from creating an account.
The Application does not address anyone under the age of 18. The Service Provider does not knowingly collect personally identifiable information from anyone under 18 years of age. If the Service Provider discovers that a person under 18 has provided personal information, the Service Provider will immediately delete this from their servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact the Service Provider (support@matchcircle.app) so that they will be able to take the necessary actions.
How is your information kept secure?
The Service Provider is concerned about safeguarding the confidentiality of your information. The Service Provider provides physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop, or improve the Application. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
How will you be informed of changes to this Privacy Policy?
This Privacy Policy may be updated from time to time for any reason. The Service Provider will notify you of any changes to the Privacy Policy by updating this page with the new Privacy Policy. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.
This Privacy Policy is effective as of 2026-05-14 and applies to Match Circle version 1.0.0.
How do you give your consent?
By using the Application, you are giving your consent to the Service Provider processing of your information as set forth in this Privacy Policy now and as amended by us. "Processing" means using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining, and disclosing information.
How can you contact us?
If you have any questions regarding privacy while using the Application, or have questions about the practices, please contact the Service Provider via email at support@matchcircle.app.