InLoop Privacy Policy

The Service is operated in connection with the InLoop app. For data protection requests, use the contact email above.

2.1 Account and profile

• Identifiers & sign-in: Firebase Authentication user ID, and sign-in details you provide (for example email and password, or Sign in with Apple as offered in the app).
• Profile: Display name, username, email, bio, profile photo URL, optional profile fields you choose to enter (such as gender, age, height, occupation, interests, mood/music entries, social links, etc., when those features are used).
• Preferences: Settings stored on your account (for example privacy toggles, photo visibility, blocked users, wallpaper/appearance preferences stored locally on the device where applicable).

2.2 Content you create

• Posts and comments you publish on the feed.
• Community hub content where you participate, per hub rules and visibility.
• Events you create or join, including titles, descriptions, times, and location text or coordinates you attach to an event.
• Reports you submit about content (where moderation features exist).

2.3 Messaging and calls

• Direct messages: Message metadata (for example conversation ID, sender/receiver IDs, timestamps) is processed to deliver chat. Where end-to-end encryption (E2EE) is enabled for a thread, message payloads are designed so that plaintext is not readable by us in the same way as ordinary server-stored text; ciphertext and related fields may still be stored to sync devices. You should assume metadata about conversations can exist on our systems.
• Voice/video calls: Signaling and session-related data may be processed to connect calls (for example WebRTC-related data via Firebase and related infrastructure). Microphone and camera access are used for live calls when you join a call; see Device permissions below.

2.4 Location

• Events “near you”: If you turn on location for events, the app may use device location to find or rank nearby events. You can control this in Settings → Privacy → Location Privacy (share_location_events).
• Event creation: Organizers may pin or describe event locations; business flows may require a pinned location for verification.
• Optional location in chat: If you choose “Send live location” (or similar), you share location with the recipient(s) of that conversation for that action. This is not the same as “events nearby,” which is described in Location Privacy for discovery only.

2.5 Connections and discovery

• Friends, connections, and interactions you make in the app.
• Bump to Connect (or similar): Nearby discovery may use local network / peer-to-peer technologies (for example Multipeer Connectivity, Bonjour-style services) so devices can find each other when you use the feature. This happens between devices when you actively use the feature; it is not the same as uploading your full contact list by default.

2.6 Payments and business features

• Stripe: When you pay for subscriptions or paid features, payments are processed by Stripe. We do not store your full card number on our servers; Stripe handles card data subject to Stripe’s privacy policy.
• Business accounts: Business profile, plan, and entitlement data may be stored to provide business tools (for example analytics tiers, community hubs, billing-related records as implemented).

2.7 Notifications

• Push notifications: We use Firebase Cloud Messaging (FCM) and Apple Push Notification service (APNs). A device token is associated with your account so we can deliver alerts (for example new messages, calls, or other activity you opt into).
• In-app notification records may be stored so you can see history in the app’s notification center.

2.8 Security and integrity

• Firebase App Check (and related mechanisms) may be used to reduce abuse and verify that requests come from genuine app instances.
• Operational logs and diagnostics may be generated by our hosting providers (for example Google Firebase / Google Cloud) for reliability, security, and debugging.

2.9 Analytics and product preferences

The app includes Data Usage settings (for example Analytics, Personalization, Data Sharing preferences) stored on your user profile. Implementation note: These preferences are saved to your account; whether and how each toggle limits third-party SDK analytics at runtime may evolve—Firebase and other SDKs linked in the app may still emit certain diagnostic or usage data depending on configuration. For App Store disclosures, treat Firebase (and any analytics SDKs you ship) as potentially collecting usage/diagnostic data unless you fully disable them in build configuration.

2.10 Local storage on your device

Cached images, offline Firestore cache, and local preferences may be stored on device to improve performance (for example Firestore offline persistence).

We use the information above to:

• Provide and operate the Service (feed, messaging, events, calls, business tools).
• Authenticate users, sync data across devices, and secure accounts.
• Deliver notifications you have enabled.
• Process payments and manage subscriptions (via Stripe where applicable).
• Enforce our terms, prevent fraud and abuse, and comply with law.
• Improve reliability and fix bugs (including through provider diagnostics).

We do not sell your personal information in the conventional sense of selling lists to data brokers.

We may share data with:

• Service providers who host or process data on our behalf, including Google Firebase / Google Cloud (authentication, database, storage, functions, messaging, App Check, etc.), Stripe (payments), and Apple (Sign in with Apple, push delivery, App Store distribution). Their use of data is governed by their policies and our agreements with them.
• Other users, according to how you use the Service (for example content you post publicly, messages you send, or location you voluntarily share in chat).
• Authorities when required by law or to protect rights, safety, and integrity.

Our providers may process data in the United Kingdom, European Economic Area, United States, and other countries where they operate. Where required, we rely on appropriate safeguards (such as standard contractual clauses) as offered by our processors.

We retain information as long as your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Some backups or logs may persist for a limited period after deletion.

Depending on your location, you may have rights to access, correct, delete, export, or object to certain processing.

• In the app: Account settings, privacy settings, blocked users, photo/location controls, notification settings, and Privacy Center → Download my data (JSON export of much of your Firestore-backed account data, subject to technical limits and encryption).
• Account deletion: Where we offer account deletion or deactivation in the app, follow those flows; deletion may take time to propagate across systems.

EEA/UK: You may have the right to lodge a complaint with your local supervisory authority.

California (CCPA/CPRA): California residents may have additional rights (for example to know, delete, and opt out of certain sharing). We do not “sell” personal information as defined by California law in the typical sense above; see the California section in Apple’s App Privacy questionnaire for your build.

The Service is not directed at children under the age where parental consent is required in your jurisdiction. We do not knowingly collect personal information from children in violation of applicable law.

We use industry-standard measures appropriate to the Service. No method of transmission or storage is 100% secure. E2EE in messaging reduces what we can read of message contents, but you should still protect your device and account credentials.

The Service may link to third-party sites or services. Their practices are governed by their policies, not this one.

We may update this Privacy Policy from time to time. We will post the updated version in the app (and/or on our site if applicable) and change the “Last updated” date. Continued use after notice may constitute acceptance where permitted by law.

Email: support@inloop.uk