← back to friends of friends

Privacy Policy

Last Updated: November 14, 2025

In Brief: Friends of Friends (FoF) helps you see who knows who in your network. We collect your contact information and phone number to build your social graph, but we take your privacy seriously. We hash phone numbers before storing them, encrypt your data, and give you control over what you share.

1. Introduction

Welcome to Friends of Friends ("FoF", "we", "us", or "our"). This Privacy Policy explains how alllowercase, llc collects, uses, shares, and protects your personal information when you use our mobile application.

By using FoF, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our app.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account and use FoF, you provide us with:

• Account Information: Display name, email address, phone number, and password (encrypted)
• Profile Information: Profile picture, header image, bio (up to 200 characters), and current location (optional, user-entered text)
• Content: Posts (text, images, videos), comments, messages, and link attachments
• Preferences: Default post visibility settings and repost permission preferences

2.2 Contact Information

When you grant permission to access your device contacts:

• We extract phone numbers from your contacts
• We convert each phone number into a secure SHA-256 hash before uploading
• We never store or upload plain text phone numbers or contact names
• We match these hashes against other FoF users to build your connection graph
• We store the last sync timestamp and matched user IDs

Important: Contact sync is one-time only when you grant permission or manually trigger re-sync. We do not continuously monitor or sync your contacts in the background.

2.3 Location Information (Optional)

If you choose to enable location services through your device settings:

• We collect GPS coordinates for personalized feed ranking and nearby post discovery
• You can add location tags to your posts with varying levels of granularity (state, city, neighborhood, address, or point of interest)
• You can enable or disable location services at any time through iOS Settings
• Location data is never shared without your explicit control

2.4 Automatically Collected Information

When you use FoF, we automatically collect:

• Authentication Data: Login timestamps, session tokens (JWT), IP address, and user agent information
• Usage Data: Post engagement metrics (interest counts, message counts), timestamps for content creation and edits
• Device Information: iOS device type and version information provided by your device

2.5 Information from Apple Sign-In

If you choose to authenticate using Apple Sign-In:

• We receive your Apple user ID
• We may receive your email address (if you choose to share it)
• We may receive your name on first sign-in only

3. How We Use Your Information

We use the information we collect to:

• Provide Core Features: Build your social connection graph, show you who knows who up to 3 degrees of separation
• Enable Communication: Facilitate messaging between you and your connections (1st and 2nd degree)
• Deliver Content: Show you posts from connections based on visibility settings (1-6 degrees)
• Verify Identity: Confirm your phone number via SMS verification codes
• Personalize Experience: Use location data (if enabled) to rank your feed and show nearby posts
• Maintain Security: Authenticate users, prevent fraud, and enforce our Terms of Service
• Improve Our Service: Analyze usage patterns to enhance features and fix bugs
• Communicate: Send you verification codes, important updates, and respond to your inquiries

4. How We Share Your Information

4.1 Within the App

Always Visible to Other Users:

• Your display name (the name you choose to show on your profile)
• Your profile picture and header image
• Your bio

Visible Based on Connection Degree:

• Your posts are visible according to the visibility settings you choose (1, 2, 3, or 6 degrees)
• 1 degree = My Friends (direct contacts only)
• 2 degrees = Friends of Friends
• 3 degrees = Extended Network
• 6 degrees = Anyone (public)

Private Information:

• Messages are only visible between you and the recipient
• Your hashed contact list is never shown to other users
• Your phone number is never displayed to anyone

4.2 Third-Party Service Providers

We share information with the following trusted service providers:

• Supabase: Our backend infrastructure provider for database, authentication, file storage, and realtime features. Supabase is SOC 2 compliant and encrypts all data at rest and in transit.
• SMS Verification Provider: Your phone number is shared only for the purpose of delivering SMS verification codes during signup.
• Apple: If you use Apple Sign-In, Apple receives standard OAuth authentication data.

We do NOT share your data with:

• Advertising networks
• Analytics platforms (we use no third-party analytics)
• Social media platforms
• Data brokers or marketers

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas), including to meet national security or law enforcement requirements.

5. Data Security

We implement robust security measures to protect your information:

5.1 Encryption

• Passwords: Encrypted using bcrypt algorithm by Supabase Auth
• Phone Numbers: Hashed using SHA-256 before storage (never stored in plain text)
• Data in Transit: All data transmitted over HTTPS with TLS encryption
• Data at Rest: All stored data is encrypted by Supabase infrastructure
• Authentication Tokens: JWT tokens with automatic refresh and expiration

5.2 Access Controls

• Row Level Security (RLS) enabled on all database tables
• Users can only access their own profile data and settings
• Post visibility enforced at database level based on connection degrees
• Messages only accessible to sender and receiver
• All database policies verify authenticated user identity

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Privacy Rights and Controls

You have control over your information:

6.1 Access and Update

• Edit your profile information (name, bio, photos) at any time in app settings
• View all your posts and messages
• Review your connection graph

6.2 Control Your Content

• Delete individual posts and messages
• Archive posts to hide them from your feed
• Set visibility preferences for each post (4 levels available)
• Control who can repost your content
• Block specific users from reposting specific posts
• Hide or delete message threads

6.3 Contact Access

• Revoke contact access through iOS Settings → Privacy & Security → Contacts
• Manually trigger re-sync of contacts through app settings
• Skip contact sync entirely during onboarding if you prefer

6.4 Location Services

• Enable or disable location access through iOS Settings → Privacy & Security → Location Services
• Control location tag granularity on your posts

6.5 Data Portability

You can request a copy of your data by contacting us at jacob@alllowercase.co. We will provide your data in a machine-readable format within 30 days.

6.6 Account Deletion

You can delete your account at any time through app settings or by contacting jacob@alllowercase.co. When you delete your account:

• Your profile and posts will be permanently removed
• Your connections will be severed
• Your messages will be deleted
• We will delete or anonymize your personal information within 30 days, except as required by law
• Some data may be retained in backups for up to 90 days before permanent deletion

7. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Specifically:

• Account Data: Retained while your account is active
• Posts and Messages: Retained until you delete them or close your account
• Contact Hashes: Retained while your account is active to maintain connection graph
• Authentication Logs: Retained for 90 days for security purposes
• Deleted Data: Permanently removed within 30 days of deletion (up to 90 days for backups)

We may retain certain information as necessary to comply with legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes.

8. Children's Privacy

FoF is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use FoF or provide any information about yourself.

During account creation, users must confirm they are at least 13 years old. If we learn we have collected personal information from a child under 13, we will delete that information immediately. If you believe we might have information from or about a child under 13, please contact us at jacob@alllowercase.co.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using FoF, you consent to the transfer of your information to the United States and other locations where our service providers operate.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top
• Sending you a notification through the app for material changes

Your continued use of FoF after we make changes indicates your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

alllowercase, llc
Email: jacob@alllowercase.co
Location: Albany, NY

We will respond to your inquiry within 30 days.