← back to friends of friends

Privacy Policy

Last Updated: April 4, 2026

In Brief: friendsof helps you see who knows who in your network. We collect only what we need to make the app work, we never sell your data, and you can delete your account and all associated data at any time.

1. Introduction

Welcome to friendsof ("FoF", "we", "us", or "our"). This Privacy Policy explains how alllowercase, llc collects, uses, shares, and protects your personal information when you use our mobile application.

By using friendsof, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our app.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account and use friendsof, you provide us with:

• Account Information: Email address and display name
• Profile Photo: A user-uploaded profile picture
• Content: Posts (text, images, videos), comments, and messages

2.2 Contact Information

When you grant permission to access your device contacts for friend discovery:

• We extract phone numbers from your contacts and convert each into a secure SHA-256 hash
• We never store or upload raw contact names or plain-text phone numbers
• Hashes are matched against other friendsof users to build your connection graph, then discarded from the device

2.3 Location Information (Optional)

If you choose to enable location services through your device settings:

• We collect coarse location data for feed personalization and nearby post discovery
• Location data is used on-device for ranking and is not stored on our servers
• You can enable or disable location services at any time through iOS Settings

2.4 Bug Reports

When you tap "Send Report" in the app to submit a bug report, we collect:

• Device Information: iOS version, app version, and device model
• Recent App Logs: Diagnostic log data from your current session

This information is submitted only when you explicitly choose to send a report. It is never collected automatically or in the background.

2.5 Crash Data

During the beta period, crash reports are collected by Apple through TestFlight. This data is handled by Apple's infrastructure, not ours. See Apple's Privacy Policy for details.

2.6 Push Notifications

If you enable push notifications, we store your Apple Push Notification service (APNS) device token to deliver social notifications (new messages, post interactions, etc.). You can disable push notifications at any time in iOS Settings.

3. How We Use Your Information

We use the information we collect to:

• Provide Core Features: Build your social connection graph and show you who knows who
• Enable Communication: Facilitate messaging between you and your connections
• Deliver Content: Show you posts from connections based on visibility settings
• Personalize Experience: Use location data (if enabled) to rank your feed
• Diagnose Issues: Use bug report data to identify and fix problems
• Maintain Security: Authenticate users, prevent fraud, and enforce our Terms of Service

4. How We Share Your Information

4.1 Within the App

Visible to Other Users:

• Your display name, profile photo, and bio
• Your posts, according to the visibility settings you choose

Private:

• Messages are only visible between you and the recipient
• Your contact hashes are never shown to other users

4.2 Third-Party Service Providers

We share information with the following trusted service providers:

• Supabase: Our backend infrastructure provider for database, authentication, and file storage. Supabase is SOC 2 compliant and encrypts all data at rest and in transit.
• Apple TestFlight: During beta, Apple collects crash reports through TestFlight. We do not operate separate crash reporting infrastructure.

We do NOT share your data with:

• Advertising networks
• Data brokers or marketers
• Third-party analytics platforms

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

5. Data Security

We implement security measures to protect your information:

• Passwords: Encrypted using bcrypt by Supabase Auth
• Contact Data: Hashed using SHA-256 before upload; raw contacts never leave your device
• Data in Transit: All data transmitted over HTTPS with TLS encryption
• Data at Rest: All stored data encrypted by Supabase infrastructure
• Access Controls: Row Level Security (RLS) on all database tables; users can only access data they are authorized to see

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure.

6. Your Privacy Rights and Controls

6.1 Access and Update

• Edit your profile information (name, bio, photo) at any time in app settings
• Delete individual posts and messages
• Control post visibility settings

6.2 Contact and Location Access

• Revoke contact access through iOS Settings
• Enable or disable location access through iOS Settings

6.3 Data Portability

You can request a copy of your data by contacting us at jacob@alllowercase.co. We will provide your data in a machine-readable format within 30 days.

6.4 Account Deletion

You can delete your account from the app by going to Settings > Account > Delete Account. This permanently removes your account, posts, messages, and all associated data from our servers.

You may also request account deletion by contacting jacob@alllowercase.co. Some data may be retained in encrypted backups for up to 90 days before permanent deletion.

7. Data Retention

We retain your information for as long as your account is active. Specifically:

• Account Data: Retained while your account is active
• Posts and Messages: Retained until you delete them or close your account
• Contact Hashes: Retained while your account is active to maintain your connection graph
• Bug Report Data: Retained for up to 90 days for diagnostic purposes
• Deleted Data: Permanently removed within 30 days of deletion (up to 90 days for backups)

8. Children's Privacy

friendsof is intended for users aged 13 and older. We do not knowingly collect data from children under 13.

If we learn we have collected personal information from a child under 13, we will delete that information immediately. If you believe we might have information from a child under 13, please contact us at jacob@alllowercase.co.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your jurisdiction. By using friendsof, you consent to the transfer of your information to the United States and other locations where our service providers operate.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of friendsof after changes are posted indicates your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us:

alllowercase, llc
Email: jacob@alllowercase.co

We will respond to your inquiry within 30 days.