Privacy Policy

Friends of Friends is the data controller responsible for your personal data. If you have questions about this policy or how we handle your data, please contact us.

We collect the following categories of personal data:

Account data

When you create an account, we collect your name, email address, and password (stored in hashed form). You may optionally provide a phone number.

Location data

You may provide your city or address to help connections find you. We deliberately store your location with reduced precision—your exact address is never shared with other users, only your general area.

Profile data

This includes your avatar image, bio, and the connections you make with other users.

Usage data

We use Vercel Analytics to collect anonymous, aggregated usage data such as page views, referrer URLs, device type, browser, and general geographic region. Vercel Analytics is cookieless—it does not use cookies, localStorage, or any persistent identifiers on your device. Visitor data is identified by a server-side hash that is automatically discarded after 24 hours. This data cannot be used to identify individual users.

Usage data is only collected with your consent. You can manage your analytics preferences at any time via the consent banner or by visiting our analytics preferences page.

• Provide the service — display your profile and approximate location to your connections
• Transactional emails — send account verification, password reset, and other service-related emails
• Improve the service — use anonymous analytics to understand how the app is used (with your consent)
• Security — protect against fraud, abuse, and unauthorized access

We do not sell your personal data to advertisers or data brokers. We do not use your data for advertising or profiling.

We process your personal data under the following legal bases (as defined by the GDPR):

• Performance of a contract — processing your account data and location to provide the service you signed up for
• Consent — collecting usage analytics (you can withdraw consent at any time)
• Legitimate interest — security measures, fraud prevention, and service improvements that don't override your rights

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

We use the following third-party services to operate Friends of Friends. Your data may be processed by these providers in the United States or other jurisdictions:

• Vercel — frontend hosting and web analytics
• Railway — backend application hosting
• NeonDB — PostgreSQL database hosting
• Amazon Web Services (S3) — avatar image storage
• Resend — transactional email delivery

We choose providers with strong security and privacy practices. Each provider processes data only as necessary to deliver their specific service to us.

We use a minimal set of cookies, all of which are functional:

• Authentication cookies (essential) — secure, httpOnly cookies used to keep you logged in
• CSRF protection cookies (essential) — protect against cross-site request forgery attacks

We do not use advertising cookies, social media tracking pixels, or any third-party cookies.

Vercel Analytics is our only analytics tool and it is entirely cookieless—it does not store anything on your device. Analytics data is collected only with your consent and is anonymous and aggregated.

• Account data — retained while your account is active
• Deleted account data — removed from active systems within 30 days of account deletion; purged from backups within 90 days
• Analytics data — anonymous and aggregated; retained per Vercel's data retention policy
• Authentication cookies — expire based on session duration

Your data is processed in the United States. If you are located outside the US (including the EU/EEA), your data will be transferred internationally. We rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms to ensure your data is protected in accordance with applicable privacy laws.

Friends of Friends is intended for users who are at least 18 years old. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us and we will promptly delete it.

We may update this privacy policy from time to time. If we make material changes, we will notify you via email. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of Friends of Friends after changes constitutes acceptance of the updated policy.