Legal
Privacy Policy
Connexus — Last updated: 28 March 2026
1. Introduction
Welcome to Connexus ("we", "us", "our"). We operate the Connexus mobile application (the "App"). This Privacy Policy explains what personal data we collect, how we use it, how we share it, and your rights in relation to it.
By creating an account or using the App, you confirm that you have read and understood this Privacy Policy. If you do not agree, please do not use the App.
2. Who We Are
Connexus is the data controller for personal data collected through the App. If you have questions about this policy or our data practices, contact us at:
Email: info@connexusofficial.com
3. What Data We Collect
3.1 Data you give us directly
| Data | Why we collect it |
|---|---|
| Name (first and last) | To display on your profile |
| Username | Your unique public identifier on Connexus |
| Email address | Account authentication and communications |
| Password (hashed — we never store plain text) | Account security |
| Date of birth | Age verification; not shown to other users |
| City / region | To help suggest relevant meetup ideas |
| Profile photo | To display on your profile to friends |
| Hobbies, interests, dietary requirements, bucket list | To personalise meetup suggestions |
| Preferred meetup frequency (per friendship) | Core feature — scheduling algorithm |
| Preferred days and times (availability/blocked times) | Core feature — scheduling algorithm |
| Apple ID (if you use Sign in with Apple) | Authentication only |
3.2 Data we collect automatically
| Data | Why we collect it |
|---|---|
| Device type, OS version, Expo SDK version | Bug reporting and compatibility |
| Push notification token | To send you meetup reminders and alerts |
| App usage events (e.g. screens visited, buttons tapped) | To understand how the App is used and improve it |
| Crash reports and error logs | To fix bugs |
| IP address | Security, fraud prevention, and legal compliance |
3.3 Data from third parties
- Apple: If you sign in with Apple, we receive a unique Apple user identifier and, optionally, your name and email (subject to what you share with Apple).
- Supabase: We use Supabase for authentication, database, and real-time services. Supabase processes data on our behalf as a data processor. See Supabase's privacy policy.
3.4 Calendar data
If you grant calendar permission, we read your calendar to help schedule meetups and write meetup events to your calendar. We do not store your calendar events on our servers — calendar data is processed on-device only.
4. How We Use Your Data
We use your data to:
- Operate the App — create and manage your account, show your profile to mutual friends, run the scheduling algorithm, send meetup invitations.
- Personalise — suggest meetup activities based on shared interests.
- Communicate — send push notifications about meetup requests, confirmations, reminders, and account activity.
- Safety and trust — review reports of abuse, enforce our Community Guidelines, prevent spam and fraud, and block users as requested.
- Improve the App — analyse usage patterns, fix bugs, and develop new features.
- Legal compliance — comply with applicable laws and respond to lawful requests from authorities.
Legal bases (GDPR / UK GDPR):
| Purpose | Legal basis |
|---|---|
| Providing the core service | Performance of contract (Art. 6(1)(b)) |
| Push notifications | Consent (Art. 6(1)(a)) |
| Safety and fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
| Analytics and improvement | Legitimate interests (Art. 6(1)(f)) |
5. How We Share Your Data
We do not sell your personal data to third parties.
5.1 Other users
- Your profile (name, username, photo, interests, city) is visible only to mutual friends — users who have accepted a friend connection with you. Strangers cannot view your profile.
- Your meetup frequency preferences for a specific friendship are visible only to that friend.
5.2 Service providers (data processors)
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, real-time services | US (EU data transfer safeguards apply) |
| Apple (APNs) | iOS push notification delivery | US |
| Expo / EAS | App build and update delivery | US |
5.3 Legal requirements
We may disclose your data if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Connexus, our users, or the public.
5.4 Business transfers
If Connexus is acquired, merged, or sold, your data may be transferred as part of that transaction. We will notify you via email or in-app notice before your data becomes subject to a different privacy policy.
6. Data Retention
| Data | Retention period |
|---|---|
| Account data (profile, friendships, meetups) | Retained while your account is active |
| Deleted account data | Deleted within 30 days of account deletion, except where longer retention is required by law |
| Push tokens | Deleted immediately on account deletion |
| Reports you filed or that were filed about you | Retained for up to 3 years for safety purposes |
| Crash logs and analytics | Retained for up to 24 months |
| Calendar data | Never stored on our servers |
When you delete your account through the App, we delete your profile, friendships, meetups, friend requests, broadcasts, and availability data. This action is irreversible.
7. Your Rights
All users
- Access — request a copy of the data we hold about you.
- Correction — ask us to correct inaccurate data. You can update most data directly in the App.
- Deletion — delete your account and associated data via Settings → Delete Account, or contact us.
- Withdraw consent — withdraw consent for push notifications at any time in your device settings or in the App.
EEA, UK, and Switzerland (GDPR / UK GDPR)
- Data portability — request your data in a machine-readable format.
- Restriction — ask us to stop processing your data while a dispute is resolved.
- Objection — object to processing based on legitimate interests.
- Lodge a complaint — you have the right to complain to your local data protection authority (e.g. the ICO in the UK).
California residents (CCPA / CPRA)
- You have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.
- You have the right not to be discriminated against for exercising your privacy rights.
To exercise any of these rights, email us at info@connexusofficial.com. We will respond within 30 days.
8. Children's Privacy
The App is intended for users aged 17 and over. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has created an account, please contact us at info@connexusofficial.com.
9. Security
- All data in transit is encrypted using TLS/HTTPS.
- Passwords are hashed and salted — we never store plain text passwords.
- Row-Level Security (RLS) policies restrict access so users can only read/write their own data or data they are a party to.
- Push tokens are accessible only to the account owner.
10. International Data Transfers
Connexus is operated from the United Kingdom. Our service providers (primarily Supabase and Apple) may process data in the United States and other countries. Where we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).
11. Third-Party Links and Services
The App may contain links to third-party websites or services (e.g. WhatsApp message pre-fill). We are not responsible for the privacy practices of those third parties.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via push notification or in-app alert, and update the "Last updated" date above. Continued use of the App after changes take effect constitutes acceptance of the revised policy.
13. Contact Us
For any privacy-related questions, requests, or complaints:
Email: info@connexusofficial.com
We aim to respond to all enquiries within 5 business days.
This privacy policy was drafted for Connexus and should be reviewed by a qualified legal professional before publication, particularly if you operate across multiple jurisdictions.