Privacy Policy — toMate
Effective date: 2026-06-05 Version: 1.1
toMate is a non-commercial personal pet project built by an individual developer and offered free of charge, "as is". This Privacy Policy describes how we collect, use, store, and share personal data of users of the toMate mobile application (the "App"). It is written with reference to the Ukrainian Law "On Personal Data Protection" (No. 2297-VI) and, where applicable, the EU General Data Protection Regulation (GDPR).
This Policy is published in English and Ukrainian. In case of conflict, the Ukrainian version prevails for users resident in Ukraine.
1. Who we are
toMate is a personal, non-commercial pet project maintained by an individual developer. There is no company behind it. The person responsible for the data described here can be reached at:
- Email: romanzhykhor@gmail.com
This single email address is the official channel for all privacy enquiries.
2. Information we collect
2.1 Account information
| Data | Source | Why |
|---|---|---|
| Mobile phone number (E.164) | You, during sign-up | Authentication via SMS one-time password |
| Email address | Google or Apple, if you sign in with them | Authentication and account recovery |
| Apple/Google user identifier | Apple/Google, if you use social sign-in | Linking your sign-in identity to your toMate account |
| Display name | You | Public profile |
| Profile photo (optional) | You | Public profile |
| Short bio and city (optional) | You | Public profile |
| Interests | You, during onboarding | Personalising the activity feed |
| Preferred language (uk/en) | You or device locale | App language and notification language |
Your phone number is verified via Firebase Authentication (a Google service). Firebase receives the phone number to send the SMS and to issue a short-lived identity token. After we mint our own session token, the Firebase session on your device is signed out.
2.2 Activity data
- Activities you create — title, description, category, time, and meeting point coordinates.
- Activities you join, save, or are invited to.
- Reviews you write or receive (text, rating, who wrote it).
- Reports you file against other users or content.
2.3 Messages
- The text, images, and metadata (timestamp, sender) of messages you send in group chats and direct conversations within the App.
- Messages are transmitted over a TLS-encrypted connection to our servers. They are not end-to-end encrypted: our servers store them so they can be redelivered to recipients and our moderation team can review reports.
2.4 Location data
- While the App is open and you have granted "When in Use" location permission, your current latitude/longitude is sent to our servers to query nearby activities and to centre the map.
- We do not request "Always" location access.
- We do not store the user's real-time coordinates on our servers beyond the moment of the query.
- We do not retain location coordinates on your device beyond the current session.
- Coordinates of activities you create are stored on our servers (this is the meeting point, not your location).
2.5 Device and diagnostics
| Data | Purpose | Retention |
|---|---|---|
| Device model, OS, app version | Support and crash triage | 90 days |
| Approximate language and time zone | Localisation | Lifetime of session |
| Push notification token (FCM / APNs) | Delivering push notifications | Rotated automatically; deleted on sign-out |
| Active session metadata (device label, last-seen time, IP truncated to /24) | Showing the "Active devices" list and allowing remote sign-out | Until you sign out that device |
2.6 Crash reports (Sentry)
Crash reports are sent to Sentry (Functional Software, Inc., USA / EU region). Before any event leaves your device, our pre-send hook:
- Strips the user field (so we never attach your identity to a crash).
- Redacts phone numbers, email addresses, and high-precision coordinates (4+ decimal places).
- Removes all local variable captures from stack frames.
- Disables session replay and uses a 10% sample rate on transactions.
2.7 What we do not collect
- We do not use any analytics SDK that fingerprints users — no Firebase Analytics, no Meta SDK, no advertising identifiers, no third-party trackers.
- We do not read your contacts, calendar, or SMS history.
- We do not collect biometric data.
- We do not sell, share, or rent your personal data to third parties for marketing or advertising purposes.
- We do not profile you for automated decision-making that produces legal or significant effects on you.
3. Purposes and legal bases
| Purpose | Data categories | Legal basis |
|---|---|---|
| Authenticate you and create your account | Phone, email, social identity | Performance of a contract |
| Show activities near you | Real-time coordinates, interests | Performance of a contract |
| Deliver in-app messages and notifications | Messages, push token | Performance of a contract |
| Send push notifications you opted in to | Push token, preferences | Consent — revocable in settings |
| Prevent abuse, fraud, and harassment | Reports, phone block-list, IP /24, device label | Legitimate interest |
| Improve app stability | Crash reports (de-identified) | Legitimate interest |
| Comply with legal obligations | All categories, as required | Legal obligation |
You can withdraw consent for notifications at any time by toggling the relevant switches in Settings → Параметри → Сповіщення, or in your operating system's notification settings.
4. Sharing and recipients
We share personal data only with the categories of recipients listed below.
| Recipient | Role | Purpose | Location |
|---|---|---|---|
| Hetzner Online GmbH | Sub-processor | Application and database hosting | Germany (EU) |
| Google LLC (Firebase Authentication) | Sub-processor | Phone OTP, Google Sign-In token verification | EU + USA |
| Google LLC (Firebase Cloud Messaging) | Sub-processor | Android push notification delivery | EU + USA |
| Apple Inc. (APNs, Sign in with Apple) | Sub-processor | iOS push notification delivery; Apple sign-in | USA + EU |
| Functional Software, Inc. (Sentry) | Sub-processor | Crash and error reporting (anonymised) | EU region available |
| Expo Inc. | Sub-processor | Over-the-air update delivery (no user data) | USA |
| OpenStreetMap Foundation | Tile provider | Serving map tiles | EU |
When data is transferred outside Ukraine and the EEA (notably to the USA for Google and Apple services), the transfer is governed by Standard Contractual Clauses (SCCs) and the recipient's adequacy certification where applicable.
We share data with public authorities only when required by a binding legal order.
5. Storage, security, and retention
5.1 How we protect your data
- All network communication uses TLS 1.2 or higher.
- Authentication tokens are stored in the device's secure enclave — Keychain on iOS and EncryptedSharedPreferences on Android.
- Cached app data is stored in encrypted MMKV; the AES key is itself stored in the secure enclave.
- Our servers run in an EU data centre with access restricted to authorised personnel using multi-factor authentication.
- We do not log raw phone numbers, exact coordinates, or chat content in our application logs.
5.2 How long we keep your data
| Category | Retention |
|---|---|
| Account profile | Until you delete your account |
| Activities you created | 90 days after the activity end date |
| Activities you joined (history) | 90 days after the activity end date |
| Chat messages | 12 months from sending |
| Reviews | Until you delete your account |
| Reports | 24 months (safety enforcement and appeals) |
| Crash reports | 90 days, anonymised |
| Active session metadata | Until you sign out that device |
| Phone numbers on the safety block-list | Indefinitely, stored separately |
When you delete your account (Settings → Видалити акаунт), we delete all categories above within 30 days, except where we are required by law to retain certain records or where retaining a phone number on the safety block-list is necessary to protect the community.
6. Your rights
You have the following rights regarding your personal data:
| Right | How to exercise |
|---|---|
| Access — receive a copy of your data | Email romanzhykhor@gmail.com |
| Rectification — correct inaccurate data | Edit your profile, or email us |
| Erasure — delete your account and data | Settings → Видалити акаунт |
| Restriction — limit processing | Email romanzhykhor@gmail.com |
| Objection — to legitimate-interest processing | Email romanzhykhor@gmail.com |
| Portability — JSON export | Email romanzhykhor@gmail.com |
| Withdraw consent — for notifications | App or OS settings |
| Lodge a complaint | Ukrainian DPA or your local EU supervisory authority |
We respond to verified rights requests within 30 calendar days.
7. Children
The App is intended for users aged 16 and over. We do not knowingly process personal data of persons under 16. If you are a parent or guardian and believe your child under 16 has created an account, please contact romanzhykhor@gmail.com and we will delete the account without delay.
For users aged 16–17, we strongly recommend reading this Policy and the Terms of Use together with a parent or guardian.
8. Cookies and similar technologies
The App is a native mobile application and does not use HTTP cookies. The only identifiers stored on your device are your authentication tokens (secure enclave), the Expo OTA update channel identifier, and the push notification token issued by the operating system.
We do not use cross-app advertising identifiers (Apple IDFA / Android AAID).
9. Changes to this Policy
Material changes will be announced via an in-app notice at least 14 days before they take effect, and the "Effective date" above will be updated.
Continued use of the App after the new effective date constitutes acceptance of the updated Policy.
10. Contact
- Email: romanzhykhor@gmail.com