Privacy Policy
Last updated: April 2025 · Apache 2.0 Licensed Project
1. Overview
SocialSpaces ("the Platform", "we", "us") is an open-source, hyper-local social matching platform. We are committed to protecting your personal information and being transparent about how it is used. This policy applies to all users of the Platform.
2. Information We Collect
- Account Information: Email address, display name, and profile photo (via Google OAuth or manual sign-up).
- Profile Data: Bio, interests, skill level, age, and availability windows you provide during profile setup.
- Location Data: City, district, and state (manually entered). Precise GPS coordinates are never collected automatically.
- Activity Data: Groups you create or join, join requests you send or process, and messages in group chats.
- Technical Data: Browser type, device type, and error logs for debugging purposes.
3. How We Use Your Information
- To match you with compatible groups using our compatibility scoring algorithm.
- To display your public profile to other users within the Platform.
- To process join requests and send in-app notifications.
- To send transactional emails (join request updates) via EmailJS where configured.
- To improve the Platform through aggregated, anonymised analytics.
4. Data Sharing & Third Parties
- Firebase (Google): We use Firebase Authentication and Firestore as our backend. Data is subject to Google's Privacy Policy.
- Nominatim / OSRM: Location queries for distance calculations may be sent to these open-source routing services. No personal data is transmitted — only coordinates.
- EmailJS: If configured, join request emails are sent via EmailJS. Only necessary template variables are transmitted.
- We do not sell your data to any third party.
5. Privacy-by-Design Principles
- Double-blind coordination: Group locations are approximate; precise addresses are never shared publicly.
- Ephemeral coordinates: Raw GPS data (if ever collected) is never persisted beyond the current session.
- Join request access control: Your email in a join request is only visible to you and the group creator — not to other users.
- Firestore rules: Database security rules enforce that users can only read and write their own data.
6. Your Rights & Controls
- Access & Export: You may access your profile data at any time via the Profile page.
- Correction: Update your profile information in the Edit Profile page.
- Deletion: Contact us to request account deletion. All associated data will be permanently removed.
- Opt-out: You may disable email notifications by not configuring EmailJS credentials.
7. Data Retention
In-app notifications are automatically deleted after 30 days. Resolved join requests (approved or rejected) are pruned after 7 days. Account data is retained until you request deletion.
8. Security
We use Firebase's built-in security features, including server-side Firestore security rules, to protect your data. All communications are encrypted via HTTPS. No security system is perfect; please use a strong, unique password.
9. Children's Privacy
SocialSpaces is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with their data, please contact us immediately.
10. Changes to This Policy
We may update this policy periodically. Changes will be posted on this page with an updated date. Continued use of the Platform after changes constitutes acceptance.
11. Contact
For privacy-related questions or data deletion requests, open an issue on our GitHub repository.