Privacy Policy

ConnectedSphere (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use the ConnectedSphere iOS application. Please read this policy carefully. By using the app, you agree to the practices described below.

1. Data Controller

The data controller responsible for your personal information is:

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact our Data Protection Officer directly.

2. What Data We Collect

We collect only the minimum data necessary to operate the app:

• Email address: Used solely for account authentication. We do not use it for marketing.
• Password: Stored as a one-way cryptographic hash. We never store or have access to your plaintext password.
• Location (opt-in only): If you grant permission, we use your device location to show you people who are nearby. We do not store or expose your precise coordinates — only your general proximity is used.

We do not collect names, phone numbers, payment information, or any other personal identifiers beyond those listed above. We do not use analytics tools, tracking SDKs, or advertising networks.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Contract performance — processing your email and password is necessary to create and maintain your account and provide the service.
• Consent — location access is entirely opt-in. You may withdraw consent at any time via your iOS device settings, and doing so will not affect your ability to use other features of the app.
• Legal obligation — we may process data where required to comply with applicable law.

4. Third-Party Sharing

We do not sell, rent, or share your personal data with any third parties for commercial, marketing, or analytics purposes. Your data is used exclusively to operate ConnectedSphere.

We may disclose information only if required to do so by law or in response to a valid legal request from a competent authority.

5. Data Retention

Your data is retained only for as long as your account is active. When you delete your account, all personal data associated with it — including your email address, hashed password, and any location data — is permanently and immediately deleted. We do not retain backups or archives of your personal data after deletion.

6. Location Data

Location access is entirely optional. If you choose to enable it, the app uses your location to surface other users who are in the same general area. We do not:

• Reveal your exact coordinates to other users
• Store precise GPS data on our servers
• Track your movements over time
• Share location data with any third party

You can revoke location permission at any time in iOS Settings → Privacy & Security → Location Services → ConnectedSphere.

7. International Data Transfers

ConnectedSphere uses Supabase as its database and backend infrastructure. Your data is stored on Supabase servers located in the United States (us-east-1, AWS). This means that if you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data transfer restrictions, your personal data will be transferred to and processed in the United States.

This transfer is lawful under GDPR Article 46 by virtue of Standard Contractual Clauses (SCCs) incorporated into Supabase’s Data Processing Agreement. These clauses impose the same data protection obligations on Supabase as apply within the EEA. You can review Supabase’s privacy and DPA documentation at supabase.com/privacy.

No other third-party services receive or store your personal data.

8. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (TLS), hashed credential storage, and access controls on our infrastructure. No method of transmission over the internet is 100% secure; however, we are committed to using industry-standard protections.

9. Your Rights

EEA / UK Users — GDPR Rights

If you are located in the EEA or UK, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request immediate deletion of your account and all associated data.
• Restriction — request that we limit processing of your data in certain circumstances.
• Data portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — withdraw consent for location access at any time without penalty.
• Lodge a complaint — you have the right to lodge a complaint with your national data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (AP).

California Residents — CCPA Rights

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

• Know — request disclosure of the categories and specific pieces of personal information we collect.
• Delete — request deletion of personal information we have collected.
• Opt-out of sale — we do not sell personal information, so this right is not applicable.
• Non-discrimination — we will not discriminate against you for exercising any of these rights.

Canadian Users — PIPEDA Rights

Under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:

• Access — request access to your personal information held by us.
• Challenge accuracy — request correction of inaccurate or incomplete data.
• Withdraw consent — withdraw consent to the collection or use of your personal information, subject to legal or contractual restrictions.
• Complain — file a complaint with the Office of the Privacy Commissioner of Canada if you believe your rights have been violated.

To exercise any of these rights, contact our Data Protection Officer at the details provided in Section 1.

10. Children’s Privacy

ConnectedSphere is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it without delay.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of the app after any changes constitutes your acceptance of the updated policy.

12. Contact Us

For any privacy-related questions, requests to exercise your rights, or concerns, please contact our Data Protection Officer: