Chatjon — Discover Nearby Conversations

1. Introduction

Chatjon ("the App") is a location-based social discovery platform that helps you find and connect with people nearby, join local communities, share footprints, and communicate via real-time chat, including a Safety SOS feature.

We are committed to being transparent about what data we collect, why we collect it, and how you can control it. This Privacy Policy applies to all users of the Chatjon mobile application (Android and iOS) and our backend services.

Please read this policy carefully before using the App.

2. Scope

This policy applies to:

All users globally, including users in the European Union/EEA (GDPR), California (CCPA/CPRA), and India (DPDPA 2023).
All versions of the Chatjon mobile application.
Our backend API, database, and third-party service integrations.

3. Information We Collect

3.1 Information You Provide Directly

Data Type	Examples	Why Collected
Account credentials	Email address, password (hashed by Firebase)	Authentication
Profile information	Display name, username, profession, bio, city, country, gender, date of birth, languages, interests, 'vibe' tags	Enable profile visibility and discovery
Profile photos	One main photo + up to 6 gallery photos	Display on profile and nearby map
Stories / temporary media	Photos/videos that expire after 24 hours	Enable ephemeral content sharing
Emergency contacts	Up to 3 in-app user contacts designated by you	Enable the SOS safety feature
Report data	Report reason when you report another user	Safety and moderation

3.2 Information Collected Automatically

Data Type	Examples	Why Collected
Precise GPS location	Latitude and longitude, continuously while the App is in the foreground and Ghost Mode is off	Power the Nearby discovery map
Location history	Timestamped lat/lng + place name, stored for a duration you choose (default: 7 days)	Power the Footprints feature
Device and network data	IP address, FCM device push token	Security, rate-limiting, push notifications
Usage data	Profile views, likes, waves sent/received, messages sent, communities joined	Core app functionality
Error and crash data	Exception messages, stack traces, ~20% of network transactions	Crash diagnosis via Sentry
Message drafts	Unsent message text per conversation	Stored locally on your device only — never transmitted to our servers

3.3 Sensitive Data

The following are collected only with your explicit OS-level permission:

Sensitive Data	Permission	Purpose
Precise location	ACCESS_FINE_LOCATION / Location permission (iOS)	Real-time nearby discovery; Footprints feature
Audio recordings	RECORD_AUDIO / Microphone permission (iOS)	Voice/audio messages in chat
Push notifications	POST_NOTIFICATIONS (Android 13+) / Notification permission (iOS)	Deliver messages, waves, SOS alerts, and nearby activity alerts

You can revoke any of these permissions at any time in your device settings.

4. How We Use Your Information

Provide the core service — Account creation, authentication, profile display, real-time nearby discovery, chat, communities, footprints.
Safety features — Transmitting your precise GPS location to your designated emergency contacts when you trigger SOS.
Notifications — Sending push notifications for new messages, waves, profile views, likes, community activity, and SOS alerts via Firebase Cloud Messaging.
Personalisation — Showing you relevant nearby users and communities based on your location and settings.
Security and fraud prevention — Rate-limiting, IP-based abuse detection, blocking, and reporting.
Error monitoring — Diagnosing and fixing crashes and bugs via Sentry.
Legal compliance — Responding to lawful requests from authorities where required.

We do not use your data for advertising. We do not build advertising profiles. We do not sell your data to any third party.

5. Legal Bases for Processing (GDPR)

Processing Activity	Legal Basis
Account creation and authentication	Contract (Art. 6(1)(b)) — necessary to provide the service
Profile data, messaging, communities	Contract (Art. 6(1)(b))
Precise location for nearby discovery	Consent (Art. 6(1)(a)) — you grant the OS-level location permission
Audio recording for voice messages	Consent (Art. 6(1)(a)) — you grant the OS-level microphone permission
Crash reporting and error tracking	Legitimate Interest (Art. 6(1)(f)) — improving service reliability
Security logging, IP addresses	Legitimate Interest (Art. 6(1)(f)) — preventing abuse and fraud
SOS location transmission	Vital Interests (Art. 6(1)(d)) — protecting your physical safety

You may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal, but may limit app functionality.

6. Your Rights

6.1 Rights for All Users

Right to Access — Request a copy of the personal data we hold about you.
Right to Correction — Update incorrect data directly in the App (Settings → Profile).
Right to Deletion — Delete your account and all associated data (Settings → Account → Delete Account).
Right to Withdraw Consent — Revoke location, audio, or notification permissions via your device settings at any time.
Right to Lodge a Complaint — Contact us at support@chatjon.com.

6.2 Additional Rights — EU/EEA Users (GDPR)

Right to Restriction of Processing — Request we limit processing of your data in specific circumstances.
Right to Data Portability — Request your data in a machine-readable format. Contact support@chatjon.com to request your data manually.
Right to Object — Object to processing based on legitimate interests.
Right to Complain to a Supervisory Authority — You may lodge a complaint with your national data protection authority (e.g., ICO, CNIL, BfDI).

6.3 Additional Rights — California Residents (CCPA/CPRA)

Right to Know — You have the right to know what categories of personal information we collect, the purposes for which we use it, and with whom we share it.
Right to Delete — Request deletion via the in-app Delete Account feature or by contacting support@chatjon.com.
Right to Opt-Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioural advertising. No action is required.
Right to Correct — You may correct inaccurate personal information directly in the App.
Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights.

6.4 Additional Rights — Indian Users (DPDPA 2023)

Right to Access — Request information about personal data processed by us.
Right to Correction and Erasure — Available through the in-app account deletion flow or by contacting support@chatjon.com.
Right to Grievance Redressal — Contact our Grievance Officer at support@chatjon.com. We will respond within 30 days.
Right to Nominate — You may nominate another individual to exercise your rights on your behalf in the event of death or incapacity.

7. Third-Party Services

We use the following third-party services. Each operates under its own privacy policy.

Service	Purpose	Data Shared	Privacy Policy
Firebase Authentication (Google LLC)	User authentication	Email address, Firebase UID	https://policies.google.com/privacy
Firebase Cloud Messaging (Google LLC)	Push notifications	FCM device token, notification payload	https://policies.google.com/privacy
Google Maps Platform (Google LLC)	Interactive map display	Your location coordinates	https://policies.google.com/privacy
Cloudinary (Cloudinary Inc.)	Media storage and delivery	Profile photos, gallery photos, chat media	https://cloudinary.com/privacy
Sentry (Functional Software Inc.)	Crash reporting	Crash data, stack traces, device context, ~20% network traces	https://sentry.io/privacy/
Neon (Neon Inc.)	Cloud-hosted PostgreSQL database	All persistent user data listed in Section 3	https://neon.tech/privacy
Redis (via cloud provider)	Real-time location cache, presence, rate-limiting	User UIDs, hashed location coordinates (40s TTL)	Depends on hosting provider

8. Data Retention

Data Type	Retention Period
Account and profile data	Until you delete your account
Real-time location (Redis cache)	40 seconds TTL; refreshed while the app is in the foreground and Ghost Mode is off
Location history / Footprints	Duration you set in Settings → Footprints (default: 7 days); auto-deleted thereafter
Stories / temporary media	24 hours from posting, then automatically deleted
Chat messages	Until you delete your account or delete the message
Crash and error logs (Sentry)	90 days
IP address logs	30 days
Backup copies	Deleted within 30 days of account deletion

9. Security

All data is transmitted over HTTPS/TLS.
Passwords are hashed using Firebase Authentication's secure hashing algorithms — we never store plaintext passwords.
Authentication tokens are stored in your device's secure keystore (Android Keystore / iOS Keychain).
Our database and Redis instances are hosted in isolated cloud environments with access controls.
We conduct periodic security reviews.

No system is 100% secure. If you discover a security vulnerability, please contact us at support@chatjon.com.

10. International Data Transfers

Chatjon is operated globally. Your data may be transferred to and stored in the United States and other countries where our third-party service providers (Firebase, Cloudinary, Sentry, Neon) maintain infrastructure.

For users in the EU/EEA, these transfers are conducted under appropriate safeguards, including Standard Contractual Clauses (SCCs) as required by GDPR Chapter V. For users in India, we comply with applicable cross-border transfer obligations under the DPDPA 2023.

11. Children's Privacy & Age Requirement

Chatjon is intended for users who are at least 15 years of age.

We do not knowingly allow children under the age of 15 to create accounts or use the App.

Age Verification

During registration, users are required to confirm their age. By creating an account, you confirm that you are at least 15 years old.

Users Aged 15–17

If you are between 15 and 17 years old, you should use the App with parental or guardian awareness. Certain features (such as location sharing and public visibility) may be controlled through privacy settings.

No Data Collection from Children Under 15

We do not knowingly collect personal data from children under 15. If we discover that a user is under 15, we will immediately suspend the account and delete all associated data.

If you believe a child under 15 has created an account, please contact us at support@chatjon.com.

12. Account Deletion

You can permanently delete your account at any time:

1Open the Chatjon app.
2Go to Settings → Account → Delete Account.
3Confirm deletion.

Upon deletion, all your personal data is removed from our primary database, Firebase Authentication account is deleted, location is removed from the real-time index, and FCM push token is removed.

Deletion is permanent and irreversible. Media files on Cloudinary CDN may remain in cache for a short period.

To request deletion via email, contact support@chatjon.com with subject line "Account Deletion Request." We will process within 30 days.

13. Your Privacy Controls (In-App)

Control	Location	Effect
Ghost Mode	Settings → Privacy	Hides your location from all other users; disables location broadcasting
Show Location	Settings → Privacy	Toggle whether your location is shared for nearby discovery
Footprints Enabled	Settings → Footprints	Enable/disable footprint recording entirely
Footprint Visibility	Settings → Footprints	Set to Everyone, Connections Only, or Nobody
Footprint Trail	Settings → Footprints	Show/hide your movement trail to other users
Footprint History Days	Settings → Footprints	Set how many days of footprint data to retain (auto-deleted thereafter)
SOS Visible	Settings → Safety	Toggle whether you appear in SOS emergency contact lists
Block a User	User Profile	Prevents mutual visibility and contact

14. Cookies and Tracking Technologies

The Chatjon mobile application does not use browser cookies. We use the following equivalent technologies:

shared_preferencesStores lightweight on-device preferences (theme mode, message drafts). Not synced to any server.
flutter_secure_storageStores authentication tokens in the device's secure keystore (Android Keystore / iOS Keychain).
Redis keysShort-lived server-side keys for rate limiting, location TTL, and online presence. Not used for tracking.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

1Update the “Last Updated” date at the top of this document.
2Notify you via an in-app notification or email for material changes.

Your continued use of the App after changes become effective constitutes acceptance of the updated policy.

16. Contact & Grievance Information

Chatjon

Email: support@chatjon.com

Subject line: "Privacy Request — [Your Name/UID]"

For EU/EEA users: If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

For Indian users (DPDPA Grievance Officer): Email support@chatjon.com. Response time: 30 days.

17. Do Not Sell or Share My Personal Information

Chatjon does not sell your personal information.

Chatjon does not share your personal information for cross-context behavioural advertising.

California residents may still submit a request confirming this by emailing support@chatjon.com with the subject line "CCPA — Do Not Sell Request."