0. Effective Date & Legal Entity
This Privacy Policy (“Policy”) is issued by Egonex, Inc. (a Delaware corporation, registered at [Registered Address — pending legal review]) and its affiliates (collectively, “Egonex”, “we”, “us”, or “our”). It explains how we collect, use, disclose, and safeguard your information when you use the Egonex mobile application, website, or any related services (the “Service”).
- Effective date: 2026-04-19
- Last updated: 2026-04-19
By creating an account or using the Service, you acknowledge that you have read and understood this Policy.
1. Information We Collect
We collect only the information we need to operate the Service. The table below aligns with the data categories declared in our iOS Privacy Manifest (PrivacyInfo.xcprivacy) and our Google Play Data Safety form.
| Category | Examples | Linked to you | Used for tracking | Why we collect it |
|---|---|---|---|---|
| Email address | sign-up email, recovery email | Yes | No | Account creation, login, password recovery |
| Phone number | mobile number for SMS OTP | Yes | No | Two-factor authentication via Twilio |
| User ID | internal Egonex user identifier | Yes | No | Platform identity, session continuity |
| Device ID | generated device fingerprint | Yes | No | Fraud detection, push routing |
| Photos or videos | profile avatars, posts, matching media | Yes | No | Display on your profile and in matching |
| Audio data | voice messages, optional voice features | Yes | No | Delivering voice messages and voice-based features |
| Precise location | latitude / longitude (WhenInUse) | Yes | No | Geography-aware matching and nearby recommendations |
We do not knowingly collect Social Security numbers, passport numbers, biometric templates (beyond optional Face ID for on-device unlock), health data, or financial account numbers beyond what payment providers require.
2. How We Use Your Data
We use your information for the following purposes:
- Core matching and product functionality — to run our AI matching engine, show nearby users, send and receive messages.
- Communication and support — to respond to your requests, send service announcements, send transactional email and SMS.
- Security, safety, and anti-fraud — to detect abusive behavior, enforce community rules, maintain account integrity.
- Product analytics and quality — to understand feature usage, reliability, and crash behavior at an aggregate level.
We do not sell your personal information. We do not use your personal information for cross-app or cross-website tracking.
3. Third-Party Sharing
We share your information only with the service providers that are necessary to operate the Service. All providers are bound by contractual confidentiality and data-processing terms.
| Provider | Purpose | Data types | Jurisdiction |
|---|---|---|---|
| Firebase (Google LLC) | Analytics, crash reporting, push notifications | Device ID, usage events | United States |
| Stripe, Inc. | Payment processing for web purchases | Billing details, user ID | United States |
| Twilio, Inc. | SMS verification codes | Phone number | United States |
| SendGrid (Twilio) | Transactional email | Email address | United States |
| Amazon Web Services | Object storage (photos, videos, audio) | Photos, videos, audio | United States |
| Centrifugo | Real-time messaging transport | User ID, message metadata | Self-hosted |
| AI model provider | AI matching, AI conversations | User input, de-identified profile signals | United States |
We may also disclose information if required by law, legal process, or to protect the rights, property, or safety of Egonex, our users, or others.
4. Apple Required Reason API Disclosure
In accordance with Apple’s Required Reason API policy, we declare the following API usage and their corresponding reason codes:
| API | Reason code | Why we call it |
|---|---|---|
NSUserDefaults | CA92.1 | Read and write app-specific preferences accessible only to this app |
| File Timestamp APIs | C617.1 | Display file metadata (e.g., last modified date) to the user |
| Disk Space APIs | E174.1 | Show available storage or manage on-device cache |
| System Boot Time APIs | 35F9.1 | Measure elapsed time between in-app events |
We do not use these APIs for device fingerprinting or cross-app identification.
5. App Tracking Transparency (ATT)
We do not currently request App Tracking Transparency permission. Our Info.plist includes NSUserTrackingUsageDescription as a placeholder for potential future use (for example, advertising attribution). If we ever enable tracking, we will present a clear in-app prompt and update this Policy with at least 30 days’ notice.
6. Your Rights: Access, Correction, Portability, Deletion
You may request access to, correction of, a portable copy of, or deletion of your personal information at any time. For urgent or high-volume requests, please email privacy@egonex.ai.
Account Deletion Lifecycle
We implement a complete deletion pathway consistent with Apple App Store Guideline 5.1.1(v):
- T+0 — Soft delete. When you request deletion inside the app (Settings → Account Security → Delete Account), your account is immediately deactivated. You can no longer sign in, and you become invisible to other users.
- T ≤ 30 days — Recovery window. Within 30 days you may sign in and initiate account recovery. After recovery, all your data is restored.
- T+30 days — Hard delete. A scheduled purger permanently deletes or anonymizes your data across all tables and backups, except where retention is required by law (for example, fraud prevention or tax records).
- Sign in with Apple users. If you authenticated with Sign in with Apple, we additionally call Apple’s
/auth/revokeREST API to revoke the refresh token at T+0.
You can also export your profile as a JSON archive by emailing privacy@egonex.ai.
7. Data Storage & Security
- Encryption at rest. Object storage (AWS S3) uses SSE-S3 / SSE-KMS encryption. Our PostgreSQL databases use transparent data encryption, with field-level encryption for highly sensitive attributes.
- Encryption in transit. All API traffic uses TLS 1.2 or higher.
- Access control. We apply least-privilege IAM policies, rotate credentials regularly, and log administrative access.
- Passwords. Stored using memory-hard hashing (bcrypt / argon2); plain-text passwords are never persisted.
- Retention. Operational logs are retained for 90 days. Account data is retained while your account exists and for up to 30 days after deletion (subject to legal holds).
8. Children’s Privacy
Egonex is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please email privacy@egonex.ai. We will delete such information within 30 days.
Because Egonex includes social matching features, the App Store age rating is 17+. You must be at least the minimum age required in your jurisdiction to use the Service.
9. International Data Transfers
Our servers are located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. We apply technical and contractual safeguards equivalent to those available in your country of residence.
10. California Residents (CCPA / CPRA)
We voluntarily extend core CCPA / CPRA rights to California residents, including the right to know, delete, correct, and opt out of sale or sharing of personal information. Please note that we do not sell your personal information, and we do not share it for cross-context behavioral advertising. Submit a verified request by emailing privacy@egonex.ai.
11. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced in the app and by email at least 30 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy. Prior versions are available on request.
12. Contact Us
- Privacy inquiries: privacy@egonex.ai
- General support: support@egonex.ai
- Legal / DMCA: legal@egonex.ai
- Mailing address: [Egonex, Inc., Registered Address — pending legal review]