Privacy Policy

1.1 Information You Provide

• Phone number — used for account verification via one-time passwords (OTP). We verify your number through our SMS providers (MSG91 and Twilio).
• Display name — the name shown to other users on fabnub.
• Profile photo — an optional image you upload to personalize your profile.
• Messages — direct messages you send to other users through the Service.
• Questions and answers — content you post or respond to within the fabnub community.

1.2 Information We Collect with Your Permission

• Contacts — if you grant permission, we access your device contacts to help you find friends on fabnub. Contact phone numbers are cryptographically hashed (SHA-256) before being sent to our servers. We never store your contacts' raw phone numbers.

1.3 Information Collected Automatically

• Device information — device model, operating system version, and app version for compatibility and troubleshooting.
• Error and crash data — collected via Sentry to identify and fix bugs. This data is anonymised and does not include personal content.
• Push notification tokens — generated by Firebase Cloud Messaging to deliver push notifications to your device.

• Account verification — to verify your identity via OTP during sign-up and login.
• Friend discovery — to match hashed contact data against registered users so you can find people you know.
• Messaging — to deliver messages between you and other users in real time.
• Push notifications — to notify you of new messages, friend requests, and relevant activity.
• Service improvement — to understand usage patterns, fix errors, and improve performance.
• Safety and security — to detect and prevent abuse, fraud, and policy violations, as described in section 2.1 below.

2.1 Content Review and Moderation

To keep fabnub safe, images you upload may be analysed by an automated content classifier shortly after upload. The classifier looks for content that violates our Content Guidelines — for example, sexually explicit material, graphic violence, or hate symbols.

For child sexual abuse material, we cooperate with the National Center for Missing & Exploited Children (NCMEC) in the United States and the National Cyber Crime Reporting Portal in India, as required by applicable law. In such cases we may retain content and associated account information beyond our normal retention periods to support law-enforcement investigations.

fabnub is designed around a friend-centric privacy model:

• Your data is stored on DigitalOcean servers located in the India region.
• All data in transit is encrypted using TLS 1.3.
• Passwords and sensitive tokens are stored using industry-standard hashing and encryption.
• Authentication tokens (JWT) are stored securely on your device using the platform keychain (iOS Keychain / Android Keystore).
• Contact phone numbers are hashed with SHA-256 before transmission and are never stored in plaintext on our servers.

We use the following third-party services to operate fabnub:

• MSG91 (India) and Twilio (USA) — SMS delivery for OTP verification. They receive your phone number solely to deliver the verification code.
• Firebase Cloud Messaging (Google) — push notification delivery. Firebase receives your device token but not your personal content.
• Sentry — error and crash reporting. Sentry receives anonymised diagnostic data to help us fix bugs.
• Cloudflare — CDN, DDoS protection, and HTTPS enforcement. Cloudflare processes network requests but does not access your personal content.
• DigitalOcean — cloud infrastructure hosting for our servers and databases.

Each third-party service processes data in accordance with their own privacy policies. We only share the minimum data necessary for each service to function.

We may share your information only in these circumstances:

• With your consent — when you explicitly agree to share information.
• Service providers — the third-party services listed above, solely to operate the Service.
• Legal obligations — when required by law, court order, or government regulation.
• Safety — to protect the rights, safety, or property of fabnub, our users, or the public.

You have the following rights regarding your personal data:

• Access — request a copy of all personal data we hold about you.
• Data export — download your data in a portable format via the app (Settings → Account → Export My Data).
• Correction — update your profile information at any time through the app.
• Account deletion — permanently delete your account and all associated data via the app (Settings → Account → Delete Account). Deletion is completed within 30 days.
• Withdraw consent — revoke contact access or notification permissions at any time through your device settings.

To exercise any of these rights, you may use the in-app settings or contact us at [email protected].

• Account data — retained while your account is active. Upon deletion, all personal data is permanently removed within 30 days.
• Messages — stored while both the sender's and recipient's accounts are active.
• Diagnostic data — anonymised error logs are retained for up to 12 months.
• Hashed contacts — removed when you revoke contact permission or delete your account.

fabnub is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or via other appropriate means. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us: