DinnectPOLICY CENTER

Privacy Policy

Last updated: March 4, 2026

Dinnect Inc. ("Dinnect," "we," "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use the Dinnect mobile application. This Policy complies with the GDPR, CCPA/CPRA, COPPA, and the ePrivacy Directive.

1. Information We Collect

Information You Provide When you create an account, we collect your email address, password (stored only as a bcrypt hash), first and last name, username, birthdate (for age verification — 18+ required), gender, and city of residence. If you register via Apple Sign-In or Google Sign-In, we receive your name, email address, and a unique identifier from the respective provider. Apple users may choose to hide their real email via Apple's private relay service. You may optionally provide additional profile information including a bio, job title, company name, education history (up to 5 entries with university, field of study, and graduation year), skills, interests, languages spoken, a professional status (such as Open to Networking, Building, Fundraising, Hiring, Open to Work, or Focus Mode), and related business details. We also collect content you create, including posts (photos and videos with captions and 1–3 categories), stories (photos with 24-hour auto-deletion), comments, likes, direct messages (text, photos, documents, and view-once media), and event details. Location Data If you enable the "Nearby" feature, we collect real-time GPS coordinates, accuracy radius, and reverse-geocoded city name. Location tracking is off by default and requires your explicit opt-in. You may disable it at any time through Settings, and your coordinates will be immediately deleted from our servers. Automatically Collected Data We automatically collect your IP address (retained for 30 days), device token for push notifications, request logs (retained for 7–30 days), online status (temporary, stored in memory for 90 seconds), and typing indicators (stored in memory for 5 seconds, never persisted). We do not use cookies, advertising identifiers (IDFA), or any tracking technologies.

2. How We Use Your Information

We process your personal data for the following purposes: • To provide and operate the Service, including displaying your profile, delivering messages, showing events, and enabling the Nearby feature • To create and authenticate your account • To deliver push notifications you have opted into • To improve the security and integrity of the platform • To prevent abuse, fraud, and violations of our Terms of Service • To comply with legal obligations • To respond to your requests and provide support Our legal bases for processing include contract performance (providing the Service you signed up for), legitimate interest (security, fraud prevention, platform improvement), explicit consent (location tracking, push notifications, read receipts), and legal obligation (audit logging, law enforcement cooperation). We do not use your data for automated decision-making or profiling.

3. How We Share Your Information

With Other Users Your profile information (name, username, bio, professional details, profile photo) is visible to other users based on your privacy settings. If your profile is set to "private," only your connections can view your full profile. With Service Providers • Google LLC (Firebase Cloud Messaging) — for delivering push notifications • Google LLC (Google Sign-In) — for authentication • Apple Inc. (Sign in with Apple, MapKit) — for authentication and map services • Amazon Web Services (planned) — for storing uploaded media We do not use any analytics services, advertising networks, or tracking tools. We Do Not Sell Your Data Dinnect does not sell, rent, or trade your personal information to third parties. Legal Requirements We may disclose your information if required by law, regulation, legal process, or governmental request.

4. Data Retention

• Profile data — Until you delete your account • Posts and gallery items — Until you delete them • Stories — 24 hours (automatically deleted) • Messages — Until you delete the conversation • View-once messages — Until opened by the recipient • IP address logs — 30 days • Request logs — 7–30 days • Online status — 90 seconds (in-memory) • Typing indicators — 5 seconds (in-memory) • Soft-deleted accounts — 30 days (then permanently deleted) • JWT access tokens — 15 minutes • JWT refresh tokens — 60 days Backup copies may persist for up to 30 days after deletion.

5. Account Deletion

You can permanently delete your account through Settings > Delete Account. A 30-day grace period begins, during which your profile is hidden and you may reactivate by logging in. After 30 days, all data is permanently deleted: profile data, posts, stories, gallery items, comments, likes, messages, events, notifications, connections, photos, and device tokens. Retained after deletion: anonymized audit logs and aggregated, non-identifiable data.

6. Your Rights & Choices

All Users You can edit or delete your profile, control privacy settings, manage notifications, block users, and delete your account. European Union Residents (GDPR) You have the right to access, rectify, erase, restrict, port, and object to processing of your data. Contact privacy@dinnect.app — we respond within 30 days. California Residents (CCPA/CPRA) You have the right to know, delete, correct, and opt out. Dinnect does not sell your data.

7. Security

• All data transmitted over HTTPS (TLS 1.2+) • Passwords stored as bcrypt hashes with salt • Authentication tokens stored in iOS Keychain • Media stored with server-side AES-256 encryption • Per-user rate limiting (200 GET/min, 60 POST/min) • WebSocket rate limiting (30 msg/10s, 4KB max frame) • JWT tokens with short expiry (15-minute access tokens) Important: Messages are encrypted in transit but stored in readable format on our servers. End-to-end encryption is not currently implemented.

8. International Data Transfers

Dinnect's servers may be located outside your country of residence. For EU/EEA residents, we rely on Standard Contractual Clauses (SCCs) to ensure adequate protection.

9. Children's Privacy

Dinnect is strictly for users aged 18 and older. We do not knowingly collect data from minors. If we discover a minor's account, we will delete it immediately. Contact privacy@dinnect.app to report.

10. Push Notifications

We deliver push notifications via Firebase Cloud Messaging across categories: Connections, Events, Social, Profile, and System. You can control notifications through Settings > Notifications.

11. Data Breach Notification

In the event of a data breach, we will notify relevant authorities within 72 hours (GDPR Article 33) and affected users without undue delay via push notification, in-app alert, and email.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via push notification and in-app notification. Continued use after notification constitutes acceptance.

Contact Us

If you have any questions, please contact us:

privacy@dinnect.app

For GDPR-related inquiries, you may file a complaint with the relevant supervisory authority in your EU/EEA member state.