Privacy Policy โ IBI
1. Data Controller
Gianni Campana
Domiciled in Milan (MI), Italy
Email:
privacy@ibimeet.com
A Data Protection Officer (DPO) has not been appointed, as the conditions for mandatory appointment under Art. 37 GDPR are not met.
For any request relating to your personal data, write to:
privacy@ibimeet.com
We will respond within 30 days (Art. 12.3 GDPR), normally within
7 business days.
2. Categories of data processed
2.1 Identification and contact data
- Name (or nickname) โ identification in the public profile
- Phone number โ authentication via SMS OTP
- Email address โ optional; used for alternative access and service communications
- Date of birth โ to verify the minimum age requirement (18 years) and calculate age displayed in the profile
2.2 Profile data
- Height โ optional field, visible in the profile
- City and neighbourhood โ approximate geographic area, not an exact address
- Profession โ optional field
- Family plans โ optional field
- Relationship type sought โ e.g. serious, casual, friendship (optional, configurable visibility)
- Profile photos โ 1 to 6 images uploaded directly by you
- Interests โ selection from predefined categories
- Distinctive features โ hair, glasses, tattoos, piercings, accessories, beard (all optional)
- Approach preferences โ how you prefer to be approached in person (optional)
- Preferred age range โ minimum and maximum age of people you want to meet
2.3 Special category data (Art. 9 GDPR)
Gender identity and sexual orientation
- Gender identity: man, woman, non-binary, genderfluid, other
- Sexual orientation (implicit): inferred from your "interested in" preference field
Lifestyle habits
- Relationship with smoking
- Relationship with alcohol
- Relationship with marijuana
- Relationship with recreational substances
This information is not mandatory. By selecting "prefer not to say" for all fields, no data in this category is transmitted or stored.
Legal basis: Explicit consent under Art. 9.2.a GDPR.
2.4 Geolocation data
- Real-time GPS position โ geographic coordinates detected by your device
- Home neighbourhood โ determined by the backend
- Proximity mode โ the app operates in fixed LOCAL mode (same neighbourhood and same venue/POI, within approximately 50 m of the POI or through explicit check-in); this mode is not configurable by the user (see section 4.2)
- Accuracy metadata โ GPS signal precision in metres
- Last position timestamp
Background location: the app can detect your location when not in the foreground, subject to your explicit OS-level authorisation. You can revoke this at any time in device settings.
How we protect your position: privacy offset always applied (never exact coordinates); no user sees your exact GPS coordinates; position stored as a single document (current position only).
Legal basis: Consent (Art. 6.1.a) + Legitimate interest (Art. 6.1.f) for proximity matching.
2.5 Messaging data
Text messages and timestamps. Messages are retained for 6 hours on the server, then automatically deleted. End-to-end encryption is not implemented.
Legal basis: Performance of contract (Art. 6.1.b).
2.6 Technical and system data
- JWT access token, refresh token
- Operating system type and version
- App version, IP addresses, access logs
- OTP codes (5 minutes retention), push tokens, OAuth tokens
3. Purposes and legal bases
| Purpose | Data categories | Legal basis |
|---|---|---|
| Authentication | Phone, email, OTP, JWT | Performance of contract โ Art. 6.1.b |
| Profile management | Name, age, height, city, photos | Performance of contract โ Art. 6.1.b |
| Proximity matching | GPS position, neighbourhood, fixed LOCAL mode | Consent โ Art. 6.1.a + Legitimate interest โ Art. 6.1.f |
| Compatibility search | Orientation, gender, age range, interests | Contract โ Art. 6.1.b + Explicit consent โ Art. 9.2.a |
| Messaging | Message text, timestamps | Performance of contract โ Art. 6.1.b |
| Push notifications | Device token | Consent โ Art. 6.1.a |
| Security and fraud prevention | IP, device ID, access logs | Legitimate interest โ Art. 6.1.f + Legal obligation โ Art. 6.1.c |
| Service improvement | Preferences, interests, anonymous aggregated data | Legitimate interest โ Art. 6.1.f |
| Service communications | Email (if provided) | Performance of contract โ Art. 6.1.b |
| Marketing (explicit consent only) | Consent โ Art. 6.1.a |
4. How the proximity system works
4.1 The principle
IBI shows profiles of people genuinely close to you right now by comparing GPS positions within the same neighbourhood area.
4.2 LOCAL proximity mode
In local venue or point-of-interest (POI) matching, IBI shows profiles of people physically close to you right now, in the same neighbourhood and connected to the same POI, within a technical radius of approximately 50 metres from the POI or through explicit check-in to that same POI. All users operate with this single proximity mode (LOCAL); there are no user-selectable visibility levels.
Neighbourhood browse (the "Q" button in Discover) shows venues/POIs and profiles of active users in your neighbourhood; in some views profiles are grouped by POI. From this view you can send a Like. The feature shows who is active in your neighbourhood at that moment and does not change your visibility level.
You can completely disable location sharing at any time from the app or device settings. While location is disabled, your profile does not appear to other users in proximity browsing.
4.3 The privacy offset
Your exact address is never shared. Before any geographic comparison, your GPS position is modified with a random offset of up to ยฑ20 m.
This means your position appears slightly shifted from the real one, protecting your privacy while maintaining local proximity functionality.
4.4 "I Saw You" feature
When two users are physically in the same venue or point of interest (POI) โ detected via GPS with close proximity in the same neighbourhood โ the system may send an "I saw you" notification. Being in the same neighbourhood alone is not enough to trigger this feature. It only works if both users have location enabled; no exact position is revealed.
4.5 Blocking feature and effects on data processing
If you block another user through the Block function available on their profile:
- Discover visibility: the blocked user's profile is no longer shown to you in Discover or neighbourhood browse, permanently and independently of any automatic feed refresh.
- Interactions (Like, I saw you): any such action between you and the blocked user is blocked server-side and does not create notifications, matches or conversations.
- Messaging: sending messages is disabled in both directions. The blocked user cannot access or read the chat history with you. You may consult the chat history in read-only mode, but you cannot send new messages.
- Duration: the block remains active until you explicitly unblock the user through Settings โ Blocked users.
Blocking is separate from reporting. To report a breach of the Terms, use the Report function available on the same profile.
Legal basis: Legitimate interest (Art. 6.1.f GDPR) โ protecting users from unwanted interactions and safeguarding platform safety.
5. Who we share your data with
5.1 Data processors
| Provider | Service | Data shared | Location | Safeguards |
|---|---|---|---|---|
| Twilio Inc. | SMS OTP | Phone number, OTP code | USA (Virginia) | DPA in ToS + SCC (Decision 2021/914) |
| Twilio SendGrid | Email OTP | Email address, OTP code | USA | DPA in ToS + SCC |
| Expo Inc. | Push notifications | Device token, notification content | USA (California) | ToS + SCC |
| MongoDB, Inc. | Database + photo storage (GridFS) | All profile data, messages, location, photos | EU โ AWS Frankfurt (eu-central-1) | MongoDB DPA (Oct. 2024) in ToS. No extra-EU transfer. |
| Apple Inc. | Sign in with Apple | OAuth token, email (optional) | USA/Ireland | EU-US DPF โ Adequacy Decision 2023 |
| Google LLC | Sign in with Google | OAuth token, email, name | USA | EU-US DPF โ Adequacy Decision 2023 |
| Mapbox Inc. | Map rendering | Anonymous map requests only | USA | SCC + anonymisation: no personal data transmitted |
5.2 Other app users
Other active users in your area can see your public profile if you match their filters and have visibility enabled. No one sees your exact GPS coordinates.
5.3 Public authorities
Data shared with judicial or administrative authorities only when required by law (Art. 6.1.c GDPR).
5.4 Extra-EU transfers
Governed by SCC (Twilio, Expo), EU-US DPF (Apple, Google), and technical anonymisation (Mapbox). All transfers via HTTPS/TLS 1.3.
6. Data retention periods
| Data category | Retention period | Deletion trigger |
|---|---|---|
| Active account and profile | Until deletion, or 2 years of inactivity | User request / automated job |
| Special category data (Art. 9) | Simultaneously with account | Account deletion or manual removal |
| Current GPS position | While account is active (single document) | Account deletion / position deactivation |
| Profile photos | Until manual removal or account deletion | User action / account deletion |
| Chat messages | 6 hours from sending | Scheduled automated job |
| OTP codes | 5 minutes from generation | Automatic MongoDB TTL |
| Refresh tokens | 30 days from issue | Logout / rotation / expiry |
| Access and security logs | 12 months | Scheduled automated job |
| Push tokens | While account is active | Account deletion / permission revocation |
| Deleted account (soft-delete) | 30 days from deletion | Automatic permanent deletion |
| System backups | 90 days | Automatic overwriting |
7. Security measures
- All communications via HTTPS/TLS 1.3
- JWT with automatic rotation (access: 15 min, refresh: 30 days)
- Tokens stored in iOS Keychain / Android Keystore
- Input validation with Joi (backend) and Zod (frontend)
- Rate limiting: 30 req / 5 min per IP on auth endpoints
- GPS privacy offset always applied before any geographic comparison
- Fixed local proximity and server-side blocking designed to limit unwanted visibility and interactions
- Automatic PII redaction in all server logs
- Data breach notification to Garante within 72 hours (Art. 33); affected users notified without undue delay (Art. 34)
8. Your rights (Arts. 15โ22 GDPR)
| Right | Content | How to exercise it |
|---|---|---|
| Access (Art. 15) | Copy of all data we hold about you | Email: "GDPR Data Access Request" |
| Rectification (Art. 16) | Correction of inaccurate data | In-app profile edit or email |
| Erasure (Art. 17) | Account and all associated data deleted | Settings โ Delete account, or email |
| Portability (Art. 20) | Data export in JSON format | Email: "GDPR Data Portability Request" |
| Objection (Art. 21) | Stop processing based on legitimate interest | Email specifying the contested processing |
| Restriction (Art. 18) | Temporary freeze of processing | Email to privacy@ibimeet.com |
| Withdrawal of consent | Withdraw consent for location, sensitive data, marketing | In-app (Settings) or email |
| Complaint (Art. 77) | Report to supervisory authority | See below |
Complaint to the supervisory authority
Garante per la Protezione dei Dati Personali (Italian
Data Protection Authority)
Piazza Venezia, 11 โ 00187 Rome, Italy
Email:
garante@gpdp.it ยท
Website:
www.garanteprivacy.it
You may also lodge a complaint with the supervisory authority of your country of residence within the EU.
9. Profiling and automated decisions
IBI uses automated logic to suggest profiles based on neighbourhood, local proximity, age range, gender preferences, and shared interests. This is not an automated decision with legal or significant effects (Art. 22 GDPR). No advertising profiling. No IDFA or GAID collected.
10. Minimum age
IBI is reserved exclusively for adults aged 18 or over. Access is denied to minors at registration. Report underage accounts to privacy@ibimeet.com.
11. Features under development
Premium features and advanced push notifications are not yet available and will be subject to an updated notice at launch.
12. Changes to this policy
Material changes: at least 15 days' notice via in-app banner and/or email. Continued use after the effective date constitutes acceptance.
13. Transfer to another legal entity
We reserve the right to transfer data processing to a future company (e.g. IBI S.r.l.) owned or controlled by Gianni Campana, with 30 days' notice to users, maintaining all current protections. Acquisition by unrelated third parties requires your explicit consent.
14. Contact
Privacy / GDPR:
privacy@ibimeet.com
General support:
support@ibimeet.com
Policy compliant with EU Regulation 2016/679 (GDPR), Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, and the Guidelines of the Garante per la Protezione dei Dati Personali.