Privacy Policy — IBI

Last updated: April 21, 2026 · Version: 1.0 · Notice pursuant to Art. 13 of EU Regulation 2016/679 (GDPR)

1. Data Controller

Gianni Campana
Domiciled in Milan (MI), Italy
Email: privacy@ibimeet.com

A Data Protection Officer (DPO) has not been appointed, as the conditions for mandatory appointment under Art. 37 GDPR are not met.

For any request relating to your personal data, write to: privacy@ibimeet.com
We will respond within 30 days (Art. 12.3 GDPR), normally within 7 business days.

2. Categories of data processed

2.1 Identification and contact data

Name (or nickname) — identification in the public profile
Phone number — authentication via SMS OTP
Email address — optional; used for alternative access and service communications
Date of birth — to verify the minimum age requirement (18 years) and calculate age displayed in the profile

2.2 Profile data

Height — optional field, visible in the profile
City and neighbourhood — approximate geographic area, not an exact address
Profession — optional field
Family plans — optional field
Relationship type sought — e.g. serious, casual, friendship (optional, configurable visibility)
Profile photos — 1 to 6 images uploaded directly by you
Interests — selection from predefined categories
Distinctive features — hair, glasses, tattoos, piercings, accessories, beard (all optional)
Approach preferences — how you prefer to be approached in person (optional)
Preferred age range — minimum and maximum age of people you want to meet

2.3 Special category data (Art. 9 GDPR)

Gender identity and sexual orientation

Gender identity: man, woman, non-binary, genderfluid, other
Sexual orientation (implicit): inferred from your "interested in" preference field

Lifestyle habits

Relationship with smoking
Relationship with alcohol
Relationship with marijuana
Relationship with recreational substances

This information is not mandatory. By selecting "prefer not to say" for all fields, no data in this category is transmitted or stored.

Legal basis: Explicit consent under Art. 9.2.a GDPR.

2.4 Geolocation data

Real-time GPS position — geographic coordinates detected by your device
Home neighbourhood — determined by the backend
Visibility level — one of 3 levels chosen by you (see section 4.2)
Accuracy metadata — GPS signal precision in metres
Last position timestamp

Background location: the app can detect your location when not in the foreground, subject to your explicit OS-level authorisation. You can revoke this at any time in device settings.

How we protect your position: privacy offset always applied (never exact coordinates); no user sees your exact GPS coordinates; position stored as a single document (current position only).

Legal basis: Consent (Art. 6.1.a) + Legitimate interest (Art. 6.1.f) for proximity matching.

2.5 Messaging data

Text messages and timestamps. Messages are retained for 6 hours on the server, then automatically deleted. End-to-end encryption is not implemented.

Legal basis: Performance of contract (Art. 6.1.b).

2.6 Technical and system data

JWT access token, refresh token
Operating system type and version
App version, IP addresses, access logs
OTP codes (5 minutes retention), push tokens, OAuth tokens

3. Purposes and legal bases

Purpose	Data categories	Legal basis
Authentication	Phone, email, OTP, JWT	Performance of contract — Art. 6.1.b
Profile management	Name, age, height, city, photos	Performance of contract — Art. 6.1.b
Proximity matching	GPS position, neighbourhood, visibility level	Consent — Art. 6.1.a + Legitimate interest — Art. 6.1.f
Compatibility search	Orientation, gender, age range, interests	Contract — Art. 6.1.b + Explicit consent — Art. 9.2.a
Messaging	Message text, timestamps	Performance of contract — Art. 6.1.b
Push notifications	Device token	Consent — Art. 6.1.a
Security and fraud prevention	IP, device ID, access logs	Legitimate interest — Art. 6.1.f + Legal obligation — Art. 6.1.c
Service improvement	Preferences, interests, anonymous aggregated data	Legitimate interest — Art. 6.1.f
Service communications	Email (if provided)	Performance of contract — Art. 6.1.b
Marketing (explicit consent only)	Email	Consent — Art. 6.1.a

4. How the proximity system works

4.1 The principle

IBI shows profiles of people genuinely close to you right now by comparing GPS positions within the same neighbourhood area.

4.2 The three visibility levels

Level	Name	Who sees you	Maximum distance
1	QUARTIERE	Only users in the same neighbourhood	No distance filter
2	ZONA	Users in the same neighbourhood within 2 km	≤ 2 km
3	LOCALE	Users in the same neighbourhood within 500 m	≤ 500 m

4.3 The privacy offset

Your exact address is never shared. A random offset is applied before any comparison: ±150 m (QUARTIERE), ±75 m (ZONA), ±20 m (LOCALE).

4.4 "I Saw You" feature

When two users are physically in the same place, the system may send an "I saw you" notification. Only works if both users have location enabled; no exact position is revealed.

5. Who we share your data with

5.1 Data processors

Provider	Service	Data shared	Location	Safeguards
Twilio Inc.	SMS OTP	Phone number, OTP code	USA (Virginia)	DPA in ToS + SCC (Decision 2021/914)
Twilio SendGrid	Email OTP	Email address, OTP code	USA	DPA in ToS + SCC
Expo Inc.	Push notifications	Device token, notification content	USA (California)	ToS + SCC
MongoDB, Inc.	Database + photo storage (GridFS)	All profile data, messages, location, photos	EU — AWS Frankfurt (eu-central-1)	MongoDB DPA (Oct. 2024) in ToS. No extra-EU transfer.
Apple Inc.	Sign in with Apple	OAuth token, email (optional)	USA/Ireland	EU-US DPF — Adequacy Decision 2023
Google LLC	Sign in with Google	OAuth token, email, name	USA	EU-US DPF — Adequacy Decision 2023
Mapbox Inc.	Map rendering	Anonymous map requests only	USA	SCC + anonymisation: no personal data transmitted

5.2 Other app users

Other active users in your area can see your public profile if you match their filters and have visibility enabled. No one sees your exact GPS coordinates.

5.3 Public authorities

Data shared with judicial or administrative authorities only when required by law (Art. 6.1.c GDPR).

5.4 Extra-EU transfers

Governed by SCC (Twilio, Expo), EU-US DPF (Apple, Google), and technical anonymisation (Mapbox). All transfers via HTTPS/TLS 1.3.

6. Data retention periods

Data category	Retention period	Deletion trigger
Active account and profile	Until deletion, or 2 years of inactivity	User request / automated job
Special category data (Art. 9)	Simultaneously with account	Account deletion or manual removal
Current GPS position	While account is active (single document)	Account deletion / position deactivation
Profile photos	Until manual removal or account deletion	User action / account deletion
Chat messages	6 hours from sending	Scheduled automated job
OTP codes	5 minutes from generation	Automatic MongoDB TTL
Refresh tokens	30 days from issue	Logout / rotation / expiry
Access and security logs	12 months	Scheduled automated job
Push tokens	While account is active	Account deletion / permission revocation
Deleted account (soft-delete)	30 days from deletion	Automatic permanent deletion
System backups	90 days	Automatic overwriting

7. Security measures

All communications via HTTPS/TLS 1.3
JWT with automatic rotation (access: 15 min, refresh: 30 days)
Tokens stored in iOS Keychain / Android Keystore
Input validation with Joi (backend) and Zod (frontend)
Rate limiting: 30 req / 5 min per IP on auth endpoints
GPS privacy offset always applied before any geographic comparison
Automatic PII redaction in all server logs
Data breach notification to Garante within 72 hours (Art. 33); affected users notified without undue delay (Art. 34)

8. Your rights (Arts. 15–22 GDPR)

Right	Content	How to exercise it
Access (Art. 15)	Copy of all data we hold about you	Email: "GDPR Data Access Request"
Rectification (Art. 16)	Correction of inaccurate data	In-app profile edit or email
Erasure (Art. 17)	Account and all associated data deleted	Settings → Delete account, or email
Portability (Art. 20)	Data export in JSON format	Email: "GDPR Data Portability Request"
Objection (Art. 21)	Stop processing based on legitimate interest	Email specifying the contested processing
Restriction (Art. 18)	Temporary freeze of processing	Email to privacy@ibimeet.com
Withdrawal of consent	Withdraw consent for location, sensitive data, marketing	In-app (Settings) or email
Complaint (Art. 77)	Report to supervisory authority	See below

Complaint to the supervisory authority

Garante per la Protezione dei Dati Personali (Italian Data Protection Authority)
Piazza Venezia, 11 — 00187 Rome, Italy
Email: garante@gpdp.it · Website: www.garanteprivacy.it

You may also lodge a complaint with the supervisory authority of your country of residence within the EU.

9. Profiling and automated decisions

IBI uses automated logic to suggest profiles based on neighbourhood, age range, gender preferences, and shared interests. This is not an automated decision with legal or significant effects (Art. 22 GDPR). No advertising profiling. No IDFA or GAID collected.

10. Minimum age

IBI is reserved exclusively for adults aged 18 or over. Access is denied to minors at registration. Report underage accounts to privacy@ibimeet.com.

11. Features under development

Discovery Feed, premium features, and advanced push notifications are not yet available and will be subject to an updated notice at launch.

12. Changes to this policy

Material changes: at least 15 days' notice via in-app banner and/or email. Continued use after the effective date constitutes acceptance.

13. Transfer to another legal entity

We reserve the right to transfer data processing to a future company (e.g. IBI S.r.l.) owned or controlled by Gianni Campana, with 30 days' notice to users, maintaining all current protections. Acquisition by unrelated third parties requires your explicit consent.

14. Contact

Privacy / GDPR: privacy@ibimeet.com
General support: support@ibimeet.com

Policy compliant with EU Regulation 2016/679 (GDPR), Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, and the Guidelines of the Garante per la Protezione dei Dati Personali.