Privacy Policy

Last updated: June 2026. This policy discloses how Hangout collects and processes your location, profile, and device data.

1. Geolocation Data Processing

Because Hangout is a proximity-based social discovery app, we require access to your device's location. Here is exactly how we use it:

  • Proximity Queries: When you open the feed, the app sends your current coordinates (latitude/longitude) to query activities within a user-defined radius (default 10 km, up to 50 km).
  • Storage: Your coordinates are stored as a GeoJSON Point inside our database using standard 2dsphere indexing.
  • Disclosure Limit: To protect your safety, your exact geographic coordinates are **never** shown publicly to strangers. Other users only see your approximate distance (e.g., "0.8 km away"). Your exact location coordinates are only disclosed to another member once a host accepts a join request or you accept a request to join your hangout.

2. User Authentication and Profile Syncing

We use Firebase Authentication (Email/Phone) to verify your account identity. Upon registration, we collect:

  • Your name, email address, phone number, age, and gender preferences.
  • An introductory bio and interest keywords (Persona) used to match you with relevant activities.
  • Your account verification status (Aadhaar or DigiLocker status flags). We only track verification status (Verified/Pending/Unverified) rather than storing raw documentation.

3. Anti-Abuse and Device Fingerprinting

To enforce safety policies and prevent individuals who violate terms (harassment, stalking, or scams) from evading bans, we perform device-level tracking:

  • Device Fingerprint: We compute a secure cryptographic hash using your device's unique hardware identifier (UUID) and platform details.
  • Association: This hash is synced to your user profile. If a user is banned for severe policy violations, their device fingerprint is permanently blacklisted to block them from creating new accounts on that device.

4. Trust Metrics & Accountability Records

To keep community meets safe and dependable, we maintain a public trust score:

  • Reliability Score: Calculated dynamically (0-100%) based on attendee feedback. Stars (1-5) are scaled to trust values. Positive reviews increase your score, while reported no-shows deduct 10 points.
  • Strikes Log: Violations and confirmed no-shows record behavioral strikes. Accumulating 3 strikes results in a temporary 7-day auto-ban and flags the account for moderator inspection.

5. Data Retention & Deletion

We retain your account details as long as you maintain an active profile. You can trigger an account deletion from your profile settings screen at any time. When deleted, your profile data, chat messages, and location history are soft-deleted instantly and permanently pruned from active collections within 30 days. Cryptographic hashes of banned device fingerprints are retained indefinitely to enforce safety exclusions.