Privacy Policy

1. Introduction

Welcome to Synceria, a Vibin LLC company ("Synceria," "we," "us," or "our"). Synceria is a US-only, 18+ dating service available on iOS and Android. This Privacy Policy explains how we collect, use, share, and protect information when you use our mobile application and related services (collectively, the "Service").

By using Synceria, you agree to this Privacy Policy. If you do not agree, do not use the Service.

2. Information We Collect

We collect the following categories of information:

• Account identifiers: Email address, user ID, login metadata
• Profile and photos: Name, bio, age/DOB, pronouns, gender, preferences, and profile photos
• Sensitive data: Precise location (lat/lng), gender identity, sexual orientation, ethnicity, religious preferences, political preferences, substance use preferences (drinking, smoking, cannabis), sex drive, and other optional profile attributes
• Matching and activity data: Swipes, likes, matches, passes, blocks, and interaction history
• Communications: Chat data is handled by Stream (GetStream); reports and support messages are stored by us
• Device and app data: Device identifiers, OS/app version, IP address, push tokens, and diagnostic logs
• Subscription data: Subscription status and entitlements via RevenueCat, Apple, and Google
• Analytics and telemetry: Usage analytics, screen navigation tracking, and error/exception data via PostHog; native crash reports and stack traces via Sentry
• Safety and moderation: Reports, moderation actions, and photo moderation signals (Google Cloud Vision)
• Third-party authentication: If you choose to sign up or log in using "Sign in with Apple" or "Sign in with Google," we receive certain basic profile information from the respective provider. This may include your name, verified email address, and a unique identifier. We do not obtain your password from Apple or Google. We use this information to create and authenticate your Synceria account. You can control the personal data shared with us through your Google or Apple account settings.

Marketing emails are on hold; we do not send marketing emails at launch. We do not run ad networks or targeted advertising at launch.

3. Sources of Information

We collect information from:

• You: Information you provide during onboarding or in your profile
• Your device: App usage, device data, and location (with permission)
• Third parties: Spotify (public artist search API only — we do not authenticate your Spotify account or receive any Spotify user data), Apple/Google (subscriptions), RevenueCat (subscription status), Stream (chat), PostHog (product analytics), Sentry (crash reporting and error diagnostics)
• Authentication providers: We obtain information from Apple and Google when you authorize us to authenticate using their identity services. The information we receive is limited to what is necessary to verify your identity and log you into Synceria. We do not collect additional data from these providers without your permission.

4. How We Use Your Information

We use your information to:

• Provide and maintain the Service, including matching and discovery
• Enable communication between matched users
• Personalize your experience and improve the Service
• Operate subscriptions and account billing
• Send transactional notifications (matches, messages, account updates)
• Detect, prevent, and respond to fraud, abuse, and safety issues
• Provide customer support and respond to requests
• Measure performance and improve reliability (analytics/telemetry)
• Comply with legal obligations and enforce our Terms

5. How We Share Information

We share information in the following circumstances:

• With other users: Your profile and content appear to potential matches
• With authentication providers: When you choose to sign in with Apple or Google, those providers may know that you are signing into Synceria. We do not share your Synceria profile details back to Apple or Google except as required to facilitate authentication and comply with their developer terms.
• Service providers: Vendors who help us operate the Service, including:

• Supabase (auth, database, storage, Edge Functions)
• Stream (GetStream) for chat
• RevenueCat plus Apple/Google for subscription management and billing
• Spotify for music integration (public artist search API only — no Spotify user authentication, no Spotify account data or PII is collected or shared)
• PostHog for analytics, screen navigation tracking, and error logging
• Sentry for native crash reporting and error diagnostics (anonymous device and error data only; no email addresses or personal identifiers are sent to Sentry)
• Expo for push notification routing; Apple Push Notification service (APNs) and Google Firebase Cloud Messaging (FCM) as the final-delivery endpoints (these services receive your device push token and notification content to deliver notifications to your device)
• Google Cloud Vision for photo moderation
• Upstash Redis for rate limiting and caching (non-PII infrastructure data such as request counters; no personal information is stored)
• Resend for transactional email delivery (account deletion confirmations)

We may also share information to comply with law, protect safety, or as part of a business transaction. We do not sell your personal information.

Data location: Your data is stored and processed in the United States. Our primary infrastructure provider (Supabase) hosts data on AWS us-east-1 in Virginia. All other service providers listed above also process data in the United States. Our service providers may engage their own sub-processors to assist in providing their services; their current sub-processor lists are available on their respective websites.

6. Sale/Share for Targeted Advertising

Synceria does not sell or share personal information for targeted advertising, and we do not run ad networks at launch. If this changes, we will update this policy and provide required opt-out options.

7. Sensitive Data

We collect the following categories of sensitive personal information, depending on what you choose to share:

• Gender identity and sexual orientation — required for matching. You select these during onboarding to help us show you relevant profiles.
• Precise location — required for distance-based matching (with your device permission).
• Ethnicity — optional. You may choose "Prefer not to say."
• Religious preferences — optional. You may choose "Do Not Display."
• Political preferences — optional. You may choose "Do Not Display."
• Substance use preferences (drinking, smoking, cannabis) — optional. You may choose "Do Not Display."
• Sex drive — optional. You may choose "Do Not Display."

All optional sensitive fields can be skipped entirely during onboarding or changed at any time in your profile settings. By choosing to provide optional sensitive information, you consent to its processing for profile display and matching personalization. You may withdraw this consent at any time by removing the information from your profile or selecting "Prefer not to say" or "Do Not Display."

8. Data Retention

We retain information only as long as needed for the purposes described.

• Account deletion: Profiles are hidden immediately; most data is deleted within 30 days, subject to retention exceptions
• Safety retention: Limited data may be retained for up to 90 days after account closure for safety, fraud, or legal defense
• Banned accounts: Minimal identifiers and evidence may be retained for up to 2 years for abuse prevention and appeals
• Chat: Chat messages are hosted by Stream (GetStream). When a match is dissolved (unmatch), the chat channel is no longer accessible to either user. When you delete your account, all your chat data — including messages, channels, and user metadata — is permanently deleted from Stream as part of our account deletion pipeline
• Unverified accounts: Deleted after 7 days
• Data export logs: Retained for 90 days
• Discovery views: Retained for 30 days
• Swipe history (non-matches): Retained for 90 days
• Unmatched matches: Deleted after 48 hours
• Spotify artist cache: 24-48 hours
• Analytics data (PostHog): Retained according to configured retention period (currently 90 days)
• Crash and error data (Sentry): Auto-expires within 30-90 days

Support, feedback, and moderation records may be retained longer when necessary to resolve issues or meet legal obligations.

9. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security audits and monitoring
• Employee training on data protection

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

10. Your Rights and Choices

You may have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Portability: Export your data in a portable format
• Opt-out: Opt out of sale/share or targeted advertising (if applicable)
• Appeal: Appeal a denied privacy request

To exercise these rights, email admin@vibinllc.com with the subject line "Privacy Request," or submit a deletion request at synceriaapp.com/delete-account. We may verify your identity before responding. You can appeal decisions by emailing the same address with the subject line "Privacy Appeal."

We do not discriminate against users for exercising privacy rights. Authorized agents may submit requests on your behalf where permitted by law.

Revoking third-party sign-in: You may disconnect your Google or Apple account from Synceria at any time by accessing the account settings within the app or through the respective provider's account-management portal. If you disconnect your third-party login or delete your Synceria account, the authentication tokens we hold for Google or Apple will be deleted within 30 days.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know what personal information we collect and how it is used
• Right to delete your personal information
• Right to correct inaccurate personal information we hold about you
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to limit the use of sensitive personal information (such as gender identity and dating preferences) to purposes necessary for providing our services
• Right to non-discrimination for exercising your privacy rights

Sensitive personal information & service delivery: Synceria is a dating application whose core functionality depends on certain sensitive personal information. We distinguish between two categories:

• Required for service delivery (CPRA §1798.121(b) exception): Precise location, gender identity, and sexual orientation are essential to our matching services and cannot be limited while maintaining an active account.
• Optional, consent-based: Ethnicity, religious preferences, political preferences, substance use preferences, and sex drive are entirely optional. Your consent is given when you choose to provide this information during profile setup. You may withdraw consent at any time by removing these fields, choosing "Prefer not to say," or selecting "Do Not Display" in your profile settings.

If you wish to stop all use of your sensitive personal information, you may delete your account at any time through the app (Settings > Account > Delete Account) or at synceriaapp.com/delete-account.

How to submit a request: You may exercise any of these rights by contacting us at admin@vibinllc.com or by submitting a request through the app (Settings > Privacy). You may also submit a privacy or deletion request at synceriaapp.com/delete-account. Web-based privacy requests support email verification for faster processing.

Response timeline: We will acknowledge your request within 10 business days and provide a substantive response within 45 calendar days of receiving your verifiable request. If we need additional time, we will notify you of the reason and extension period, which will not exceed an additional 45 calendar days.

Categories of personal information collected: In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email, user ID); personal information categories listed in Cal. Civ. Code 1798.80(e) (name, address); characteristics of protected classifications (age, gender, sexual orientation); internet or other electronic network activity information (app usage data, interactions); geolocation data (precise location); audio, visual, or similar information (profile photos); inferences drawn from the above (matching preferences). We disclose personal information to our service providers listed in Section 5 for business purposes. We do not sell personal information.

12. Consumer Health Data (WA/NV)

If you are a Washington or Nevada resident, you can review our Consumer Health Data Privacy Policy at synceriaapp.com/consumer-health-data.

13. Account Deletion & Data Export

You can delete your account in the app at any time. Deletion is scheduled within 30 days and your profile is hidden immediately. If you cannot access the app, submit a request at synceriaapp.com/delete-account.

We provide data exports in a machine-readable format through the app. We may use secure, time-limited download links. Chat history is hosted by Stream (GetStream) and is included in the account deletion pipeline. When your account is deleted, all your chat data is permanently deleted from Stream.

14. Children's Privacy

Synceria is not directed at children under 13 and is restricted to users who are 18 years of age or older. We do not knowingly collect personal information from children under 13 or any minor under 18. If we learn that we have collected personal information from a child under 13 or any minor, we will delete that information promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the app and updating the "Last updated" date. We may require re-acceptance for material changes.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: