Privacy policy
Last updated: 2026-05-24
This Privacy Policy explains what Mately collects, why it is used, and the controls available to you. It applies to the app, website, backend services, notifications, safety systems, and all related tools.
Information we collect
We collect only what is necessary to provide a safe, functional, and private social platform:
- Account information: Username, display name, email address, phone number, profile photo, date of birth (for age verification), language preference, theme preference, and account settings.
- Content you share: Posts, vclips, stories, photos, videos, audio tracks, comments, captions, and any other media or text you upload or create within the app.
- Communication data: Message metadata (sender, receiver, timestamps, delivery state, device records) needed to deliver direct and group messages. End-to-end encrypted messages use the Signal Protocol (X3DH + Double Ratchet) and cannot be decrypted by the server.
- Call data: WebRTC call logs (participants, duration, timestamps) for voice and video calls. Call media is peer-to-peer and not stored on our servers.
- Device and session data: IP address, device model, operating system version, app build number, session tokens, login timestamps, and multi-device session records for authentication, security, and abuse prevention.
- Notification data: Push notification tokens, notification preference categories, and quiet-hours settings to deliver requested notifications.
- Reports and support: Content you submit when reporting users, posts, or messages, appeal requests, DMCA takedown notices, and any communications with the support team.
- Payment data: Payment or subscription status from app-store or payment providers. Mately does not store full card details.
- Usage data: Aggregated, non-personal information about feature usage and performance used solely to improve the app.
End-to-end encrypted messages
Mately uses the Signal Protocol (X3DH key agreement + Double Ratchet algorithm) to encrypt direct and group messages. Encryption keys are generated and stored on your device. The server stores encrypted message payloads and routing metadata, but cannot decrypt message text or media. Call signaling uses encrypted channels, while call media is transmitted peer-to-peer via WebRTC. Some metadata is still needed for delivery, abuse prevention, account security, and diagnostics.
How we use your information
- To create accounts, deliver posts, messages, groups, stories, notifications, calls, support replies, and subscription features.
- To keep the platform safe by detecting spam, abuse, fake accounts, suspicious login activity, rapid-repeat abuse patterns, and policy violations.
- To improve reliability, performance, media upload limits, crash handling, and user support.
- To process data export requests, account deletion workflows, and DMCA takedown requests.
- To comply with law, enforce terms, protect users, and respond to valid legal or safety requests.
- To send essential service communications: app update notices, moderation results, account status changes, and security alerts.
How we share information
We do not sell your personal information. We share data only in these limited circumstances:
- With your consent: When you choose to make content public (posts, vclips, profile, stories).
- With service providers: Third-party services we rely on to operate the platform, such as cloud storage, push notification delivery, and email delivery. These providers are contractually bound to use data only for the services we request.
- To comply with law: When required by applicable law, legal process, or government request, and only to the extent legally required.
- To protect rights and safety: To enforce our Terms, protect the rights, property, or safety of users, or respond to an emergency.
Your privacy controls
- Profile and settings: You can update profile details, privacy settings, notification preferences (including quiet hours and category toggles), theme, language, chat lock settings, and account security settings in the app.
- Reports and appeals: You can report users or content, submit appeals, and submit bug or feature requests from Help and app info.
- Session management: You can view and revoke active sessions across devices from device activity settings.
- Chat lock: You can enable app-level authentication to protect sensitive conversations.
- Data export and deletion: You can request data export or account deletion through the app with OTP-verified confirmation.
- Withdraw consent: You can disable optional permissions (notifications, camera, microphone, storage) through your device settings at any time.
Data retention
- Account data: Retained for as long as your account is active. After deletion, personal data is scheduled for permanent erasure within 30 days. Phone numbers are retained in hashed form to prevent re-registration within the grace period.
- Content: Posts, vclips, stories, comments, and media remain visible according to your privacy settings until you delete them. Stories expire automatically after their configured duration (typically 24 hours). Deleted content may be retained in backups for a limited period.
- Messages: Delivered messages are stored for retrieval by recipients. Encrypted message payloads persist until deleted by all parties. Message delivery records and metadata are retained for service operation and abuse prevention.
- Session data: Session tokens and device information are retained until logout or session expiry. Multi-device session records are managed through OTP-verified device registration.
- Reports and moderation data: Retained for safety and audit purposes, typically for 90 days or longer if related to an active investigation, appeal, or legal hold.
- Usage analytics: Aggregated and retained in de-identified form.
Data security
We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS 1.3), end-to-end encryption for messages, server-side access controls, rate-limited authentication, suspicious login detection, regular security reviews, and secure credential storage. Multi-device sessions require OTP verification.
Children's privacy
Mately is not intended for users below the minimum age requirement (typically 14 years old, or as determined by local law). We do not knowingly collect information from children under this age. If we become aware that a user is below the minimum age, we will take steps to delete their account and data.
International data transfers
Your information may be stored and processed in servers located in different countries. When data is transferred across borders, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms where required by applicable law.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated through the app or website via update notices. The "Last updated" date at the top of this page reflects the most recent revision.
Contact
For privacy questions, data requests, or concerns, contact:
Email: anur46.cse@gmail.com
Address: Kanpur, Uttar Pradesh, India