Privacy Policy

Last updated 22 April 2026

This Privacy Policy explains how Buddy collects, uses, and protects your information. It applies to the Buddy iOS app and related services.

01Data we collect

• Account information: email (or Apple / Google sign-in identifier), display name, date of birth, optional profile photo.
• User content: posts, chat messages, photos, and reactions you submit.
• Device data: device token for push notifications (APNs), app version, and OS version for support purposes.
• Usage data: basic server logs (IP address, timestamps, requested endpoints) retained for security and debugging.

02How we use your data

• To create and operate your account.
• To deliver your posts and messages to other users.
• To send push notifications for new messages you opted into.
• To moderate content and respond to abuse reports.
• To comply with legal obligations and enforce our Terms.

03Legal bases (EEA / UK users)

We rely on the following legal bases under GDPR / UK GDPR: (a) performance of a contract (Article 6(1)(b)) to provide the service you requested; (b) legitimate interests (Article 6(1)(f)) for security, fraud prevention and product improvement; (c) your consent (Article 6(1)(a)) where required, such as for push notifications.

04Sharing

We do not sell your personal data. We share limited data with:

• Apple Push Notification service (APNs) to deliver push notifications.
• Our VPS hosting provider to operate the backend.
• Cloudflare for DNS and reverse-proxy services.
• Law enforcement when required by valid legal process.

05Data retention

Account and content data are retained while your account is active. When you delete your account from within the app, we delete your personal profile data and content within 30 days, except where retention is required by law. Backups are rotated every 90 days.

06Your rights

Depending on where you live, you may have the right to access, correct, delete, export, or restrict processing of your personal data. To exercise these rights, contact cheangalang@gmail.com. In the app, you can delete your account at any time from the profile screen.

07Children

Buddy is not intended for users under 17. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will remove it.

08Security

Traffic between the app and our servers is encrypted with TLS. Passwords (where applicable) are hashed with a secure algorithm. No method of transmission or storage is 100% secure; we follow industry best practices to protect your data.

09International transfers

Our servers are located in the United Kingdom. If you access the app from outside the UK, your data will be transferred to and processed in the UK under the safeguards required by applicable law.

10Changes

We may update this policy from time to time. Material changes will be announced in the app with a revised “last updated” date.

11Contact

Data controller: Marco Cheang, contactable at cheangalang@gmail.com.