Privacy Policy
Summary
This Privacy Policy explains what personal data Zunii collects, how that data is used and disclosed, and the rights and choices available to you. Zunii collects only the data required to provide the Service and does not sell your personal data.
1. Introduction & Scope
Zunii ("the App," "we," "us," or "our") is a social communication application that connects users with new people through real-time matching. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and how you can exercise your rights.
We are operated by Abhishek Olkha, residing at Inderpura, Udaipurwati, Jhunjhunu, Rajasthan 333307, India. Abhishek Olkha is the data controller responsible for your personal data.
This Policy applies to all Users of the Service, regardless of how you access or use it. By creating an account or using Zunii, you acknowledge that you have read, understood, and agree to the data practices described in this Policy. If you do not agree with our practices, please do not use the App.
This Policy should be read in conjunction with our Terms of Service and Community Guidelines, which are incorporated herein by reference.
2. Information We Collect
2.1 Information You Provide Directly
| Data Category | Specific Data | Purpose |
|---|---|---|
| Account Registration | First name, last name, email address, age, gender, country | Create and manage your account; verify eligibility; enable matching |
| Date of Birth (Transient) | Date of birth selected during registration | Used solely to calculate your age. Your date of birth is processed in-memory only and is never stored in any database, server, or local storage. Only your computed integer age is retained. |
| Profile Information | Profile photograph, display initials | Display to matched Users (at your discretion) |
| Authentication Credentials | Credentials via Apple Sign-In, Google Sign-In, or email/password | Secure authentication and Account access |
| Chat Content | Text messages, shared images, message reactions | Enable communication between matched Users |
| Community Content | Text posts, images and optional captions you post to the public Zunii Community feed, and the emoji reactions you add to community posts | Publish your content to the public community feed, visible to all Users of the App (see Section 4.1) |
| Reports & Support | Report category, reason, description; support request details; in-app feedback; feature suggestions; satisfaction ratings; device metadata (platform, OS version, device model, app version, build number, locale) automatically attached for debugging purposes | Safety enforcement; customer support; Service improvement |
| Consent Records | Which legal agreements you accepted (Terms of Service, Privacy Policy, Community Guidelines, and 18+ age confirmation) and a UTC timestamp. We do not record your IP address as part of the consent record. | Legal compliance; record-keeping |
| Privacy Preferences | Online status visibility settings ("Ghost Mode"), last seen visibility settings, auto-delete preference (30/60/90 days) | Apply your privacy and data lifecycle choices |
| Matching Preferences | Gender preference filter, age range filter, country filter | Match you with compatible Users |
2.2 Information Collected Automatically
| Data Category | Specific Data | Purpose |
|---|---|---|
| Device Information | Device type, manufacturer, model, operating system and version, app version, build number, language and locale settings, unique device identifiers (e.g., IDFV, Android ID) | App functionality; compatibility; debugging; security; optimise app performance |
| Advertising Identifiers | Android Advertising ID (AAID) on Android; Apple Identifier for Advertisers (IDFA) on iOS (only with your consent via App Tracking Transparency prompt) | Serve and measure advertisements (rewarded video and a chat-end interstitial); frequency capping |
| Usage Data | Features accessed, interactions, session duration, timestamps, screen views, daily match count, credits earned and spent, in-app actions, match search parameters, message counts | Service improvement; analytics; monetisation tracking; understand usage patterns |
| Analytics Properties | Derived properties sent to our analytics provider: gender, country, age group (e.g., "18 to 24," "25 to 34") | Aggregate analytics and user segmentation (not used for advertising targeting) |
| Network & Connection Data | IP address (collected by infrastructure providers as part of normal network operations, not stored directly in our application databases), network type (Wi-Fi/cellular) | Security; fraud prevention; routing requests; preventing abuse |
| Presence Data | Online/offline status, last seen timestamp (subject to your Ghost Mode settings) | Show activity status to your connections (controllable via Ghost Mode) |
| Screenshot & Image Save Events | Timestamp and occurrence of screenshot events and image saves during chats | Notify the other chat participant for transparency |
| Crash & Diagnostic Data | Crash logs, stack traces, error reports, performance metrics, and associated context (country as a custom key for regional crash diagnostics) | Debugging; Service stability; performance improvement; monitor app stability |
| Ad Interaction Data | Rewarded ad impressions, completion status, reward type granted | Monetisation; ad performance measurement |
| Subscription Status | Subscription plan, billing period, trial status, renewal status | Manage premium features, process subscriptions |
2.3 Subscription & Purchase Data
| Category | Specific Data | Purpose |
|---|---|---|
| Subscription Records | Subscription tier (free/premium), product ID (monthly/yearly), purchase timestamp, expiration date, renewal status, billing issue status | Manage your subscription; deliver premium features |
| RevenueCat Customer ID | A unique identifier linking your Zunii Account to your subscription record in RevenueCat | Subscription billing management |
We do NOT store your credit card number, bank account details, or other payment instrument data. All payment processing is handled by Google Play (Android) or the Apple App Store (iOS), and subscription management is handled by RevenueCat. We only receive purchase confirmation records.
2.4 Information from Third Parties
When you authenticate using Apple Sign-In or Google Sign-In, we receive the following from the respective provider:
- Basic profile information (name, email address);
- Authentication tokens; and
- Unique account identifiers.
We do not request or receive access to your contacts, photos, calendar, or other data from these providers beyond what is strictly necessary for authentication.
2.5 Information Stored Locally on Your Device
To improve performance and enable offline access, the App stores the following data locally on your device:
- Chat metadata and recent messages (for instant loading);
- Community feed posts you have seen (text, image references, captions and reaction counts), kept on your device so the feed loads instantly. You control how long cached community images are kept and the maximum cache size from Profile → Storage & Data, and you can clear them at any time;
- Cached peer profile information (name, initials, avatar, refreshed every 24 hours);
- Sync state data (to minimise network usage);
- Credit balances and ad cooldown timestamps (for monetisation features);
- Authentication preferences (e.g., saved email for "Remember Me" if enabled by you); and
- A local database cache maintained by Firebase Firestore for offline access, which may temporarily contain data from active chats and connections. This cache is cleared when you sign out.
Local data is stored in standard device storage and protected by your device's own security features (device encryption, screen lock). We do not apply additional application-level encryption to locally cached data. Signing out clears your session, the "Remember Me" credential, and the Firestore offline cache. Your locally cached chat history and community feed are kept on the device so they load instantly if you sign back in; you can clear cached media at any time from Profile → Storage & Data, and all local data is permanently and irreversibly deleted when you delete your Account.
2.6 Information We Do NOT Collect
- Precise GPS or geolocation data;
- Contacts or address book data;
- Photos or media library (beyond images you actively choose to share in chats, post to the community feed, or set as your profile picture);
- Biometric data;
- Credit card numbers, bank account details, or payment instrument data (payments processed by Google Play / Apple App Store);
- Health, political, or religious data (unless you voluntarily share it in chat, though we discourage this); or
- Data from other apps on your device.
Location Data
We collect your country for matching purposes. This is self-reported by you during registration. We do NOT collect, access, or process precise geolocation data (GPS coordinates), coarse location data, or continuous location tracking. We may derive approximate geographic region from your IP address solely for security, fraud prevention, and routing requests through our infrastructure providers' network.
3. How We Use Your Information
3.1 Providing & Operating the Service
- Create, authenticate, and manage your Account;
- Match you with other Users based on your selected preferences (age, gender, country) using our tiered matching pools (country → region → global);
- Enable real-time communication between matched Users via our real-time messaging service;
- Operate the public Zunii Community feed: publish the text and image posts you create to all Users, deliver others' posts to you, and record and display emoji reaction counts;
- Display your initials and, at your discretion, your name and photo to matched Users;
- Manage Connections, chat history, and connection expiry;
- Process and deliver subscription entitlements (premium features);
- Manage credits earned through rewarded advertisements (boost, filter, daily extension credits);
- Apply your privacy preferences (Ghost Mode, auto-delete settings); and
- Process Account deletion requests.
3.2 Advertising
- Serve opt-in rewarded video advertisements through Google AdMob when you voluntarily choose to watch them;
- Serve a single full-screen interstitial advertisement to non-subscribers at a natural break (when an ephemeral chat ends), subject to frequency limits;
- Measure ad performance (impressions, completions); and
- Grant credits to your account upon successful rewarded-ad completion.
Rewarded ads are always voluntary. You are never required to watch a rewarded ad to access core app functionality. You choose to watch them to earn credits for enhanced features (priority matching, filter unlocks, or additional daily matches).
Ad personalization. Advertisements are served by Google AdMob. Depending on your privacy choices (your response to Apple's App Tracking Transparency prompt on iOS, and your consent choice on Android), the ads Google shows may be personalized or non-personalized (contextual). If you decline tracking/consent, you receive non-personalized ads. You can change these choices at any time in your device's privacy settings. We do not ourselves build advertising profiles about you.
Reporting an ad. If you ever see an inappropriate advertisement, you can report it from Profile → Help & Support → Report an Ad. To make this possible, we store on your device only the reference ID, serving network, and timestamp of the most recent ad shown to you, never the ad's content. Each new ad overwrites the previous record. This information never leaves your device and is used solely to help you report the ad to Google through their official ad-report form; we do not transmit or retain it on our servers.
3.3 Subscription Management
- Process and verify subscription purchases via RevenueCat;
- Deliver premium features (increased daily matches, additional connections, priority matching, unlimited filters);
- Handle subscription lifecycle events (renewal, cancellation, expiration, billing issues); and
- Manage grace periods for billing issues.
3.4 Safety, Security & Integrity
- Review and act on User reports of Terms and Community Guidelines violations;
- Apply automated moderation actions (warnings, cooldowns, suspensions) based on report severity and frequency;
- Detect, investigate, and prevent fraud, abuse, and unauthorized access;
- Rate-limit actions to prevent spam and abuse;
- Enforce our Terms of Service and Community Guidelines;
- Protect the rights, safety, and property of our Users and the public;
- Respond to legal requests and comply with applicable law; and
- Detect, report, and remove Child Sexual Abuse Material (CSAM) in compliance with applicable laws, including reporting to NCMEC.
Content Moderation Disclosure
Text. To keep Zunii safe, outgoing messages are automatically checked on your device against a list of prohibited terms (such as hate slurs and child‑sexual terms). A message containing such a term is blocked from sending and remains in your input box so you can edit it. We do not otherwise proactively read or monitor the content of your messages; full message content is reviewed only when a User files a report through our in-app reporting system, after which we review it against our Terms of Service and Community Guidelines.
Images. Image sharing inside a chat is restricted to mutual Connections: both people must continue the chat and connect before either can send a picture. Chat images are transmitted over HTTPS, are not publicly indexed, and are automatically deleted from our servers within 24 hours of sending. Profile photos are stored until you replace or remove them. We review images when a User reports them; confirmed violations are removed and the responsible account is actioned under our Community Guidelines.
Community feed. The Zunii Community feed is a public space: any post (text, image, or caption) and any reaction you add is visible to all Users of the App, not just people you have matched with. Before a community post leaves your device, its text is checked against the same on-device prohibited-terms filter described above, and the server independently enforces length, duplicate, link, and spam limits. We do not otherwise proactively read community posts, but because they are public they can be reported by any User with a long press; reported posts are reviewed against our Terms and Community Guidelines, and confirmed violations are removed and the author actioned. Community posts cannot be edited or deleted by the author once published; they remain until they age out of the feed (we retain only the most recent posts and images, see Section 6) or are removed by us or by account deletion.
Child safety. Child Sexual Abuse Material (CSAM) is strictly prohibited. We remove and report confirmed CSAM to the National Center for Missing & Exploited Children (NCMEC) as required under 18 U.S.C. § 2258A.
3.5 Service Improvement & Analytics
- Analyse aggregated usage patterns and trends using Firebase Analytics;
- Manage feature availability and configuration using Firebase Remote Config;
- Develop, test, and deploy new features; and
- Diagnose and resolve technical issues.
3.6 Communications
- Send push notifications for new messages, connection requests, and chat events via Firebase Cloud Messaging;
- Send Service-related communications (Account verification, security alerts);
- Respond to your support requests and feedback; and
- Notify you of material changes to our Terms, Privacy Policy, or Community Guidelines.
What We Do Not Do With Your Data
- We do NOT sell, rent, or lease your personal information to third parties;
- We do NOT build our own advertising profiles about you, and we do NOT track you across other companies' apps or websites for our own marketing (Google may personalize the ads it serves based on your consent, see Section 3.2);
- We do NOT proactively read, access, or monitor the content of your messages, except (a) automated on-device filtering of prohibited terms when you send a message, and (b) when a User files a report, after which the reported content is reviewed by us; and
- We do NOT use your data for purposes incompatible with those stated in this Policy.
4. How We Share Your Information
4.1 With Other Users
| Information | Visibility |
|---|---|
| Initials (derived from your name) | Always visible to matched Users |
| Age, country, gender | Used for matching filters; not directly displayed |
| Full name (first and last) | Shared only if you affirmatively choose to share it |
| Profile photo | Shared only if you affirmatively choose to share it |
| Online status / last seen | Visible to Connections (unless you enable Ghost Mode) |
| Screenshot/image save events | Both participants are notified |
| Messages and images | Visible to your chat partner during active chats/Connections |
| Community posts (text, images, captions) | Public: visible to all Users of the App in the community feed |
| Community reactions (emoji) | Counted and displayed publicly on the post you reacted to; your individual reaction is not attributed to you by name |
| Community author identity | Your initials and profile photo are shown publicly next to your community posts. Your full name is never attached to community posts |
The Community Feed Is Public
Anything you post to the Zunii Community feed (text, images, captions, and the reactions you add) is public to every User of the App, not limited to people you have matched or connected with. Other Users can view, screenshot, save, or report your community posts. Do not post anything in the community feed that you would not want to be seen publicly or that reveals private information about yourself or others. Your posts are attributed to your initials and profile photo only; your full name is never shown on a community post.
4.2 With Service Providers
We share data with third-party service providers who process data on our behalf under contractual obligations to protect your data. See Section 5 for the full list.
4.3 For Legal Reasons
We may disclose your data to law enforcement, regulators, or other authorities where required by law, court order, or to protect the safety of our users and the public. This includes:
- Comply with applicable law, regulation, legal process, or enforceable governmental request;
- Respond to valid subpoenas, court orders, or other legal process;
- Protect the safety, rights, or property of Zunii, our Users, or the public;
- Investigate, prevent, or take action regarding violations of our Terms or applicable law;
- Report child exploitation material to NCMEC and law enforcement; and
- Respond to emergencies involving danger of death or serious injury.
4.4 We Do Not Sell Your Data
We do not sell your personal data to third parties. We do share advertising identifiers with ad partners for the purpose of serving rewarded video ads. See Section 5 and Section 8.5 for opt-out options.
4.5 Business Transfers
In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of assets, your personal information may be transferred. We will notify you via in-app notification and/or email before your information becomes subject to a different privacy policy. Your data will continue to be protected under substantially similar privacy terms.
4.6 Aggregated & De-Identified Data
We may share aggregated, de-identified, or anonymised information that cannot reasonably identify you for analytics, research, or business purposes.
5. Third-Party Services
We use the following third-party service providers. Each processes data subject to its own privacy policy. All third-party service providers listed below are bound by Data Processing Agreements (DPAs) that require them to process your data only as instructed by us and to implement appropriate technical and organisational security measures.
| Service | Provider | Purpose | Data Processed | Privacy Policy |
|---|---|---|---|---|
| Firebase Authentication | Google LLC | User authentication, account management | Email, password (hashed), auth tokens | Link |
| Cloud Firestore & Realtime Database | Google LLC | Data storage, real-time messaging, presence | User profiles, chat data, presence, connections | Link |
| Firebase Analytics | Google LLC | Usage analytics, user segmentation | Events, screen views, user properties (gender, country, age group), device data | Link |
| Firebase Crashlytics | Google LLC | Crash reporting, stability monitoring | Crash logs, stack traces, device info, custom keys (country) | Link |
| Firebase Cloud Messaging | Google LLC | Push notifications | Device token, notification content | Link |
| Firebase Remote Config | Google LLC | Feature flags and configuration | App instance identifiers, feature flag values | Link |
| Google AdMob | Google LLC | Rewarded and interstitial advertisements | Advertising ID (AAID/IDFA), ad interactions, device info, IP address | Link |
| RevenueCat | RevenueCat Inc. | Subscription billing management | User ID, subscription status, purchase receipts, entitlements | Link |
| Cloudflare (R2, D1, Workers, KV) | Cloudflare Inc. | Image storage and delivery, image lifecycle management, rate limiting, content delivery, edge security | Profile images, chat images, community feed images, image metadata, upload statistics | Link |
| Amazon Web Services (SES) | Amazon Web Services, Inc. | Transactional email (account-deletion verification codes; routing your feedback to support) | Email address; subject and body of the transactional email | Link |
| Self-managed servers (real-time messaging & matching) | Operated by us on third-party cloud infrastructure | Real-time chat delivery, presence, matching, the public community feed, and safety/standing enforcement | Chat messages, image references, presence, community posts and reactions, report and account-standing records | This Policy |
| Apple Sign-In | Apple Inc. | Optional social login; App Store billing | Authentication tokens, basic profile data, purchase records | Link |
| Google Sign-In | Google LLC | Optional social login; Google Play billing | Google account email, name, profile picture, authentication tokens, purchase records | Link |
6. Data Retention & Deletion
6.1 Retention Schedule
| Data Category | Retention Period | Deletion Method |
|---|---|---|
| Account & profile data | Until Account deletion or auto-delete expiry (30/60/90 days of inactivity, your choice) | Permanent deletion |
| Ephemeral chat messages | Deleted when the chat session ends | Automated server-side deletion |
| Connection chat messages | Until the Connection is removed by either User or expires (90 days of inactivity) | Permanent deletion on connection expiry or removal |
| Chat images (shared in conversations) | Deleted from our servers within 24 hours of upload | Automated scheduled cleanup |
| Profile images | Until replaced or account deleted; old images deleted within 24 hours of replacement | Permanent deletion from Cloudflare R2 |
| Community posts (text & image) | We retain only the most recent community posts on our servers (currently up to the newest 1,000). Older posts are automatically removed as new ones arrive. Copies you have already seen remain cached on your device under your Storage & Data settings. | Automated server-side retention sweep |
| Community images (bytes in storage) | We retain only the most recent community images (currently up to the newest 300) in Cloudflare R2. Older images are automatically evicted; the post then shows an "image no longer available" placeholder. | Automated scheduled eviction |
| Community reactions | Until the post is removed, ages out of the feed, or the reacting account is deleted | Automatic deletion with the post or account |
| Locally cached community items | Kept on your device per your Storage & Data settings (auto-delete cached community images: never/1 day/1 week/1 month; maximum cache size). Removed when you clear caches or delete your Account. | User-controlled; permanent local deletion on account deletion |
| Subscription records | Until account deleted | Automatic deletion |
| Credits & wallet data | Until account deleted | Automatic deletion |
| Content reports (filed by you) | Until account deleted | Deleted with Account |
| Content reports (filed against you) | Until account deleted (retained for enforcement history) | Deleted with Account |
| Child-safety (CSAE) report records | Up to 90 days as a legal hold, retained even if the account is deleted | Automatic deletion after the hold period |
| Consent & legal compliance records | Until account deleted | Automatic deletion |
| Feedback and suggestions | Until account deleted, or until you request deletion | Manual deletion upon request |
| Crash logs & diagnostic data | Per Firebase Crashlytics default (90 days) | Automated by Firebase |
| Analytics data | Per Firebase Analytics default (14 months for event data, 2 months for user-level data) | Automated by Firebase |
| IP address logs (infrastructure) | Per infrastructure provider retention policies (Firebase, Cloudflare) | Per provider policy |
| Ad interaction data | Managed by Google AdMob per their retention policy | Per Google's policy |
| Push notification tokens | Until logout, token invalidation, or Account deletion | Cleared on logout; cleaned daily for invalid tokens |
| Matching queue data | Minutes (transient, expires within 5 minutes) | Automatic expiry |
| Online status / presence | Real-time only; deleted on logout or Account deletion | Automatic |
| Local device cache | Until you sign out or delete your Account | Permanent deletion of local database |
| Image lifecycle records (metadata only) | 30 days after image deletion | Automated scheduled cleanup |
6.2 Account Auto-Delete
You may choose an auto-delete period of 30, 60, or 90 days (default: 90 days). If you do not open the App for your chosen period, your Account and all associated data will be automatically and permanently deleted. You will receive a warning when your Account approaches the danger zone (25% of your chosen period remaining). Opening the App renews your lease.
6.3 Connection Auto-Expiry
Connections automatically expire after 90 days of inactivity (no messages sent). You will receive a warning when a Connection has 20 or fewer days remaining. Sending a message renews the Connection lease.
6.4 Account Deletion
You can delete your account at any time through the App (Settings → Privacy & Security → Delete Account), our website at zunii.app/account/delete, or by emailing support@zunii.app. When you delete your Account, we permanently and irreversibly remove:
- Your profile information (name, photo, age, gender, country);
- Your authentication credentials and tokens;
- All chat history (ephemeral and Connection chats) and messages;
- All images (profile and chat images stored in Cloudflare R2);
- All of your community posts and the reactions you added, removed from our servers; your community images are removed from Cloudflare R2;
- Your Connections list;
- Your block list;
- Your reports (as the reporting User);
- Your subscription records and credits;
- Your push notification tokens;
- All real-time database records (inbox, presence, matching data, usage data, rate limits); and
- All local device data (SQLite database permanently deleted).
One narrow exception: where a report relating to child safety (CSAE) has been filed, we preserve the minimum related records for up to 90 days as a legal hold, even after the Account is deleted, before they are automatically deleted. This is necessary to support child-protection obligations.
Community posts after you delete your Account
When you delete your Account, your community posts and reactions are removed from our servers and your community images are removed from storage. If another User has already cached one of your posts on their own device, that local copy is outside our control; however, your identity is no longer associated with it. To everyone else the author is shown as "Deleted User" with no name and no photo. Your own locally cached community feed is permanently deleted along with the rest of your on-device data.
6.5 Deletion for Suspended or Restricted Accounts
Accounts that are suspended or in a cooldown period may have restricted self-service deletion within the App. However, you may still exercise your legal right to data deletion at any time by contacting privacy@zunii.app. We may retain limited data where legally required (e.g., for ongoing investigations, legal obligations, or to enforce our Terms), but we will inform you of any such retention and its legal basis. De-identified or aggregated data that cannot identify you may also be retained.
7. Data Security
We implement industry-standard technical and organisational measures designed to protect your personal information.
7.1 Technical Safeguards
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
- Encryption at Rest (Server-Side): Data stored on our servers (Firebase, Cloudflare) is encrypted at rest by our infrastructure providers using AES-256 or equivalent.
- Local Device Storage: Data cached on your device is stored in standard device storage and protected by your device's own security features (device encryption, screen lock). We do not apply additional application-level encryption to locally cached data.
- Secure Authentication: Passwords are hashed using industry-standard algorithms. OAuth 2.0 protocols with secure token management; token revocation on Account deletion.
- Access Controls: Role-based access with principle of least privilege. Access to user data is restricted to authorised personnel and services.
- Rate Limiting: API endpoints are rate-limited to prevent abuse.
- Image Security: Shared images are accessible via non-guessable URLs. Chat images are automatically deleted from our servers within 24 hours.
- Infrastructure Security: Firebase (SOC 2 Type II, ISO 27001) and Cloudflare maintain industry certifications.
- Restricted Data Stores: Production data stores (database, real-time message servers, image storage) are not publicly accessible and are reachable only by our authenticated backend services over secured channels (HMAC-signed internal requests; access-controlled databases).
- Screen Protection: The App includes screenshot prevention on Android and screen blur on iOS app switching to protect chat content.
7.2 Organisational Safeguards
- Regular security assessments and vulnerability testing;
- Documented incident response procedures;
- Data Processing Agreements with all sub-processors; and
- Regular review and update of security policies.
Important Encryption Notice: Chat messages are not end-to-end encrypted. Messages are encrypted in transit (TLS) and at rest on our servers (by infrastructure providers), but they are accessible to our systems for the purposes of service delivery and safety moderation as described in this Policy. No system is completely secure, and we cannot guarantee the absolute security of your data.
Your Responsibilities
No method of transmission or storage is 100% secure. You are responsible for keeping your credentials confidential, using strong passwords, exercising caution about what you share with other Users, and keeping your device updated. Report suspected unauthorised access to support@zunii.app immediately.
8. Your Rights & Choices
Depending on your jurisdiction, you have the following rights. We respond to valid requests within 30 days (45 days for complex requests).
8.1 Account Deletion
Delete your Account via the App (Profile → Delete Account), our web deletion page, or by emailing support@zunii.app. If your Account is suspended or in a cooldown period, you may still request data deletion by emailing privacy@zunii.app (see Section 6.5).
8.2 Data Access, Correction & Portability
View and update your profile directly in the App (Profile → Edit Profile). Request a copy of all data we hold, or a copy in a structured, machine-readable format (data portability), by contacting privacy@zunii.app. We will fulfil portability requests within 30 days.
8.3 Ghost Mode (Activity Status)
You can control your activity visibility in Settings → Privacy & Security:
- Show Activity Status: Toggle off to appear offline to all connections (Ghost Mode). When Ghost Mode is enabled, you also cannot see others' activity status.
- Show Last Seen: Toggle off to hide your last seen timestamp from connections.
8.4 Blocking
You can block any User from their profile or during a chat. Blocked users cannot match with you or contact you. You can manage your blocked list in Settings → Privacy & Security → Blocked Users.
8.5 Advertising Controls
- Rewarded ads are opt-in: You are never required to watch an advertisement. You choose when to watch a rewarded ad to earn credits.
- iOS (IDFA): We request your permission via Apple's App Tracking Transparency framework before accessing your IDFA. You can change this in iOS Settings → Zunii → Tracking, or your device's Settings → Privacy & Security → Tracking.
- Android (AAID): You can opt out of interest-based advertising or reset your Advertising ID in Settings → Privacy → Ads (or Settings → Google → Ads).
- We honour the Global Privacy Control (GPC) signal.
8.6 Analytics Opt-Out
You can opt out of analytics data collection by contacting privacy@zunii.app. When you opt out, we disable analytics and crash reporting data collection for your account.
8.7 Remember Me
If you enable "Remember Me" on the login screen, your email address is stored locally on your device for convenience. This data is cleared when you sign out or delete your account.
8.8 Restriction & Objection
Request restriction of processing or object to processing based on legitimate interests. Contact us at privacy@zunii.app to exercise these rights.
8.9 Withdrawal of Consent
You may withdraw consent at any time through the App's Settings → Privacy, by deleting your account, or by contacting privacy@zunii.app. Withdrawal does not affect the lawfulness of prior processing.
8.10 Non-Discrimination
We will not discriminate against you for exercising any privacy rights.
8.11 In-App Controls Summary
- Ghost Mode: Hide your online status and last seen from all users (Settings → Privacy);
- Auto-Delete Period: Choose 30, 60, or 90 days of inactivity before Account auto-deletion (Settings → Account);
- Ad Personalization: Reset or limit your advertising identifier in your device settings;
- App Tracking Transparency (iOS): When prompted, choose whether to allow tracking. You can change this in iOS Settings → Zunii;
- Push Notifications: Manage via App settings or device settings;
- Name & Photo Sharing: Control sharing in each individual chat;
- Matching Preferences: Control your matching filters; and
- Storage & Data: See how much space cached profile, chat, community and sticker images use; clear any category or all caches; set how long cached community images are kept (never/1 day/1 week/1 month) and a maximum cache size (Profile → Storage & Data); and
- Blocking: Block any User at any time.
9. Children's Privacy
Strictly Adults Only
Zunii is not directed to, intended for, or designed for anyone under 18 years of age (or 16 in Australia). We do not knowingly collect personal information from anyone under the applicable minimum age.
We employ age verification measures during registration, including date of birth verification. We reserve the right to require additional age verification at any time, including but not limited to identity document verification. If we discover that an account belongs to a user below the minimum age, we will immediately terminate the account and delete all associated data.
We do not direct targeted advertising at children. If you believe a User is underage, report them immediately via the in-app reporting feature or contact safety@zunii.app.
We comply with: the U.S. Children's Online Privacy Protection Act (COPPA), GDPR provisions regarding children, the Indian DPDP Act 2023, and the Australian Online Safety Amendment (Social Media Minimum Age) Act 2024.
10. International Data Transfers
Zunii operates globally. Your data may be transferred to and processed in countries other than your own. Specifically:
- India: where the operator (data controller) is based, and where Amazon SES processes transactional email (Mumbai region);
- European Union: Google Cloud / Firebase host our database, authentication, serverless functions, and the matching lobby (europe-west3 and europe-west1);
- United States: RevenueCat (subscription management) and certain Google service operations;
- Our self-managed servers: our real-time messaging and matching servers, which run on third-party cloud infrastructure; and
- Global: Cloudflare's edge network stores and delivers images and serves traffic from the location nearest you.
When two Users are matched, the conversation is handled by our real-time messaging service regardless of where each User is located. This means a chat between Users in different countries is processed on the same servers, which may be outside your country of residence.
Safeguards for international transfers include:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- UK International Data Transfer Agreement (IDTA) where applicable;
- Data Processing Agreements with all sub-processors;
- Reliance on infrastructure providers' certifications (Google Cloud SOC 2, ISO 27001, EU-US Data Privacy Framework); and
- Encryption in transit and at rest.
11. Cookies and Tracking Technologies
As a mobile application, Zunii does not use browser cookies. We use the following technologies:
- Device Identifiers: IDFV (iOS) and Android ID for Account security, fraud prevention, and single-Account enforcement.
- Advertising Identifiers: AAID (Android) and IDFA (iOS) are used by Google AdMob to serve and measure rewarded video advertisements. On iOS, the IDFA is only accessed after you grant permission via the App Tracking Transparency (ATT) prompt. On Android, you can reset or opt out of personalised ads in your device settings.
- Firebase Analytics: Collects anonymised, aggregated usage data to improve the Service. Does not track you across other apps or websites.
- Firebase Remote Config: Delivers feature flags and configuration values. Collects app instance identifiers.
- Push Notification Tokens: FCM tokens for push notification delivery, deleted on Account deletion or logout.
We do NOT:
- Link your advertising identifier to personally identifiable information;
- Use your advertising identifier ourselves to build interest profiles or to advertise to you across other companies' apps (where you consent, Google may personalize the ads it serves, and you control this via App Tracking Transparency on iOS or your device's ad settings on Android);
- Share your advertising identifier with data brokers or third parties for their own independent purposes; or
- Reconnect data to a reset advertising identifier.
We honour the "Opt out of Interest-Based Advertising" and "Limit Ad Tracking" settings on your device, and the Global Privacy Control (GPC) signal.
Our website (zunii.app) uses only essential cookies strictly necessary for functionality. We do not use advertising, analytics, or third-party tracking cookies on our website.
12. Region-Specific Disclosures
12.1 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)
EU and UK Representative
We are in the process of appointing an EU representative pursuant to Article 27 of the GDPR and a UK representative pursuant to Article 27 of the UK GDPR. In the meantime, please direct all inquiries to privacy@zunii.app. This section will be updated once representatives are appointed.
Legal Bases for Processing
| Processing Activity | Legal Basis |
|---|---|
| Account creation, authentication, and management | Performance of contract (Terms of Service) |
| User matching and communication | Performance of contract |
| Publishing your posts and reactions to the public community feed | Performance of contract; your consent (you choose what to make public) |
| Subscription processing and delivery | Performance of contract |
| Optional features (sharing name, photo, images) | Your consent |
| Rewarded advertisements (AAID/IDFA collection) | Your consent (via ATT prompt on iOS; ad opt-in on Android) |
| Safety, security, fraud prevention, abuse detection | Legitimate interests (protecting Users and the Service) |
| Report review and content moderation | Legitimate interests (maintaining community safety) |
| Message content review upon user report | Legitimate interests (community safety); Legal obligation (CSAM reporting under 18 U.S.C. § 2258A) |
| On-device text filtering of outgoing messages | Legitimate interests (community safety); Legal obligation (child protection) |
| Service improvement and analytics | Legitimate interests (improving the Service) |
| Push notifications | Performance of contract; your consent (device-level permission) |
| Legal compliance and law enforcement cooperation | Legal obligation |
| Reporting CSAM to NCMEC and authorities | Legal obligation; vital interests |
| Recording consent and Terms acceptance | Legal obligation; legitimate interests |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms to ensure they are not overridden. For higher-risk processing activities (such as our matching system and our safety and moderation processes), we assess and document the privacy impact before and as we deploy them. You may contact us for more information.
Your GDPR Rights
If you are in the EEA, UK, or Switzerland, you have the following rights:
- Access (Art. 15): Request a copy of your data.
- Rectification (Art. 16): Correct inaccurate data.
- Erasure (Art. 17): Request deletion of your data. This right may be exercised at any time, including if your Account is suspended or restricted (see Section 6.5).
- Restriction (Art. 18): Restrict how we process your data.
- Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
- Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
- Automated Decisions (Art. 22): You have the right not to be subject to decisions based solely on automated processing that produce legal effects. Contact us if you believe an automated decision was made in error.
- Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting prior lawful processing.
- Lodge a Complaint: With your national supervisory authority (e.g., ICO in the UK, CNIL in France, DPC in Ireland).
Automated Decision-Making
Matching: Our matching system uses automated processes to connect Users based on preferences and availability. This does not produce legal or similarly significant effects.
Safety Enforcement: Our systems may automatically apply temporary restrictions (warnings, cooldowns of 30 minutes to 6 hours, or suspensions) based on the number and severity of reports. These actions are subject to human review. Appeal at appeals@zunii.app.
Special Category Data
We do not intentionally collect special category data (health, religion, political opinions, sexual orientation, etc.). If you voluntarily share such information in chats, it is processed only for content delivery and moderation. We strongly discourage sharing such information.
UK Online Safety Act
We operate in-app report and block functions, content moderation processes, and remove illegal content as defined under UK law.
Breach Notification
In the event of a personal data breach likely to result in risk to your rights and freedoms:
- We notify the relevant supervisory authority within 72 hours (GDPR, DPDPA);
- We notify affected Users without undue delay where the breach poses high risk;
- We document the breach and remediation measures; and
- We take immediate steps to contain, investigate, and remediate.
Data Protection Contact
Contact: privacy@zunii.app. Response within 30 days (extendable by 60 days for complex requests).
12.2 United States
COPPA (Children Under 13)
Our App is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it immediately. Contact privacy@zunii.app if you believe we have collected such information.
California (CCPA / CPRA)
If you are a California resident, you have the following rights:
- Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and parties we share it with.
- Right to Delete: Request deletion of your personal information.
- Right to Correct: Request correction of inaccurate information.
- Right to Opt-Out of Sale or Sharing: We do not sell personal information. We share advertising identifiers with ad partners. To opt out, use your device's "Limit Ad Tracking" setting or contact us. We honour the Global Privacy Control (GPC) signal.
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those disclosed.
- Right of Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Categories Collected (Last 12 Months)
| CCPA Category | Data Elements | Sold? | Shared for Ads? |
|---|---|---|---|
| Identifiers | Name, email, device ID, advertising ID | No | No* |
| Personal Information (§1798.80) | Name, email | No | No |
| Protected classifications | Age, gender | No | No |
| Commercial information | Subscription purchase records | No | No |
| Internet/electronic activity | Usage data, device info, IP, ad interactions | No | No* |
| Geolocation | Country (self-reported), approximate region (from IP) | No | No |
| Inferences | Matching preferences | No | No |
*Advertising identifiers and device information are shared with Google AdMob to serve and measure advertisements. Where you consent to personalized ads (via App Tracking Transparency on iOS or your consent choice on Android), this may constitute "sharing" for cross-context behavioral advertising under the CPRA. You can opt out at any time through those controls, your device's ad settings, or the Global Privacy Control signal, which we honour.
To submit a request: privacy@zunii.app. We will verify your identity before processing.
Other US State Privacy Laws
Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Montana, Texas, Oregon, Kentucky, Indiana, Rhode Island, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, Tennessee, and others, including those effective 2025 to 2026) have the right to access, correct, delete, and obtain a portable copy of their personal data; opt out of targeted advertising; and opt out of the sale of personal data. We honour the Global Privacy Control (GPC) signal. To exercise these rights, contact privacy@zunii.app.
12.3 India (DPDP Act 2023 / DPDP Rules 2025)
Data Processing Notice
This section constitutes a Data Processing Notice as required under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and DPDP Rules, 2025.
Data Fiduciary: Abhishek Olkha, Inderpura, Udaipurwati, Jhunjhunu, Rajasthan 333307, India. Email: privacy@zunii.app
See Section 2 for the itemised list of personal data collected and its purposes.
How to withdraw consent: Through the App's Settings → Privacy, by deleting your account, or by contacting privacy@zunii.app. Withdrawal does not affect processing already carried out.
How to complain: You may file a complaint with the Data Protection Board of India at dpboard.gov.in once operational.
Your Rights (India)
- Right to Access: Obtain a summary of your personal data and processing activities.
- Right to Correction and Erasure: Request correction or deletion of your data.
- Right to Grievance Redressal: Raise grievances with our Grievance Officer.
- Right to Nominate: Nominate a person to exercise your rights in case of death or incapacity.
Grievance Officer (India)
In accordance with the DPDP Act and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021:
Grievance Officer: Abhishek Olkha
Email: grievance@zunii.app
Address: Inderpura, Udaipurwati, Jhunjhunu, Rajasthan 333307, India
The Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 15 days.
Children's Data (India)
Under the DPDP Act, anyone under 18 is a child. We do not knowingly collect data from users under 18 in India. We do not serve targeted advertising to any user.
IT Rules Compliance
We comply with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, including publishing these terms, providing grievance mechanisms, and acting on unlawful content within 24 hours of receiving a valid government order.
12.4 Australia
We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), and the Online Safety Amendment (Social Media Minimum Age) Act 2024. Minimum age for Australian users: 16 years. Users under 16 are not permitted to create or maintain an account. We employ age verification measures during registration, including date of birth verification, and reserve the right to require additional age verification at any time. Any data collected for age verification is used solely for that purpose and deleted promptly after verification. We take reasonable steps to ensure overseas recipients handle your data consistently with the APPs. You have the right to access and correct your personal information. Complaints: contact us first at privacy@zunii.app, then the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
12.5 Brazil (LGPD)
If you are in Brazil, your data is processed in accordance with the Lei Geral de Proteção de Dados (LGPD, Law No. 13.709/2018). You have the right to confirm processing, access, correct, anonymise, delete, or port your data; withdraw consent; and lodge a complaint with the ANPD at gov.br/anpd.
Data Protection Officer (Encarregado): Abhishek Olkha
Email: privacy@zunii.app
12.6 South Africa (POPIA)
If you are in South Africa, your data is processed under the Protection of Personal Information Act (POPIA). You may access, correct, delete, or object to processing. Lodge complaints with the Information Regulator at inforegulator.org.za.
Responsible Party & Information Officer: Abhishek Olkha
Email: privacy@zunii.app
12.7 Kenya (Data Protection Act 2019)
If you are in Kenya, your data is processed under the Data Protection Act, 2019. We are registered with the ODPC. You may access, rectify, object to, restrict, or delete your data. Lodge complaints with the ODPC at odpc.go.ke.
12.8 Canada (PIPEDA)
If you are in Canada, your data is handled under PIPEDA and applicable provincial laws. You have the right to access and correct your personal information. Complaints may be directed to the Office of the Privacy Commissioner at priv.gc.ca. Contact our Privacy Officer first at privacy@zunii.app.
12.9 Japan (APPI)
If you are in Japan, your data is handled under the Act on the Protection of Personal Information (APPI). We use your data only for purposes described in this Policy and will not provide it to third parties without consent, except as required by law. Cross-border transfers: we ensure equivalent protection or obtain your consent. Complaints: ppc.go.jp.
12.10 South Korea (PIPA)
If you are in South Korea, your data is handled under the Personal Information Protection Act (PIPA). This section constitutes our Personal Information Processing Policy (개인정보 처리방침). When your data is no longer needed, it is destroyed using irreversible methods. Cross-border transfers require your consent or equivalent safeguards. Complaints: PIPC at pipc.go.kr or KISA.
12.11 Vietnam, Indonesia, Singapore
Vietnam: We comply with the Law on Cybersecurity 2018 and respond to lawful government data requests as mandated.
Indonesia: We comply with Government Regulation No. 71/2019 and lawful content removal orders from Kominfo.
Singapore: We comply with POFMA. If the Singapore government issues a correction or removal order, we will comply promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we provide in-app notification at least 14 days before changes take effect. Where consent is required under applicable law, we obtain it before changes apply. The "Last updated" date at the top of this Policy indicates when it was last revised. Your continued use of the App after that date constitutes acceptance.
14. Contact Us
Questions About Your Privacy?
| Purpose | Contact |
|---|---|
| Privacy & Data Protection Requests, GDPR Rights | privacy@zunii.app |
| General Support | support@zunii.app |
| Safety Concerns & CSAM Reporting | safety@zunii.app |
| Account Appeals | appeals@zunii.app |
| India Grievance Officer | grievance@zunii.app |
| Legal & Administrative | admin@zunii.app |
Abhishek Olkha
Inderpura, Udaipurwati
Jhunjhunu, Rajasthan 333307, India