Privacy Policy

Effective date: [DATE]  ·  Contact: privacy@example.com

What we collect

Mutuals collects the minimum data required for the app to function:

• Phone number (hashed). After you verify your phone number with a one-time code, we store a SHA-256 cryptographic hash of your E.164-normalised phone number. We never store your raw phone number.
• Contact hashes. When you sync your address book, your device hashes every phone number before sending anything to our servers. We store only these hashes — never names, profile photos, or raw numbers from your contacts.
• Apple Sign In identifier. A unique, opaque ID provided by Apple when you sign in. We use this solely for account authentication.
• Connection records. When you initiate or accept a connection through iMessage, we store a record linking two user accounts. This powers the mutual-contact feature.

What we do NOT collect

• Raw phone numbers (yours or your contacts')
• Contact names, email addresses, or any other contact fields
• Message content
• Location data
• Advertising identifiers

How your data is used

Contact hashes are used exclusively to compute the intersection between two users' address books when both have accepted a connection. The result (the intersection only — never either user's full list) is returned to each device, which resolves hashes back to names using its own local Contacts store. The server never returns names.

How mutual contacts are revealed

Our servers compute the overlap between two hashed contact lists and return only the matching hashes. Your device looks up those hashes against your own address book to produce display names. The other person's full contact list is never visible to you, and vice versa.

Why you must sync your full address book

Mutual-contact matching only works correctly when both parties have synced their complete address books. Selective sync breaks the product for other users: if you exclude a contact, neither of you will see that person as a mutual — even if the other person has them. The app does not provide a selection interface for this reason.

Data retention and deletion

You can delete your account at any time from within the app. Deletion permanently removes your profile, all contact hashes, and all connection records. Contact hashes are re-synced each time you open the app; a fresh sync replaces the previous set.

Third-party services

• Supabase — database and authentication infrastructure. Hosted on AWS. Supabase's privacy policy is at supabase.com/privacy.
• Apple Sign In — authentication. Apple's privacy policy applies to the sign-in flow.

Children

Mutuals is not directed at children under 13. We do not knowingly collect data from children under 13.

Changes to this policy

We may update this policy. Material changes will be notified in the app. Continued use after notice constitutes acceptance.

Contact

Questions? Email privacy@example.com.