Privacy Policy

1. Information We Collect

a. Information You Provide

Category	Examples
Account information	Name, email address, phone number, date of birth, profile photo, username
User content	Messages, photos, videos, posts, and other content you share with your contacts through the Service
Contact information	Contacts you add or invite within the app (with your permission)
Communications with us	Support requests, feedback, and correspondence you send to us

b. Information Collected Automatically

Category	Examples
Device information	Device type, operating system, unique device identifiers, browser type, language settings
Usage data	Features used, actions taken, timestamps, frequency of use, interaction patterns
Log data	IP address, access times, pages viewed, app crashes, and diagnostic data
Location data	Approximate location derived from IP address (we do not collect precise GPS location unless you explicitly enable a location-sharing feature)

c. Information from Third Parties

We may receive information about you from third-party services if you choose to link them to your Circles account (for example, signing in via a social login provider). We only receive the information you authorize the third party to share.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: Operating, maintaining, and delivering the features of Circles, including messaging, group chats, and private posts to your contacts.
• Account management: Creating and managing your account, authenticating your identity, and processing your requests.
• Communication: Sending you service-related notifications, updates, security alerts, and support messages.
• Safety and security: Detecting, preventing, and addressing fraud, abuse, security incidents, and violations of our Terms of Service, including protecting the safety of children.
• Improvement: Analyzing usage patterns and feedback to improve, develop, and personalize the Service.
• Legal compliance: Complying with applicable laws, regulations, legal processes, or enforceable governmental requests.

We do not sell your personal information. We do not use your private messages or posts for advertising purposes.

3. How We Share Your Information

We share your information only in the following circumstances:

• With your contacts: Content you share through the Service is visible to the contacts you select. Circles is a private platform — nothing is publicly visible outside your accepted contacts.
• Service providers: We engage trusted third-party companies to perform services on our behalf (such as hosting, analytics, customer support, and content moderation). These providers are contractually obligated to use your information only as directed by us and to maintain its confidentiality.
• Legal obligations: We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
• With your consent: We may share your information for other purposes with your explicit consent.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods include:

• Account data: Retained while your account is active and for up to 30 days after account deletion to allow for recovery, after which it is deleted or anonymized.
• Messages and content: Stored while your account is active. Upon account deletion, your copies are removed within 30 days; content shared with others may remain visible to those contacts until they also delete it.
• Usage and log data: Retained for up to 12 months for analytics and security purposes, then anonymized or deleted.
• Legal and compliance records: Retained as required by applicable law (which may extend beyond the periods above).
• Backup systems: Residual copies in backups may persist for up to 90 days after deletion from active systems before being automatically purged.

5. Data Security

We implement technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS 1.2 or higher) and at rest, access controls, regular security assessments, and incident response procedures.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Data Breach Notification

In the event of a data breach that affects your personal information and poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable law. For users in the EEA/UK, we will notify the appropriate data protection authority within 72 hours of becoming aware of a qualifying breach, in accordance with GDPR Article 33. For users in the United States, we will comply with applicable state breach notification laws. Notifications will include the nature of the breach, the categories of data affected, the likely consequences, and the measures we are taking to address it.

6. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to certain legal exceptions.
• Data portability: Request a copy of your data in a structured, commonly used, machine-readable format.
• Restriction: Request that we restrict the processing of your personal information in certain circumstances.
• Objection: Object to the processing of your personal information where we rely on legitimate interests as the legal basis.
• Withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at contact@use-circles.com. We will respond within the time frame required by applicable law (typically 30 days). We may ask you to verify your identity before processing your request.

Additional Controls in the App

• Notification preferences: You can manage push notification settings in the app or through your device settings.
• Contact permissions: You can revoke the app's access to your device contacts at any time through your device settings.
• Account deletion: You can request account deletion through the app settings or by contacting us.

7. Children's Privacy

COPPA Compliance (United States)

In compliance with the Children's Online Privacy Protection Act (COPPA), we require verifiable parental consent before collecting personal information from children under 13 in the United States. Parents or guardians must create and manage accounts for children under 13.

• We collect only the minimum personal information necessary to provide the Service to a child's account.
• We do not condition a child's participation on the collection of more personal information than is reasonably necessary.
• Parents or guardians may review their child's personal information, request its deletion, and refuse further collection by contacting us at contact@use-circles.com.

GDPR-K / Age-Appropriate Design (UK & EU)

For users in the European Economic Area and the United Kingdom, we comply with age-appropriate design requirements. We process children's data based on parental consent where required, apply enhanced privacy settings by default for younger users, and conduct data protection impact assessments for features used by minors.

General Protections for Minors

• We do not serve targeted advertising to users identified as minors.
• We apply age-appropriate default privacy settings for accounts identified as belonging to minors.
• We do not use profiling or automated decision-making that produces legal or similarly significant effects on minors.

8. International Data Transfers

Circles operates globally, and your information may be transferred to and processed in countries other than your country of residence, including the United States and other countries where our servers, service providers, or affiliates are located.

When we transfer personal information across borders, we implement appropriate safeguards to ensure your data receives an adequate level of protection, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Data processing agreements with our service providers that include appropriate protections.
• Compliance with applicable data transfer frameworks.

By using the Service, you acknowledge that your information may be transferred to countries that may have different data protection laws than your country of residence.

9. Cookies & Tracking Technologies

Our website and Service may use the following technologies:

• Essential cookies: Required for the basic functionality of the Service (e.g., authentication, security).
• Analytics cookies: Help us understand how users interact with the Service so we can improve it. We use privacy-respecting analytics tools and anonymize or aggregate data where possible.
• Local storage: The app may store data locally on your device for performance and offline access.

We do not use advertising or third-party tracking cookies. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

10. Third-Party Links & Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

11. Legal Bases for Processing (EEA/UK Users)

If you are in the European Economic Area or the United Kingdom, we process your personal information on the following legal bases:

Legal Basis	Applies To
Contract performance	Processing necessary to provide the Service you requested (account creation, messaging, content delivery)
Consent	Processing based on your opt-in consent (e.g., optional analytics, contact list access, children's accounts)
Legitimate interests	Processing necessary for our legitimate interests, such as improving the Service, preventing fraud, and ensuring security, where those interests are not overridden by your rights
Legal obligation	Processing necessary to comply with a legal obligation to which we are subject
Vital interests	Processing necessary to protect the vital interests of you or another person (e.g., child safety)

12. U.S. State Privacy Rights

Residents of certain U.S. states (including California, Virginia, Colorado, Connecticut, and others with comprehensive privacy laws) have additional rights, which may include:

• Right to know: What personal information we collect, use, disclose, and sell (we do not sell personal information).
• Right to delete: Request deletion of your personal information.
• Right to correct: Request correction of inaccurate personal information.
• Right to opt out: Opt out of the sale or sharing of personal information (not applicable — we do not sell or share for cross-context behavioral advertising).
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

California-Specific Disclosures (CCPA/CPRA)

In the preceding 12 months, we have collected the categories of personal information described in Section 1. We do not sell personal information or share it for cross-context behavioral advertising as defined by the CCPA/CPRA. We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA.

To exercise your rights, contact us at contact@use-circles.com. You may also designate an authorized agent to make a request on your behalf.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service. When we make material changes, we will notify you by posting the revised policy within the app, sending you an email or push notification, or by other reasonable means at least thirty (30) days before the changes take effect.

The "Last Updated" date at the top of this page will be revised accordingly. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy inquiries: contact@use-circles.com
• General support: contact@use-circles.com
• Mailing address: [Your Company Name], [Street Address], [City, State/Province, Postal Code, Country]

If you are in the EEA or UK and wish to contact our Data Protection Officer, please email [DPO email].

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.