Skip to main content
Chunkr

Privacy Policy

Last Updated: December 10, 2025

Controller: Homie Lab Inc. Contact: privacy@chunkr.app

  1. Scope Applies to the Chunkr mobile application, related websites, and services (“Service”). EU, US, and Canadian users are covered.

  2. Data Categories We Collect

  • Account identifiers: email, phone number, login with Apple/Google, authentication tokens.
  • Profile data: username, age, photos, written bio, optional sensitive fields (sexual orientation, sexuality-related content, HIV status) provided explicitly by the user.
  • Location: GPS-based approximate location, coarse IP-based location, distance indicators, and approximate map placement (≥500 m radius). Exact coordinates are not disclosed to other users.
  • Device data: device model, OS version, advertising identifiers, app version, crash logs, IP address (retained 90 days).
  • Messages: message content, timestamps, and attachments stored in Supabase.
  • Media: all user-uploaded images, stripped of EXIF metadata, stored in Supabase buckets.
  • Usage data: interactions, taps, feature usage; analytics events via Segment, Meta Ads, AppsFlyer (when enabled), and Google Maps API usage telemetry.

  1. Sensitive Data Handling Sexual orientation or related fields are optional. Processing is based solely on explicit user submission. These fields are displayed to other users only as configured by the user. Legal basis (GDPR): explicit consent; performance of contract; legitimate interests in operating a safety-critical community.

  2. Location Practices We collect GPS-derived location for discovery features. Users see approximate distance and approximate positioning on the “Right Now” map within a 500 m radius. We do not display or store exact coordinates for display to other users.

  3. Messaging Messages are stored server-side in Supabase to enable multi-device access and reliability. Encryption-in-transit is standard; encryption-at-rest is handled by Supabase. End-to-end encryption is not yet implemented. We retain active message content until the user deletes it. Backups persist for 60 days. Deleted accounts follow the separate deletion timeline.

  4. Moderation and Safety Scanning We scan uploaded media using AWS Rekognition to detect prohibited content (nudity categories, safety violations, illegal material). We may employ keyword-level detection for threats, grooming behaviours, or other safety risks. We do not conduct broad behavioural profiling or automated decision-making beyond safety enforcement. Content tied to reports may be reviewed by human moderators.

  5. Cookies and Tracking The website uses cookies and tracking pixels for analytics and advertising (Segment, Meta Pixel, and similar identifiers). The mobile app uses SDK equivalents for measurement and attribution. We do not sell personal data.

  6. How We Use Data

  • Account creation, authentication, and feature delivery.
  • Display of user profiles, photos, and approximate locations.
  • Safety, abuse prevention, and fraud detection.
  • Moderation and enforcement actions.
  • Analytics, attribution, improvement of product performance.
  • Compliance with legal obligations.
  1. Sharing of Data We share personal data with:
  • Service providers: Supabase (hosting/storage), Segment, Meta Ads, AppsFlyer (when enabled), AWS Rekognition, Google Maps API.
  • Other users: only the information the user chooses to include on their profile plus approximate location.
  • Law enforcement: only in response to valid legal requests. We challenge overly broad or invalid demands. We notify the user where legally allowed. We do not share raw sensitive fields with advertisers.

  1. International Transfers Data is processed and stored primarily in the United States through Supabase and other US-based processors. For EU users, transfers rely on standard contractual clauses and supplementary safeguards.

  2. Retention

  • Messages: retained until user deletion; removed from backups after 60 days.
  • Photos and profile content: retained until user deletion; removed from backups after 60 days.
  • Reports and moderation records: retained for 2 years.
  • IP logs and device logs: 90 days.
  • Deleted accounts: – 30-day grace period for restoration – Final purge after 90 days, including backup systems
  • Analytics: aggregated or anonymized after 12 months.

  1. User Rights Users may access, correct, or delete their data; request portability; withdraw consent for sensitive fields; or restrict processing. Requests can be made via privacy@chunkr.app.

  2. Security Supabase provides encryption-at-rest and access controls. Additional safeguards include rate-limiting, authentication enforcement, fraud detection, and content moderation tools. No system is infallible.

  3. Children The Service is 18+. Accounts of minors are prohibited and removed upon detection.

  4. Changes We update this Policy periodically. Continued use after an update constitutes acceptance. ————————————————————