Flames ("we", "our", "us") is operated by Trending Tags. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Flames mobile application ("App").
Your privacy matters. We do not sell your data. We do not use third-party analytics or advertising SDKs. All chat messages are end-to-end encrypted.
1. Information We Collect
1.1 Account Information
- Email address — used for authentication (OTP sign-in)
- Phone number — used for authentication (SMS/WhatsApp OTP sign-in)
- Password (optional) — securely hashed, never stored in plaintext
1.2 Profile Information
You provide this information during onboarding and profile editing:
- Display name, date of birth, gender, sexual orientation
- Bio, job title, company, education, city
- Height, zodiac sign, languages spoken
- Lifestyle preferences (drinking, smoking, workout, pets, family plans)
- Relationship intent and communication style
- Hobbies and interests
- Personality quiz responses
- Profile prompts (conversation starters)
1.3 Photos
- Profile photos (up to 6) — compressed to max 1080px and stored in our cloud storage
- Verification photos (selfie and ID) — stored privately and accessible only to our moderation team via time-limited secure links
1.4 Location Data
- We collect approximate location (city-block level accuracy) when you use the discovery feature
- Location is collected only while the app is in the foreground — we never track you in the background
- Other users see only a computed distance (e.g., "3 km away") — your exact coordinates are never shared
1.5 Messages
- Chat messages are end-to-end encrypted using NaCl box encryption. Only the sender and recipient can read them — we cannot access message content
- Speed Date messages are ephemeral and automatically deleted 24 hours after the session ends
- Push notifications for new messages include the sender's name only — never message content
1.6 Usage Data
- Swipe history (used to avoid showing you the same person twice and to improve match suggestions)
- Game participation and results
- Login streak, XP, and badge data (gamification features)
- Daily profile impression counts (how many times your profile was shown)
1.7 Device Information
- Push notification token — a device identifier used solely for delivering push notifications
- Platform type (Android/iOS)
- We do not collect device model, OS version, IP address, or advertising identifiers
1.8 Purchase Data
- Subscription type and expiry date
- Purchase tokens and order IDs from Google Play (for receipt validation)
- We never collect or store payment card details — all payment processing is handled entirely by Google Play
2. How We Use Your Information
| Purpose | Data Used |
|---|
| Show you compatible profiles | Location, preferences, age, gender, personality, swipe history |
| Enable messaging | Encrypted messages, read receipts, typing indicators |
| Deliver push notifications | Push token, sender name |
| Process subscriptions | Purchase tokens (validated with Google Play) |
| Verify your identity | Selfie and ID photos (reviewed by moderation team) |
| Ensure safety | Reports, blocks, screenshot detection events |
| Improve match quality | Swipe patterns (analyzed every 50 swipes to refine suggestions) |
| Gamification | XP, streaks, badges, game results |
3. Data Sharing
We do not sell, rent, or trade your personal information to third parties.
We share data only with the following service providers who are essential to operating the App:
| Service | Purpose | Data Shared |
|---|
| Supabase | Backend infrastructure (database, auth, storage) | All account and profile data |
| Firebase Cloud Messaging | Push notification delivery | Device token + notification content (no message text) |
| Google Play Billing | Payment processing | Purchase receipts (for validation only) |
We do not use any advertising networks, analytics platforms, or data brokers.
4. Data Security
- End-to-end encryption: Chat messages are encrypted on your device before being sent. Your private key is stored only on your device in secure storage and is never transmitted to our servers
- Encrypted storage: Sensitive credentials (encryption keys) are stored in the device's secure enclave via expo-secure-store
- Row-Level Security: Database access is restricted so users can only read and modify their own data
- Screenshot protection: Screenshots are blocked in chat screens on Android. On iOS, screenshot events are detected and logged
- Secure connections: All data is transmitted over HTTPS/TLS. Cleartext traffic is disabled in production
- Protected fields: Subscription tier, admin status, verification status, and financial fields cannot be modified by client-side requests
5. Data Retention
| Data | Retention Period |
|---|
| Account & profile data | Until you delete your account |
| Profile photos | Until you remove them or delete your account |
| Verification photos | Until account deletion or admin purge |
| Chat messages (E2EE) | Stored indefinitely (encrypted) |
| Speed Date messages | Deleted automatically after 24 hours |
| Profile impressions | 30 days (automatically purged) |
| Push notification tokens | Until sign-out or token refresh |
| Purchase records | Retained indefinitely (legal/financial requirement) |
| Reports & safety events | Retained indefinitely (safety requirement) |
| Local preferences (on-device) | Until app uninstall |
6. Your Rights
You have the right to:
- Access your personal data — view your profile and settings at any time within the App
- Correct your data — edit your profile, photos, and preferences
- Delete your account and associated data — contact us at the email below
- Withdraw consent — revoke location, notification, or camera permissions at any time through your device settings
- Object to processing — contact us to opt out of specific processing activities
- Data portability — request an export of your personal data
7. Children's Privacy
Flames is intended for users aged 18 and above. We do not knowingly collect information from anyone under the age of 18. If we discover that a user is under 18, we will promptly delete their account and all associated data.
8. Cookies and Tracking
Flames is a mobile application and does not use cookies, browser tracking, or web-based analytics. Local preferences (theme, haptic settings, audio settings) are stored on your device only and are never transmitted to our servers.
9. Data Storage Location
Your data is stored on Supabase infrastructure. Database and storage services are hosted in secure cloud data centers. All data transfers occur over encrypted HTTPS connections.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or via email. The "Last Updated" date at the top reflects the most recent revision.
11. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or want to delete your account, contact us at: