Privacy Policy

Last Updated: March 7, 2026

Privacy Policy for Gurby

Last Updated: April 5, 2026

Introduction

Welcome to Gurby ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you understand how we collect, use, and safeguard your information when you use our mobile application ("App").

This Privacy Policy explains our practices regarding data collection and usage. By using Gurby, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account or sign in, we collect:
  • Authentication Data: We support sign-in via Google, Apple, or anonymous access. When you sign in with Google or Apple, we receive your name and email address from the provider. Anonymous accounts do not collect personal information.
  • Authentication Provider: We store which sign-in method you used (Google, Apple, or anonymous).

    • Profile Information You Provide

    If you choose to create a community profile, you may provide:
  • Display Name (up to 50 characters)
  • Occupation (up to 100 characters)
  • Profile Photo (resized to 800x800 pixels, stored as JPEG)
  • Birth Year (used to calculate and display your age)
  • City (your city in the Netherlands)
  • Country of Origin (country name and flag)
  • Migration Status ("Arriving Soon," "Newcomer," or "Living Here")
  • Contact Information (up to 200 characters — e.g., email, phone, or social media link). This is stored privately and only shared with users you explicitly connect with.

    • Community Interaction Data

    When you use the community features, we collect:
  • Contact Requests: When you send or receive a contact request, we store the request along with an optional introductory message (up to 500 characters), the participants' user IDs, and denormalized profile information (display name, flag, status, profile photo URL) for both sender and recipient. When you accept a contact request, you may include an optional response message (up to 500 characters), which is also stored.
  • Contacts: When a contact request is accepted, we create a record of the connection between both users, including denormalized profile data (display name, profile photo, city, country of origin, and occupation).
  • Feed Activity: When you create posts, write comments, or react to content in the community feed, we store this activity along with your user ID and associated content.
  • In-App Notifications: We store notifications about community activity (such as contact requests, reactions, and comments) addressed to you, including the acting user's display name, profile photo URL, and country of origin flag.
  • Reports: If you report another user, we store your user ID, the reported user's ID, the reason for the report, and an optional description (up to 500 characters).
  • Blocked Users: If you block a user, their user ID is stored in your private data.

    • Information Collected Automatically

  • Usage Data: We collect information about how you interact with the App, including which features you use, checklist items you complete, your progress through categories, community interactions, and navigation patterns.
  • Device Information: We may collect device type, operating system version, unique device identifiers, and app version.
  • Crash and Error Data: We use Sentry to collect crash reports and error logs to improve app stability. This may include device state, stack traces, session information, and personally identifiable information (such as IP address) at the time of an error.
  • Analytics Information: We use PostHog to collect usage statistics and product interaction data. This helps us understand which features are most valuable to our users. We track events including onboarding progress, feature usage, navigation, and settings changes.
  • Session Replay Data: To help diagnose issues, we may record session replays via PostHog. All text, images, and personal content are masked by default. Session replays are captured at a 10% sample rate during normal use and 100% when errors occur.
  • Screenshot Detection: We detect when you take a screenshot within the App for analytics purposes. No screenshot content is captured or transmitted.
  • Last Active Timestamp: We record when you last used the community features to enable "recently active" sorting.

    • Push Notification Data

    If you enable push notifications, we collect and store:
  • FCM Tokens: Firebase Cloud Messaging device tokens for delivering push notifications. Tokens are stored in your private data and automatically cleaned up after 60 days of inactivity or when they become invalid.
  • Notification Preferences: Your per-category opt-in/opt-out settings for push notifications (contact requests, new arrivals, community activity, and monthly digests).

    • How We Use Your Information

    We use the collected information to:
  • Provide, maintain, and improve the App
  • Track your progress and save your checklist completion status locally on your device
  • Enable community features: browsing profiles, sending and receiving contact requests, and managing connections
  • Share your contact information with users you explicitly connect with (upon mutual acceptance of a contact request)
  • Send push notifications about contact requests and connection updates (if you opt in)
  • Enforce rate limits (maximum 10 contact requests per 24-hour period) and prevent abuse
  • Detect and enforce user blocks
  • Process user reports for community safety
  • Diagnose and fix technical issues
  • Analyze usage patterns to improve user experience
  • Respond to your inquiries and provide customer support
  • Deliver notifications and app content in English
  • Moderate user-generated text (such as contact request messages, acceptance messages, feed posts, and comments) using automated content moderation tools to enforce community standards

    • Data Storage

    Local Storage

    Your checklist progress, preferences, onboarding status, and language settings are stored locally on your device using AsyncStorage. This data is not encrypted at the device level beyond what the operating system provides.

    Cloud Storage

    Your account data, community profile, and interaction data are stored in Google Firebase services:

  • Firebase Authentication: Manages your sign-in credentials and account
  • Cloud Firestore: Stores your profile data, contact requests, connections, reports, and blocked user lists
  • Firebase Cloud Storage: Stores your profile photo
  • Firebase Cloud Messaging: Delivers push notifications
  • Firebase Cloud Functions: Processes contact requests, manages connections, handles blocks, and performs account deletion

    • Third-Party Services

    We use the following third-party services that may process your data:

    Google Firebase (Backend Infrastructure)
  • Purpose: Authentication, data storage, push notifications, serverless functions, and file storage
  • Data collected: Account data, profile information, community interactions, FCM tokens, profile images
  • Privacy Policy: https://firebase.google.com/support/privacy
    • PostHog (Product Analytics)
  • Purpose: Understanding user behavior and improving the product experience
  • Data collected: Usage events, device identifiers, session replays (with masked personal content)
  • Privacy Policy: https://posthog.com/privacy
    • Sentry (Error Tracking)
  • Purpose: Crash reporting and performance monitoring
  • Data collected: Error logs, device info, session data, IP address, and other personally identifiable information
  • Privacy Policy: https://sentry.io/privacy/
    • Google Sign-In
  • Purpose: Authentication
  • Data collected: Name, email address, account identifier
  • Privacy Policy: https://policies.google.com/privacy
    • Apple Sign-In
  • Purpose: Authentication
  • Data collected: Name, email address (may be hidden via Apple's relay), account identifier
  • Privacy Policy: https://www.apple.com/legal/privacy/
    • Apple App Store / Google Play Store
  • Purpose: App distribution
  • Subject to their respective privacy policies

    • Data Sharing Between Users

    Public Profile

    When you create a community profile, the following information is visible to all signed-in users:
  • Display name, occupation, profile photo, country of origin (flag), migration status, city, birth year (displayed as age), and last active timestamp.

    • Contact Information Sharing

    Your private contact information (email, phone, or social media link) is only shared when both you and another user mutually accept a contact request. This sharing is handled securely via a server-side Cloud Function — it is never exposed through client-side database reads.

    Contact Requests

    When you send a contact request, the recipient can see your display name, country flag, migration status, profile photo, and any introductory message you include.

    Data Sharing with Third Parties

    We do not sell, trade, or rent your personal information to third parties. We may share anonymized, aggregated data that cannot be used to identify you.

    We share data with the third-party service providers listed above solely for the purposes described. These providers process data on our behalf under appropriate data processing agreements.

    We may disclose your information if required by law or if we believe such action is necessary to:
  • Comply with legal obligations
  • Protect and defend our rights or property
  • Prevent fraud or abuse
  • Protect the safety of users or the public

    • Your Rights

    Depending on your location, you may have the following rights:
  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data. You can update your profile information at any time through the App.
  • Deletion: Request deletion of your data. You can delete your account directly in the App under Settings, which permanently removes all your data (see Account Deletion below).
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your data
  • Withdraw Consent: You can disable push notifications at any time through the App or your device settings.

    • To exercise these rights, please contact us at support@gurby.app.

    Account Deletion

    You can permanently delete your account from within the App (Settings > Delete Account). When you delete your account, we remove:
  • Your public profile and all profile data
  • Your private data (contact information, notification tokens, blocked users list, language preference)
  • Your profile photo from cloud storage
  • All contact requests you have sent or received
  • All reports you have filed or that have been filed against you
  • All connection records between you and other users
  • Your Firebase Authentication account

    • This process is irreversible. Account deletion is processed immediately via a secure server-side function.

    Data Retention

  • Local Data: Stored on your device until you delete the App or reset your progress
  • Profile and Community Data: Retained until you delete your account
  • Contact Requests and Connections: Retained until either user deletes their account
  • In-App Notifications: Retained until you delete them individually or delete your account
  • Feed Posts, Comments, and Reactions: Retained until you or the content author deletes the content, or until account deletion
  • Reports: Retained for community safety review until either user deletes their account
  • FCM Tokens: Automatically cleared after 60 days of inactivity
  • Analytics Data: Retained by PostHog for up to 90 days
  • Error Logs: Retained by Sentry for up to 90 days
  • Last Active Timestamp: Updated on each community visit, retained until account deletion

    • Children's Privacy

    Gurby is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. The App collects birth year information and validates that users are at least 13 years old. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will promptly delete such information.

    Tracking and Advertising

    iOS App Tracking Transparency

    On iOS 14.5 and later, we may request your permission before tracking your activity across other companies' apps and websites. You can change this preference at any time in your device settings.

    We do not currently display third-party advertisements in the App.

    Analytics

    We use PostHog for product analytics and Sentry for error tracking. These services collect data as described above. You can contact us at support@gurby.app to request that we stop collecting analytics data for your account.

    Device Permissions

    The App may request the following device permissions:
  • Camera: To take a profile photo
  • Photo Library: To choose a profile photo from your gallery
  • Push Notifications: To receive alerts about contact requests and connection updates
  • Internet Access: Required for all cloud-based features

    • All permissions are optional. The App will function with reduced features if permissions are denied.

    Security

    We implement appropriate technical and organizational measures to protect your information:
  • Private user data (contact information, blocked users, notification tokens) is stored in a separate, access-controlled subcollection that only the account owner can read
  • Contact information sharing is handled exclusively via secure server-side functions
  • Firestore security rules enforce field-level validation, access control, and input sanitization
  • All data is transmitted over HTTPS/TLS
  • Rate limiting prevents abuse of contact request functionality

    • However, no method of transmission over the internet or electronic storage is 100% secure.

    International Data Transfers

    Your information is processed and stored using Google Firebase services and may be transferred to and processed in countries other than your own, including the United States. These countries may have different data protection laws. We ensure appropriate safeguards are in place, including Google's data processing terms and standard contractual clauses, to protect your information.

    Changes to This Privacy Policy

    We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy in the App and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically.

    Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: support@gurby.app

    • Additional Information for EU/EEA Users (GDPR)

    If you are located in the European Union or European Economic Area:
  • Legal Basis: We process your data based on:
    • - Contract Performance: Providing the App and its community features (profile, contact requests, connections) - Legitimate Interests: Improving our services, ensuring community safety (reports, blocks), preventing abuse (rate limiting) - Consent: Push notifications, analytics tracking (where applicable)
  • Data Controller: Gurby is the data controller for your personal information.
  • Data Processors: Google (Firebase), PostHog, and Sentry process data on our behalf under data processing agreements.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl).
  • Data Minimization: We collect only the data necessary for the features you use. Community profile fields are optional.

    • Additional Information for California Users (CCPA)

    If you are a California resident:
  • You have the right to know what personal information we collect and how we use it
  • You have the right to request deletion of your personal information (available directly in the App)
  • You have the right to opt-out of the sale of your personal information (we do not sell your data)
  • We will not discriminate against you for exercising your privacy rights

    • ---

    © 2026 Gurby. All rights reserved.