Privacy Policy

Effective Date: 7th March, 2026 | Version 1.0.0

🔒 Our Privacy Commitment

At Zunii, privacy is foundational to our Service. We collect only what is necessary, we never sell your personal data, and we give you meaningful control over your information. This Privacy Policy explains in detail how we collect, use, disclose, and safeguard your data.

1. Introduction & Scope

Zunii ("the App," "we," "us," or "our") is a social communication application that connects users with new people through random matching. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and how you can exercise your rights.

We are operated by Abhishek Olkha, residing at Inderpura, Udaipurwati, Jhunjhunu, Rajasthan 333307, India. Abhishek Olkha is the data controller responsible for your personal data.

This Policy applies to all Users of the Service, regardless of how you access or use it. By creating an account or using Zunii, you acknowledge that you have read, understood, and agree to the data practices described in this Policy. If you do not agree with our practices, please do not use the App.

This Policy should be read in conjunction with our Terms of Service and Community Guidelines, which are incorporated herein by reference.

2. Information We Collect

2.1 Information You Provide Directly

Data Category	Specific Data	Purpose
Account Registration	First name, last name, email address, age, gender, country	Create and manage your account; verify eligibility; enable matching
Date of Birth (Transient)	Date of birth selected during registration	Used solely to calculate your age. Your date of birth is processed in-memory only and is never stored in any database, server, or local storage. Only your computed integer age is retained.
Profile Information	Profile photograph, display initials	Display to matched Users (at your discretion)
Authentication Credentials	Credentials via Apple Sign-In, Google Sign-In, or email/password	Secure authentication and Account access
Chat Content	Text messages, shared images, message reactions	Enable communication between matched Users
Reports & Support	Report category, reason, description; support request details; in-app feedback; feature suggestions; satisfaction ratings; device metadata (platform, OS version, device model, app version, build number, locale) automatically attached for debugging purposes	Safety enforcement; customer support; Service improvement
Consent Records	Specific document versions accepted (e.g., Terms v1.0.0, Privacy Policy v1.0.0) and a UTC timestamp. We do not record your IP address as part of the consent record.	Legal compliance; record-keeping
Privacy Preferences	Online status visibility settings ("Ghost Mode"), last seen visibility settings, auto-delete preference (30/60/90 days)	Apply your privacy and data lifecycle choices
Matching Preferences	Gender preference filter, age range filter, country filter	Match you with compatible Users

2.2 Information Collected Automatically

Data Category	Specific Data	Purpose
Device Information	Device type, manufacturer, model, operating system and version, app version, build number, language and locale settings, unique device identifiers (e.g., IDFV, Android ID)	App functionality; compatibility; debugging; security; optimise app performance
Advertising Identifiers	Android Advertising ID (AAID) on Android; Apple Identifier for Advertisers (IDFA) on iOS (only with your consent via App Tracking Transparency prompt)	Serve and measure rewarded video advertisements; frequency capping
Usage Data	Features accessed, interactions, session duration, timestamps, screen views, daily match count, credits earned and spent, in-app actions, match search parameters, message counts	Service improvement; analytics; monetisation tracking; understand usage patterns
Analytics Properties	Derived properties sent to our analytics provider: gender, country, age group (e.g., "18–24," "25–34")	Aggregate analytics and user segmentation (not used for advertising targeting)
Network & Connection Data	IP address (collected by infrastructure providers as part of normal network operations — not stored directly in our application databases), network type (Wi-Fi/cellular)	Security; fraud prevention; approximate region detection for chat shard routing; route requests; prevent abuse
Presence Data	Online/offline status, last seen timestamp (subject to your Ghost Mode settings)	Show activity status to your connections (controllable via Ghost Mode)
Screenshot & Image Save Events	Timestamp and occurrence of screenshot events and image saves during chats	Notify the other chat participant for transparency
Crash & Diagnostic Data	Crash logs, stack traces, error reports, performance metrics, and associated context (country as a custom key for regional crash diagnostics)	Debugging; Service stability; performance improvement; monitor app stability
Ad Interaction Data	Rewarded ad impressions, completion status, reward type granted	Monetisation; ad performance measurement
Subscription Status	Subscription plan, billing period, trial status, renewal status	Manage premium features, process subscriptions

2.3 Subscription & Purchase Data

Category	Specific Data	Purpose
Subscription Records	Subscription tier (free/premium), product ID (monthly/yearly), purchase timestamp, expiration date, renewal status, billing issue status	Manage your subscription; deliver premium features
RevenueCat Customer ID	A unique identifier linking your Zunii Account to your subscription record in RevenueCat	Subscription billing management

We do NOT store your credit card number, bank account details, or other payment instrument data. All payment processing is handled by Google Play (Android) or the Apple App Store (iOS), and subscription management is handled by RevenueCat. We only receive purchase confirmation records.

2.4 Information from Third Parties

When you authenticate using Apple Sign-In or Google Sign-In, we receive the following from the respective provider:

Basic profile information (name, email address);
Authentication tokens; and
Unique account identifiers.

We do not request or receive access to your contacts, photos, calendar, or other data from these providers beyond what is strictly necessary for authentication.

2.5 Information Stored Locally on Your Device

To improve performance and enable offline access, the App stores the following data locally on your device:

Chat metadata and recent messages (for instant loading);
Cached peer profile information (name, initials, avatar — refreshed every 24 hours);
Sync state data (to minimise network usage);
Credit balances and ad cooldown timestamps (for monetisation features);
Authentication preferences (e.g., saved email for "Remember Me" if enabled by you); and
A local database cache maintained by Firebase Firestore for offline access, which may temporarily contain data from active chats and connections. This cache is cleared when you sign out.

Local data is stored in standard device storage and protected by your device's own security features (device encryption, screen lock). We do not apply additional application-level encryption to locally cached data. This local data is permanently deleted when you sign out or delete your Account.

2.6 Information We Do NOT Collect

Precise GPS or geolocation data;
Contacts or address book data;
Photos or media library (beyond images you actively choose to share in chats or set as your profile picture);
Biometric data;
Credit card numbers, bank account details, or payment instrument data (payments processed by Google Play / Apple App Store);
Health, political, or religious data (unless you voluntarily share it in chat — we discourage this); or
Data from other apps on your device.

📍 Location Data

We collect your country for matching purposes. This is self-reported by you during registration. We do NOT collect, access, or process precise geolocation data (GPS coordinates), coarse location data, or continuous location tracking. We may derive approximate geographic region from your IP address solely for security, fraud prevention, and routing your chat to the nearest server for performance.

3. How We Use Your Information

3.1 Providing & Operating the Service

Create, authenticate, and manage your Account;
Match you with other Users based on your selected preferences (age, gender, country) using our tiered matching pools (country → region → global);
Enable real-time communication between matched Users via our regional chat servers;
Display your initials and, at your discretion, your name and photo to matched Users;
Manage Connections, chat history, and connection expiry;
Process and deliver subscription entitlements (premium features);
Manage credits earned through rewarded advertisements (boost, filter, daily extension credits);
Apply your privacy preferences (Ghost Mode, auto-delete settings); and
Process Account deletion requests.

3.2 Advertising

Serve opt-in rewarded video advertisements through Google AdMob when you voluntarily choose to watch them;
Measure ad performance (impressions, completions); and
Grant credits to your account upon successful ad completion.

Rewarded ads are always voluntary. You are never required to watch an ad to access core app functionality. You choose to watch ads to earn credits for enhanced features (priority matching, filter unlocks, or additional daily matches).

3.3 Subscription Management

Process and verify subscription purchases via RevenueCat;
Deliver premium features (increased daily matches, additional connections, priority matching, unlimited filters);
Handle subscription lifecycle events (renewal, cancellation, expiration, billing issues); and
Manage grace periods for billing issues.

3.4 Safety, Security & Integrity

Review and act on User reports of Terms and Community Guidelines violations;
Apply automated moderation actions (warnings, cooldowns, suspensions) based on report severity and frequency;
Detect, investigate, and prevent fraud, abuse, and unauthorized access;
Rate-limit actions to prevent spam and abuse;
Enforce our Terms of Service and Community Guidelines;
Protect the rights, safety, and property of our Users and the public;
Respond to legal requests and comply with applicable law; and
Detect, report, and remove Child Sexual Abuse Material (CSAM) in compliance with applicable laws, including reporting to NCMEC.

📋 Content Scanning Disclosure

We do NOT conduct proactive or automated scanning of message content. Message content is reviewed only when a report is filed by a User through our in-app reporting system. Upon receiving a report, our moderation team reviews the reported content to determine whether it violates our Terms of Service or Community Guidelines. The only exception is that we may use automated hash-matching technology (such as PhotoDNA or similar) to detect known Child Sexual Abuse Material (CSAM), which we are required to report to NCMEC under 18 U.S.C. § 2258A.

3.5 Service Improvement & Analytics

Analyse aggregated usage patterns and trends using Firebase Analytics;
Manage feature availability and configuration using Firebase Remote Config;
Develop, test, and deploy new features; and
Diagnose and resolve technical issues.

3.6 Communications

Send push notifications for new messages, connection requests, and chat events via Firebase Cloud Messaging;
Send Service-related communications (Account verification, security alerts);
Respond to your support requests and feedback; and
Notify you of material changes to our Terms, Privacy Policy, or Community Guidelines.

  ❌ What We Do NOT Do With Your Data
  We do NOT sell, rent, or lease your personal information to third parties;
We do NOT share your data with third parties for their own advertising or marketing purposes;
We do NOT build advertising profiles or track you across other apps or websites;
We do NOT use behavioral or interest-based targeted advertising — our rewarded ads are contextual only;
We do NOT proactively read, access, or monitor the content of your messages, except (a) when investigating a report filed through our reporting system, or (b) using automated hash-matching to detect known CSAM imagery; and
We do NOT use your data for purposes incompatible with those stated in this Policy.

4. How We Share Your Information

4.1 With Other Users

Information	Visibility
Initials (derived from your name)	Always visible to matched Users
Age, country, gender	Used for matching filters; not directly displayed
Full name (first and last)	Shared only if you affirmatively choose to share it
Profile photo	Shared only if you affirmatively choose to share it
Online status / last seen	Visible to Connections (unless you enable Ghost Mode)
Screenshot/image save events	Both participants are notified
Messages and images	Visible to your chat partner during active chats/Connections

4.2 With Service Providers

We share data with third-party service providers who process data on our behalf under contractual obligations to protect your data. See Section 5 for the full list.

4.3 For Legal Reasons

We may disclose your data to law enforcement, regulators, or other authorities where required by law, court order, or to protect the safety of our users and the public. This includes:

Comply with applicable law, regulation, legal process, or enforceable governmental request;
Respond to valid subpoenas, court orders, or other legal process;
Protect the safety, rights, or property of Zunii, our Users, or the public;
Investigate, prevent, or take action regarding violations of our Terms or applicable law;
Report child exploitation material to NCMEC and law enforcement; and
Respond to emergencies involving danger of death or serious injury.

4.4 We Do Not Sell Your Data

We do not sell your personal data to third parties. We do share advertising identifiers with ad partners for the purpose of serving rewarded video ads — see Section 5 and Section 8.5 for opt-out options.

4.5 Business Transfers

In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of assets, your personal information may be transferred. We will notify you via in-app notification and/or email before your information becomes subject to a different privacy policy. Your data will continue to be protected under substantially similar privacy terms.

4.6 Aggregated & De-Identified Data

We may share aggregated, de-identified, or anonymised information that cannot reasonably identify you for analytics, research, or business purposes.

5. Third-Party Services

We use the following third-party service providers. Each processes data subject to its own privacy policy. All third-party service providers listed below are bound by Data Processing Agreements (DPAs) that require them to process your data only as instructed by us and to implement appropriate technical and organisational security measures.

Service	Provider	Purpose	Data Processed	Privacy Policy
Firebase Authentication	Google LLC	User authentication, account management	Email, password (hashed), auth tokens	Link
Cloud Firestore & Realtime Database	Google LLC	Data storage, real-time messaging, presence	User profiles, chat data, presence, connections	Link
Firebase Analytics	Google LLC	Usage analytics, user segmentation	Events, screen views, user properties (gender, country, age group), device data	Link
Firebase Crashlytics	Google LLC	Crash reporting, stability monitoring	Crash logs, stack traces, device info, custom keys (country)	Link
Firebase Cloud Messaging	Google LLC	Push notifications	Device token, notification content	Link
Firebase Remote Config	Google LLC	Feature flags and configuration	App instance identifiers, feature flag values	Link
Google AdMob	Google LLC	Rewarded video advertisements	Advertising ID (AAID/IDFA), ad interactions, device info, IP address	Link
RevenueCat	RevenueCat Inc.	Subscription billing management	User ID, subscription status, purchase receipts, entitlements	Link
Cloudflare (R2, D1, Workers, KV)	Cloudflare Inc.	Image storage and delivery, image lifecycle management, rate limiting, content delivery, edge security	Profile images, chat images, image metadata, upload statistics	Link
Apple Sign-In	Apple Inc.	Optional social login; App Store billing	Authentication tokens, basic profile data, purchase records	Link
Google Sign-In	Google LLC	Optional social login; Google Play billing	Google account email, name, profile picture, authentication tokens, purchase records	Link

6. Data Retention & Deletion

6.1 Retention Schedule

Data Category	Retention Period	Deletion Method
Account & profile data	Until Account deletion or auto-delete expiry (30/60/90 days of inactivity, your choice)	Permanent deletion
Random chat messages	Deleted when the chat session ends	Automated server-side deletion
Connection chat messages	Until the Connection is removed by either User or expires (90 days of inactivity)	Permanent deletion on connection expiry or removal
Chat images (shared in conversations)	Deleted from our servers within 24 hours of upload	Automated scheduled cleanup
Profile images	Until replaced or account deleted; old images deleted within 24 hours of replacement	Permanent deletion from Cloudflare R2 and Firebase Storage
Subscription records	Until account deleted	Automatic deletion
Credits & wallet data	Until account deleted	Automatic deletion
Content reports (filed by you)	Until account deleted	Deleted with Account
Content reports (filed against you)	Until account deleted (retained for enforcement history)	Deleted with Account
Consent & legal compliance records	Until account deleted	Automatic deletion
Feedback and suggestions	Until account deleted, or until you request deletion	Manual deletion upon request
Crash logs & diagnostic data	Per Firebase Crashlytics default (90 days)	Automated by Firebase
Analytics data	Per Firebase Analytics default (14 months for event data, 2 months for user-level data)	Automated by Firebase
IP address logs (infrastructure)	Per infrastructure provider retention policies (Firebase, Cloudflare)	Per provider policy
Ad interaction data	Managed by Google AdMob per their retention policy	Per Google's policy
Push notification tokens	Until logout, token invalidation, or Account deletion	Cleared on logout; cleaned daily for invalid tokens
Matching queue data	Minutes (transient — expires within 5 minutes)	Automatic expiry
Online status / presence	Real-time only; deleted on logout or Account deletion	Automatic
Local device cache	Until you sign out or delete your Account	Permanent deletion of local database
Image lifecycle records (metadata only)	30 days after image deletion	Automated scheduled cleanup

6.2 Account Auto-Delete

You may choose an auto-delete period of 30, 60, or 90 days (default: 90 days). If you do not open the App for your chosen period, your Account and all associated data will be automatically and permanently deleted. You will receive a warning when your Account approaches the danger zone (25% of your chosen period remaining). Opening the App renews your lease.

6.3 Connection Auto-Expiry

Connections automatically expire after 90 days of inactivity (no messages sent). You will receive a warning when a Connection has 20 or fewer days remaining. Sending a message renews the Connection lease.

6.4 Account Deletion

You can delete your account at any time through the App (Settings → Privacy & Security → Delete Account), our website at zunii.app/account/delete, or by emailing support@zunii.app. When you delete your Account, we permanently and irreversibly remove:

Your profile information (name, photo, age, gender, country);
Your authentication credentials and tokens;
All chat history (random and Connection chats) and messages;
All images (profile and chat images from Cloudflare R2 and Firebase Storage);
Your Connections list;
Your block list;
Your reports (as the reporting User);
Your subscription records and credits;
Your push notification tokens;
All real-time database records (inbox, presence, matching data, usage data, rate limits); and
All local device data (SQLite database permanently deleted).

6.5 Deletion for Suspended or Restricted Accounts

Accounts that are suspended or in a cooldown period may have restricted self-service deletion within the App. However, you may still exercise your legal right to data deletion at any time by contacting privacy@zunii.app. We may retain limited data where legally required (e.g., for ongoing investigations, legal obligations, or to enforce our Terms), but we will inform you of any such retention and its legal basis. De-identified or aggregated data that cannot identify you may also be retained.

7. Data Security

We implement industry-standard technical and organisational measures designed to protect your personal information.

7.1 Technical Safeguards

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
Encryption at Rest (Server-Side): Data stored on our servers (Firebase, Cloudflare) is encrypted at rest by our infrastructure providers using AES-256 or equivalent.
Local Device Storage: Data cached on your device is stored in standard device storage and protected by your device's own security features (device encryption, screen lock). We do not apply additional application-level encryption to locally cached data.
Secure Authentication: Passwords are hashed using industry-standard algorithms. OAuth 2.0 protocols with secure token management; token revocation on Account deletion.
Access Controls: Role-based access with principle of least privilege. Access to user data is restricted to authorised personnel and services.
Rate Limiting: API endpoints are rate-limited to prevent abuse.
Image Security: Shared images are accessible via randomised URLs that are not guessable. Chat images are automatically deleted from our servers within 24 hours.
Infrastructure Security: Firebase (SOC 2 Type II, ISO 27001) and Cloudflare maintain industry certifications.
Multi-Region Architecture: Chat data is routed to the nearest regional server (Americas, Asia-Pacific, or Europe) for performance and data proximity.
Screen Protection: The App includes screenshot prevention on Android and screen blur on iOS app switching to protect chat content.

7.2 Organisational Safeguards

Regular security assessments and vulnerability testing;
Documented incident response procedures;
Data Processing Agreements with all sub-processors; and
Regular review and update of security policies.

Important — Encryption Notice: Chat messages are not end-to-end encrypted. Messages are encrypted in transit (TLS) and at rest on our servers (by infrastructure providers), but they are accessible to our systems for the purposes of service delivery and safety moderation as described in this Policy. No system is completely secure, and we cannot guarantee the absolute security of your data.

⚠️ Your Responsibilities

No method of transmission or storage is 100% secure. You are responsible for keeping your credentials confidential, using strong passwords, exercising caution about what you share with other Users, and keeping your device updated. Report suspected unauthorised access to support@zunii.app immediately.

8. Your Rights & Choices

Depending on your jurisdiction, you have the following rights. We respond to valid requests within 30 days (45 days for complex requests).

8.1 Account Deletion

Delete your Account via the App (Profile → Delete Account), our web deletion page, or by emailing support@zunii.app. If your Account is suspended or in a cooldown period, you may still request data deletion by emailing privacy@zunii.app (see Section 6.5).

8.2 Data Access, Correction & Portability

View and update your profile directly in the App (Profile → Edit Profile). Request a copy of all data we hold, or a copy in a structured, machine-readable format (data portability), by contacting privacy@zunii.app. We will fulfil portability requests within 30 days.

8.3 Ghost Mode (Activity Status)

You can control your activity visibility in Settings → Privacy & Security:

Show Activity Status: Toggle off to appear offline to all connections (Ghost Mode). When Ghost Mode is enabled, you also cannot see others' activity status.
Show Last Seen: Toggle off to hide your last seen timestamp from connections.

8.4 Blocking

You can block any User from their profile or during a chat. Blocked users cannot match with you or contact you. You can manage your blocked list in Settings → Privacy & Security → Blocked Users.

8.5 Advertising Controls

Rewarded ads are opt-in: You are never required to watch an advertisement. You choose when to watch a rewarded ad to earn credits.
iOS (IDFA): We request your permission via Apple's App Tracking Transparency framework before accessing your IDFA. You can change this in iOS Settings → Zunii → Tracking, or your device's Settings → Privacy & Security → Tracking.
Android (AAID): You can opt out of interest-based advertising or reset your Advertising ID in Settings → Privacy → Ads (or Settings → Google → Ads).
We honour the Global Privacy Control (GPC) signal.

8.6 Analytics Opt-Out

You can opt out of analytics data collection by contacting privacy@zunii.app. When you opt out, we disable analytics and crash reporting data collection for your account.

8.7 Remember Me

If you enable "Remember Me" on the login screen, your email address is stored locally on your device for convenience. This data is cleared when you sign out or delete your account.

8.8 Restriction & Objection

Request restriction of processing or object to processing based on legitimate interests. Contact us at privacy@zunii.app to exercise these rights.

8.9 Withdrawal of Consent

You may withdraw consent at any time through the App's Settings → Privacy, by deleting your account, or by contacting privacy@zunii.app. Withdrawal does not affect the lawfulness of prior processing.

8.10 Non-Discrimination

We will not discriminate against you for exercising any privacy rights.

8.11 In-App Controls Summary

Ghost Mode: Hide your online status and last seen from all users (Settings → Privacy);
Auto-Delete Period: Choose 30, 60, or 90 days of inactivity before Account auto-deletion (Settings → Account);
Ad Personalization: Reset or limit your advertising identifier in your device settings;
App Tracking Transparency (iOS): When prompted, choose whether to allow tracking. You can change this in iOS Settings → Zunii;
Push Notifications: Manage via App settings or device settings;
Name & Photo Sharing: Control sharing in each individual chat;
Matching Preferences: Control your matching filters; and
Blocking: Block any User at any time.

9. Children's Privacy

🔞 Strictly Adults Only

Zunii is not directed to, intended for, or designed for anyone under 18 years of age (or 16 in Australia). We do not knowingly collect personal information from anyone under the applicable minimum age.

We employ age verification measures during registration, including date of birth verification. We reserve the right to require additional age verification at any time, including but not limited to identity document verification. If we discover that an account belongs to a user below the minimum age, we will immediately terminate the account and delete all associated data.

We do not direct targeted advertising at children. If you believe a User is underage, report them immediately via the in-app reporting feature or contact safety@zunii.app.

We comply with: the U.S. Children's Online Privacy Protection Act (COPPA), GDPR provisions regarding children, the Indian DPDP Act 2023, and the Australian Online Safety Amendment (Social Media Minimum Age) Act 2024.

10. International Data Transfers

Zunii operates globally. Your data may be transferred to and processed in countries other than your own. Specifically:

India — where our operations and data controller are based;
United States — Firebase infrastructure and Americas chat shard;
Europe (Belgium) — European chat shard (europe-west1);
Singapore — Asia-Pacific chat shard (asia-southeast1); and
Global — Cloudflare edge network nodes.

Our infrastructure uses regional routing:

Americas shard: United States (serves North America, South America)
Europe shard: European Union / Belgium (serves Europe, Middle East, Africa)
Asia-Pacific shard: Singapore/India (serves Asia-Pacific)

Cross-Region Matching: When users from different regions are matched, chat data is routed to our Americas shard (United States). This means if you are in the EU and are matched with a user outside the EU, your chat data for that conversation will be processed on US-based servers.

Chat messages between Users in the same region are processed on the regional shard (e.g., EU users chatting together use the European shard).

Safeguards for international transfers include:

Standard Contractual Clauses (SCCs) approved by the European Commission;
UK International Data Transfer Agreement (IDTA) where applicable;
Data Processing Agreements with all sub-processors;
Reliance on infrastructure providers' certifications (Google Cloud SOC 2, ISO 27001, EU-US Data Privacy Framework); and
Encryption in transit and at rest.

11. Cookies and Tracking Technologies

As a mobile application, Zunii does not use browser cookies. We use the following technologies:

Device Identifiers: IDFV (iOS) and Android ID for Account security, fraud prevention, and single-Account enforcement.
Advertising Identifiers: AAID (Android) and IDFA (iOS) are used by Google AdMob to serve and measure rewarded video advertisements. On iOS, the IDFA is only accessed after you grant permission via the App Tracking Transparency (ATT) prompt. On Android, you can reset or opt out of personalised ads in your device settings.
Firebase Analytics: Collects anonymised, aggregated usage data to improve the Service. Does not track you across other apps or websites.
Firebase Remote Config: Delivers feature flags and configuration values. Collects app instance identifiers.
Push Notification Tokens: FCM tokens for push notification delivery, deleted on Account deletion or logout.

We do NOT:

Link your advertising identifier to personally identifiable information;
Use your advertising identifier for interest-based or behavioural advertising across apps;
Share your advertising identifier with data brokers or third parties for their own purposes; or
Reconnect data to a reset advertising identifier.

We honour the "Opt out of Interest-Based Advertising" and "Limit Ad Tracking" settings on your device, and the Global Privacy Control (GPC) signal.

Our website (zunii.app) uses only essential cookies strictly necessary for functionality. We do not use advertising, analytics, or third-party tracking cookies on our website.

12. Region-Specific Disclosures

12.1 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

EU and UK Representative

We are in the process of appointing an EU representative pursuant to Article 27 of the GDPR and a UK representative pursuant to Article 27 of the UK GDPR. In the meantime, please direct all inquiries to privacy@zunii.app. This section will be updated once representatives are appointed.

Legal Bases for Processing

Processing Activity	Legal Basis
Account creation, authentication, and management	Performance of contract (Terms of Service)
User matching and communication	Performance of contract
Subscription processing and delivery	Performance of contract
Optional features (sharing name, photo, images)	Your consent
Rewarded advertisements (AAID/IDFA collection)	Your consent (via ATT prompt on iOS; ad opt-in on Android)
Safety, security, fraud prevention, abuse detection	Legitimate interests (protecting Users and the Service)
Report review and content moderation	Legitimate interests (maintaining community safety)
Message content review upon user report	Legitimate interests (community safety); Legal obligation (CSAM reporting under 18 U.S.C. § 2258A)
Automated CSAM hash-matching detection	Legal obligation (18 U.S.C. § 2258A); Vital interests (child protection)
Service improvement and analytics	Legitimate interests (improving the Service)
Push notifications	Performance of contract; your consent (device-level permission)
Legal compliance and law enforcement cooperation	Legal obligation
Reporting CSAM to NCMEC and authorities	Legal obligation; vital interests
Recording consent and Terms acceptance	Legal obligation; legitimate interests

Where we rely on legitimate interests, we have conducted a balancing assessment to ensure your rights and interests do not override our legitimate interests. We have also conducted Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals, including our matching system and content moderation processes. You may contact us to request details of these assessments.

Your GDPR Rights

If you are in the EEA, UK, or Switzerland, you have the following rights:

Access (Art. 15): Request a copy of your data.
Rectification (Art. 16): Correct inaccurate data.
Erasure (Art. 17): Request deletion of your data. This right may be exercised at any time, including if your Account is suspended or restricted (see Section 6.5).
Restriction (Art. 18): Restrict how we process your data.
Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
Automated Decisions (Art. 22): You have the right not to be subject to decisions based solely on automated processing that produce legal effects. Contact us if you believe an automated decision was made in error.
Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting prior lawful processing.
Lodge a Complaint: With your national supervisory authority (e.g., ICO in the UK, CNIL in France, DPC in Ireland).

Automated Decision-Making

Matching: Our matching system uses automated processes to connect Users based on preferences and availability. This does not produce legal or similarly significant effects.

Safety Enforcement: Our systems may automatically apply temporary restrictions (warnings, cooldowns of 30 minutes to 6 hours, or suspensions) based on the number and severity of reports. These actions are subject to human review. Appeal at appeals@zunii.app.

Special Category Data

We do not intentionally collect special category data (health, religion, political opinions, sexual orientation, etc.). If you voluntarily share such information in chats, it is processed only for content delivery and moderation. We strongly discourage sharing such information.

UK Online Safety Act

We operate in-app report and block functions, content moderation processes, and remove illegal content as defined under UK law.

Breach Notification

In the event of a personal data breach likely to result in risk to your rights and freedoms:

We notify the relevant supervisory authority within 72 hours (GDPR, DPDPA);
We notify affected Users without undue delay where the breach poses high risk;
We document the breach and remediation measures; and
We take immediate steps to contain, investigate, and remediate.

Data Protection Contact

Contact: privacy@zunii.app. Response within 30 days (extendable by 60 days for complex requests).

12.2 United States

COPPA (Children Under 13)

Our App is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it immediately. Contact privacy@zunii.app if you believe we have collected such information.

California (CCPA / CPRA)

If you are a California resident, you have the following rights:

Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and parties we share it with.
Right to Delete: Request deletion of your personal information.
Right to Correct: Request correction of inaccurate information.
Right to Opt-Out of Sale or Sharing: We do not sell personal information. We share advertising identifiers with ad partners — to opt out, use your device's "Limit Ad Tracking" setting or contact us. We honour the Global Privacy Control (GPC) signal.
Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those disclosed.
Right of Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories Collected (Last 12 Months)

CCPA Category	Data Elements	Sold?	Shared for Ads?
Identifiers	Name, email, device ID, advertising ID	No	No*
Personal Information (§1798.80)	Name, email	No	No
Protected classifications	Age, gender	No	No
Commercial information	Subscription purchase records	No	No
Internet/electronic activity	Usage data, device info, IP, ad interactions	No	No*
Geolocation	Country (self-reported), approximate region (from IP)	No	No
Inferences	Matching preferences	No	No

*Advertising identifiers and device information are shared with Google AdMob solely to serve rewarded ads you voluntarily choose to watch. This is not "sharing" for cross-context behavioral advertising as defined by CPRA.

To submit a request: privacy@zunii.app. We will verify your identity before processing.

Other US State Privacy Laws

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Montana, Texas, Oregon, Kentucky, Indiana, Rhode Island, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, Tennessee, and others — including those effective 2025–2026) have the right to access, correct, delete, and obtain a portable copy of their personal data; opt out of targeted advertising; and opt out of the sale of personal data. We honour the Global Privacy Control (GPC) signal. To exercise these rights, contact privacy@zunii.app.

12.3 India (DPDP Act 2023 / DPDP Rules 2025)

Data Processing Notice

This section constitutes a Data Processing Notice as required under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and DPDP Rules, 2025.

Data Fiduciary: Abhishek Olkha, Inderpura, Udaipurwati, Jhunjhunu, Rajasthan 333307, India. Email: privacy@zunii.app

See Section 2 for the itemised list of personal data collected and its purposes.

How to withdraw consent: Through the App's Settings → Privacy, by deleting your account, or by contacting privacy@zunii.app. Withdrawal does not affect processing already carried out.

How to complain: You may file a complaint with the Data Protection Board of India at dpboard.gov.in once operational.

Your Rights (India)

Right to Access: Obtain a summary of your personal data and processing activities.
Right to Correction and Erasure: Request correction or deletion of your data.
Right to Grievance Redressal: Raise grievances with our Grievance Officer.
Right to Nominate: Nominate a person to exercise your rights in case of death or incapacity.

Grievance Officer (India)

In accordance with the DPDP Act and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021:

Grievance Officer: Abhishek Olkha
Email: grievance@zunii.app
Address: Inderpura, Udaipurwati, Jhunjhunu, Rajasthan 333307, India

The Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 15 days.

Children's Data (India)

Under the DPDP Act, anyone under 18 is a child. We do not knowingly collect data from users under 18 in India. We do not serve targeted advertising to any user.

IT Rules Compliance

We comply with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, including publishing these terms, providing grievance mechanisms, and acting on unlawful content within 24 hours of receiving a valid government order.

12.4 Australia

We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), and the Online Safety Amendment (Social Media Minimum Age) Act 2024. Minimum age for Australian users: 16 years. Users under 16 are not permitted to create or maintain an account. We employ age verification measures during registration, including date of birth verification, and reserve the right to require additional age verification at any time. Any data collected for age verification is used solely for that purpose and deleted promptly after verification. We take reasonable steps to ensure overseas recipients handle your data consistently with the APPs. You have the right to access and correct your personal information. Complaints: contact us first at privacy@zunii.app, then the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12.5 Brazil (LGPD)

If you are in Brazil, your data is processed in accordance with the Lei Geral de Proteção de Dados (LGPD — Law No. 13.709/2018). You have the right to confirm processing, access, correct, anonymise, delete, or port your data; withdraw consent; and lodge a complaint with the ANPD at gov.br/anpd.

Data Protection Officer (Encarregado): Abhishek Olkha
Email: privacy@zunii.app

12.6 South Africa (POPIA)

If you are in South Africa, your data is processed under the Protection of Personal Information Act (POPIA). You may access, correct, delete, or object to processing. Lodge complaints with the Information Regulator at inforegulator.org.za.

Responsible Party & Information Officer: Abhishek Olkha
Email: privacy@zunii.app

12.7 Kenya (Data Protection Act 2019)

If you are in Kenya, your data is processed under the Data Protection Act, 2019. We are registered with the ODPC. You may access, rectify, object to, restrict, or delete your data. Lodge complaints with the ODPC at odpc.go.ke.

12.8 Canada (PIPEDA)

If you are in Canada, your data is handled under PIPEDA and applicable provincial laws. You have the right to access and correct your personal information. Complaints may be directed to the Office of the Privacy Commissioner at priv.gc.ca. Contact our Privacy Officer first at privacy@zunii.app.

12.9 Japan (APPI)

If you are in Japan, your data is handled under the Act on the Protection of Personal Information (APPI). We use your data only for purposes described in this Policy and will not provide it to third parties without consent, except as required by law. Cross-border transfers: we ensure equivalent protection or obtain your consent. Complaints: ppc.go.jp.

12.10 South Korea (PIPA)

If you are in South Korea, your data is handled under the Personal Information Protection Act (PIPA). This section constitutes our Personal Information Processing Policy (개인정보 처리방침). When your data is no longer needed, it is destroyed using irreversible methods. Cross-border transfers require your consent or equivalent safeguards. Complaints: PIPC at pipc.go.kr or KISA.

12.11 Vietnam, Indonesia, Singapore

Vietnam: We comply with the Law on Cybersecurity 2018 and respond to lawful government data requests as mandated.

Indonesia: We comply with Government Regulation No. 71/2019 and lawful content removal orders from Kominfo.

Singapore: We comply with POFMA. If the Singapore government issues a correction or removal order, we will comply promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we provide in-app notification at least 14 days before changes take effect. Where consent is required under applicable law, we obtain it before changes apply. The "Effective Date" at the top of this Policy indicates when it was last updated. Your continued use of the App after the effective date constitutes acceptance.

14. Contact Us

Questions About Your Privacy?

Purpose	Contact
🔒 Privacy & Data Protection Requests, GDPR Rights	privacy@zunii.app
💬 General Support	support@zunii.app
🚨 Safety Concerns & CSAM Reporting	safety@zunii.app
⚖️ Account Appeals	appeals@zunii.app
🇮🇳 India Grievance Officer	grievance@zunii.app
⚙️ Legal & Administrative	admin@zunii.app

Abhishek Olkha
Inderpura, Udaipurwati
Jhunjhunu, Rajasthan 333307, India