This Privacy Policy explains how we collect, use, share and protect your personal data when you use Groom — our mobile application and our website — and what rights you have over your data. We have written it in plain language wherever the law allows, and in more formal language where precision is required.
Here is the short version. The full policy is below.
This policy applies to your use of:
It does not apply to third-party services you may reach through Groom. Their handling of your data is governed by their own privacy policies.
When you create an account, we ask for: an email address; a password (which is hashed by our authentication provider before being stored — we never see it in clear text); your date of birth (used to verify that you are at least 18); a unique nickname; and your locale (filled in automatically from your device). The password must be at least eight characters long and contain both letters and digits.
You can sign up with Sign in with Apple or Sign in with Google instead of email and password. If you do, we receive your name and email address from Apple or Google. We do not receive any other information from those providers.
You can choose to add: a profile photo; a short biography; links to other social-media accounts (your Instagram or TikTok handles, for example); status and intention fields (what you are looking for); and a profile theme. None of this is required. Anything you choose to add is visible to other users you interact with, subject to your privacy settings.
Messages you send in place chats; direct messages you send to other users; image attachments to either kind of message; reactions; polls you create or vote in; place ratings; and feedback you submit through the app. All of this is stored on our servers.
If you report another user, a profile, or a message, we keep the report itself, the content you reported (a snapshot taken at the moment of reporting, so the author cannot evade review by editing or deleting), the reason you gave, and the outcome of our review.
If you contact our support team, we keep what you wrote and our reply.
Each time you use Groom, we automatically receive: your device model, operating-system version, app version, language, time zone, and an installation identifier. We also receive crash logs (through Firebase Crashlytics) if the app crashes. Crashlytics receives stack traces, OS and device model, app version, and your user identifier where applicable.
Which features you use, which place chats you join, which direct-message conversations you are part of, when you open the app, and how long your sessions last. This is stored in our own database, not in any third-party analytics product. We do not use Firebase Analytics, Mixpanel, Amplitude, Segment, Adjust, Branch, AppsFlyer, OneSignal or any other analytics or attribution SDK; you can verify this by inspecting our pubspec.yaml.
When you grant the app permission to access your location, we receive precise GPS coordinates from your device, along with the reading’s reported accuracy and a flag indicating whether the operating system has detected the location as mocked or spoofed.
We use this location only while the app is in the foreground. We do not collect background location. Our iOS app declares only the WhenInUse permission; our Android app declares only the foreground ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION permissions. There is no background location mode in our iOS Info.plist.
We use location for two purposes: to show you places near you, and to verify that you are physically present at a place when you ask to join its chat. The verification is done server-side: a fix is rejected if the reported accuracy is worse than 50 metres, if the fix is older than five minutes, if the device flag indicates the location is mocked, or if you are not within the place’s radius. The radius is set per-place and clamped between 100 metres and 2 kilometres.
We do not keep a long-term record of where you have been. Each new location reading overwrites the previous one in a single row in our database. There is no per-user location history table. Anti-abuse counters are stored separately and aggregate-only — they record how often a fix was rejected and why, not the underlying coordinates.
Some of the third-party services we use read or set identifiers on your device. The exhaustive list is:
We do not request the iOS Identifier for Advertisers (IDFA) or the Android Advertising Identifier (GAID). The iOS App Tracking Transparency prompt is therefore never shown by Groom: we have nothing to ask you to track.
Under GDPR Articles 13 and 14 we have to tell you why we use each piece of your data and what legal basis under Article 6 lets us do so. The breakdown is below. This is the most important part of the policy from a CNIL audit perspective.
Legal basis: performance of a contract (Article 6(1)(b) GDPR). Without this we cannot provide you with the service.
Legal basis: performance of a contract for the basic discovery feature, and your consent (Article 6(1)(a) GDPR) for the use of precise location data. You grant that consent through the operating-system permission prompt and you can withdraw it at any time from your device settings.
Legal basis: performance of a contract — this is a core rule of the service, set out in our Terms and Conditions. We use your location reading only at the moment you ask to join, and only for the purpose of confirming you are within the venue’s perimeter.
Legal basis: performance of a contract.
Legal basis: your consent, granted through the operating-system notification permission. On iOS, we show you a custom prompt explaining what notifications we will send before the OS prompt appears; this is so you understand what you are agreeing to. You can turn notifications off entirely at the OS level, and you can mute individual conversations from inside the app.
Legal basis: performance of a contract. We also retain certain receipt data for legal-obligation purposes (Article 6(1)(c) GDPR) — French commercial and tax law requires us to keep accounting records for ten years.
Legal basis: our legitimate interest (Article 6(1)(f) GDPR) in keeping the service safe for everyone, and legal obligation under the Digital Services Act and applicable national law. Our legitimate-interest analysis has weighed the seriousness of the abuse we are trying to prevent against the impact on you, and we have concluded that this processing is necessary and proportionate.
Legal basis: legitimate interest (keeping the service safe and lawful) and legal obligation under the Digital Services Act.
Legal basis: legal obligation. We disclose data only when we receive a request that meets the legal requirements applicable to us. We publish a separate Law Enforcement Guide explaining how authorities should make such requests.
Legal basis: legitimate interest. The data we use here is operational — crash reports, server logs, aggregate counts of how features are used. We do not use behavioural analytics.
Legal basis: performance of a contract (account confirmations, security alerts) or legitimate interest (changes to the service).
Legal basis: your consent. We currently have no marketing-push channel. If we add one, we will ask for your consent separately and you will be able to withdraw it at any time from inside the app.
We use a small number of trusted service providers to run Groom. They process your data only on our instructions and only for the purposes we set. The exhaustive list is:
Supabase. Hosts our Postgres database (where your account, profile, messages, reports, subscriptions and all other server-side data live), our authentication service, our four storage buckets (email-assets and profile-pictures are public; dm-attachments and place-chat-attachments are private), and our seventeen edge functions. Production region: European Union (Paris region).
Firebase Cloud Messaging (Google LLC). Receives a device token and the notification payload (title, body, type) so it can wake your device. The payload itself contains only what is needed to render the notification — for example, a sender’s nickname and a snippet of a message.
Firebase Crashlytics (Google LLC). Receives stack traces, the device model and OS, the app version, and your user identifier where applicable, when the app crashes or hits a non-fatal error. We do not send Crashlytics any of your messages, photos or location data.
Apple Inc. (Sign in with Apple) and Google LLC (Sign in with Google) where you choose to use them. They confirm to us that you are who you say you are and pass us your name and email address. We do not pass them any other information.
Apple Inc. (App Store on iOS) and Google LLC (Google Play on Android). They handle the actual payment; we receive only a confirmation that you are a paying subscriber, the product you bought, and the receipt. They also send us server-to-server notifications when your subscription state changes (renewal, cancellation, refund). We never see your card number, billing address, or cardholder name.
Google Places API (Google LLC). When you search for a place in Groom, the search query you type and the location we use to scope it to your area are sent to Google. Google’s terms and privacy policy govern that interaction in addition to ours.
OpenStreetMap (the OpenStreetMap Foundation, a UK-based non-profit). When the app shows you a map, the visible map area is requested from OpenStreetMap’s tile servers. We do not use Google Maps, Mapbox or any other commercial mapping SDK.
Account-related emails (signup verification, password reset, email-change confirmation, reauthentication) are delivered through Supabase’s built-in email service. Moderation notices (suspensions, bans, appeal outcomes) are sent by an internal function over a generic SMTP relay. We do not use a third-party email-marketing provider.
If we are involved in a merger, acquisition, asset sale or restructuring, your data may be transferred. We will give you advance notice and, where applicable, the right to object. Any successor will be bound by this policy or one no less protective.
Some of our service providers, in particular Google LLC (which hosts Firebase Cloud Messaging, Firebase Crashlytics, Sign in with Google, the Google Places API, and Google Play Billing) and Apple Inc. (which hosts Sign in with Apple and the App Store), are based in or operate from outside the European Economic Area, including the United States. When we transfer your data outside the EEA we rely on one of the safeguards permitted by Articles 44 to 49 of the GDPR. In practice, we rely on:
You can ask us for a copy of the safeguards we have in place by writing to our privacy contact.
We keep your data only for as long as we need it for the purposes set out in this policy. Several of our retention windows are enforced by automated jobs that run every day; you can rely on them. The headlines:
If you live in the European Union, the United Kingdom, or another region with a comparable privacy law, you have the following rights:
If you believe we have not handled your data properly, you can complain to the supervisory authority in your country. In France, that is the Commission nationale de l’informatique et des libertés (CNIL). You can complain in any EU country where you live, work, or where the issue happened.
Article 22 GDPR gives you the right not to be subject to a decision based solely on automated processing, where the decision produces legal effects on you or significantly affects you. We do not use any such decision-making at Groom. Every account suspension, ban or content removal is decided by a human administrator after a human review.
There are, however, some processes that are partly automated. We list them here in the interests of transparency:
If you would like a human review of any automated outcome that affects you, write to our appeals contact (Terms § 11). We do this even where Article 22 GDPR does not strictly require it.
Some of the data you may choose to share through Groom is treated by GDPR Article 9 as a ‘special category’, because it can reveal something about who you are that is more sensitive than usual — for example, your sexual orientation, your beliefs, your health, your ethnicity, or precise location data.
We do not require you to provide any special-category data. If you choose to make any such information visible — for example, by writing about it in your bio or by selecting an intention or status that reveals your sexual orientation — we treat your decision to share it as your explicit consent under Article 9(2)(a) GDPR. You can remove that information at any time from your profile.
Precise location data, where it is processed in a way that reveals where you live or socialise, can in some circumstances be treated as special-category data. We have built the location pipeline to minimise that risk: we do not retain location history, we never expose raw coordinates to other users, and our data-minimisation choices (single overwritten row per user; aggregate-only abuse counters) are designed to keep us out of that territory.
The mobile app does not use cookies in the web sense. It does set, read or rely on a small number of identifiers on your device, all of which are listed in § 3.2 above and described in detail in our separate Cookie and Tracker Policy at groomapp.fr/cookies. On our website, we use only strictly necessary cookies (session and security). We do not use analytics or advertising cookies on the website. We do not deploy a Consent Management Platform because we have nothing for which we need to obtain ePrivacy consent.
Groom is for adults. You must be at least 18 years old to use Groom. We do not knowingly collect personal data from anyone under 18. If we find out that an account belongs to a minor, we close it and delete the data, except where the law requires us to keep some records (for example, if a report of illegal conduct is involved).
If you are a parent or guardian and you believe your child has created an account with us, please write to our privacy contact and we will act promptly.
We protect your data with technical and organisational measures appropriate to the risk. These include encryption of data in transit (TLS) and at rest (storage-provider encryption), role-based access controls in our database (Supabase Row Level Security), regular dependency upgrades, and incident-response procedures.
Direct messages and place-chat messages are not end-to-end encrypted. They are stored on our servers in plaintext from a database perspective; encryption is at the storage layer, not at the message layer. Our moderation team can read message content if a message is reported to them. If you need conversations that no platform operator can read, use a service that offers end-to-end encryption such as Signal.
No system is perfectly secure. If a breach happens that is likely to put your rights or freedoms at risk, we notify CNIL within 72 hours of becoming aware of it (Article 33 GDPR), and we notify you without undue delay where Article 34 GDPR requires it.
You can reach us at:
Email (privacy): support@groomapp.fr
Email is the best way to reach us; we do not currently expose a contact form inside the app.
French regulator: https://www.cnil.fr/.