Effective date: March 2026 · Last updated: March 2026
Circles is built around real-world presence and local community. We collect only what's needed to connect you with people nearby — and we never sell your data.
1. Who We Are
Circles ("we", "us", "our") is a location-based social platform that helps people discover and connect with communities around them. If you have questions about this policy, contact us at privacy@circlesmap.com.
2. Information We Collect
Account information
Email address and password (used for authentication)
Username and profile photo (chosen by you)
Account type (personal or business)
Bio and interests (optional, set by you)
Location data
Precise location: Your device's precise GPS coordinates when you use the app — used to show nearby Circles, detect when you arrive at a location, and calculate time spent at places
Background location: With your explicit permission, Circles uses geofencing to automatically detect when you arrive at or leave a registered location (Node). This works even when the app is not in the foreground or is closed. Geofence events are processed locally on your device and only the check-in or check-out event (not continuous tracking) is sent to our servers. You can disable background location at any time through your device's system settings or by revoking location permissions for Circles
We do not continuously track your location in the background. We only receive a notification when you enter or exit a geofenced area
Camera, microphone, and media
Circles requests access to your device camera to allow you to take photos for your profile, share images in posts, and capture content within the app
Circles requests access to your device microphone to allow you to record voice messages in chats. Voice recordings are uploaded to our secure storage servers
Photos and voice messages are uploaded to our secure storage servers and are visible to other users in the relevant conversation or post
Camera and microphone access are only used when you actively choose to take a photo or record a voice message. We do not access your camera or microphone in the background
Identity verification (face / biometric data)
To reduce impersonation and abuse, Circles may ask you to complete a one-time liveness check (a short selfie video or still image). The captured frame is processed both on-device and on our secure servers to confirm the photo is of a real, live person
This image is treated as sensitive biometric data under GDPR Article 9 and similar laws. We collect it only with your explicit consent at the verification step and only for the purpose of confirming account authenticity
The verification image is retained only as long as needed to maintain the verified state of your account and is deleted automatically when you delete your account (see Section 7). Failed verification attempts are deleted within 30 days
We do not use your verification image for any other purpose, do not share it with advertisers or data brokers, and do not use it to train machine-learning models
Contacts (optional)
If you opt in to "Find your contacts on Circles", Circles reads the phone numbers stored on your device, normalises and hashes them on-device using SHA-256, and sends only the hashed fingerprints to our servers to look up matches
We never upload raw phone numbers or names from your address book. Hashes are one-way and cannot be reversed
You can revoke Contacts permission at any time through your device's system settings; previously matched results are not automatically removed unless you delete your account
Bluetooth peer proximity (BLE)
During live activities, Circles uses Bluetooth Low Energy to detect when you and other consenting Circles users are physically near each other. Peer detection is used to verify that members are co-present at an event when GPS is unreliable (e.g. indoors)
BLE peer identifiers are short-lived, rotated daily, and never linked to your physical identity outside the app. You can disable Bluetooth permission at any time through your device's system settings
Approximate location label (analytics)
To understand which neighbourhoods Circles is being used in, we compute a coarse city-level label (e.g. "Tel Aviv", "Berlin") from your GPS position and stamp it on aggregated usage events. The label is at city/neighbourhood resolution only — never your precise coordinates
This label is used solely for internal product analytics and retention metrics. It is never shared with third parties or used to target ads
Content you create
Messages you send in community chats or direct messages
Photos, voice notes, and posts you share
Sparks (short ephemeral stories) — these expire after 24 hours
Reviews and ratings you leave on Circles
Social and activity data
Connections (friends) you make through the app
Check-in history and time spent at Circles
Interactions with other users' content (reactions, comments)
Group chat membership, roles (creator, moderator, member)
Reports you submit about other users (harassment, inappropriate behavior, spam)
Removal records if you are removed from a Circle by a moderator (including cooldown period)
Calendar integration
When you use the "Add to Calendar" feature for invites or events, Circles generates a calendar file (.ics) or Google Calendar URL containing the event title, time, location, and description. This data is passed directly to your calendar app — we do not access or read your calendar data
Device and usage data
Device type, operating system, and app version (for bug fixes, compatibility, and crash reporting)
App feature usage and interaction data (to improve the product)
Push notification device tokens (to deliver notifications to your device)
Crash reports and performance data (collected via Sentry — see Section 4)
Authentication data
If you sign in with Apple or Google, we receive your name and email address as provided by the authentication provider. We do not receive or store your Apple ID or Google account password
3. How We Use Your Information
Purpose
Data used
Show nearby Circles and people on the map
Precise location, profile
Enable check-ins and time-together tracking
Precise and background location, node membership
Automatic geofence check-in/check-out
Background location (geofence events only)
Deliver messages and push notifications
Account, content, device push token
Build friend connections from co-attendance
Location, check-in history
Allow photo sharing and profile customization
Camera, uploaded media
Enforce community safety (reports, suspensions, moderator actions)
Account, content, reports, removal records
Manage group chat membership and moderation
Circle membership, roles, report counts
Monitor app stability and fix crashes
Crash reports, device info
Improve and debug the app
Usage data, device info
4. Third-Party Services
We use the following third-party services to operate Circles:
Supabase — database, authentication, and file storage. Data is stored on servers in Singapore (AWS ap-southeast-1). Supabase Privacy Policy
Mapbox — interactive maps and location search. Your search queries and map interactions are sent to Mapbox. Mapbox Privacy Policy
Firebase Cloud Messaging (Google) — push notification delivery for Android devices. Device tokens are sent to Google's FCM service to deliver notifications. Firebase Privacy
Apple Push Notification Service (APNs) — push notification delivery for iOS devices. Device tokens are sent to Apple's servers to deliver notifications. Apple Privacy Policy
Sentry — error tracking and crash reporting. Device info, app state, and stack traces are sent when the app encounters an error. No personal messages or location data are included in crash reports. Sentry Privacy Policy
Apple Sign-In / Google Sign-In — if you choose to sign in with Apple or Google, your authentication is processed by their respective services. We only receive the name and email you authorize
We do not use advertising networks, sell your data to third parties, or share personal information with any other third parties without your consent.
5. Push Notifications
Circles sends push notifications to keep you informed about:
New messages and chat activity
Friend requests and social interactions
Check-in and check-out events (from geofencing)
Community updates and invitations
To deliver notifications, we collect a device push token — a unique identifier assigned by Apple (APNs) or Google (FCM) to your device. This token does not contain personal information and cannot be used to identify you outside of the Circles app.
You can disable push notifications at any time through your device's system settings (Settings → Notifications → Circles). Disabling notifications does not affect any other functionality of the app.
6. Data Sharing
We share your data only in these circumstances:
With other users — your username, profile photo, and public activity (check-ins, posts) are visible to others as described in the app's visibility settings
With service providers — the third-party services listed in Section 4, solely to operate and improve Circles
Legal obligations — if required by law, court order, or to protect the safety of users or the public
Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you before your data becomes subject to a different privacy policy
We do not sell your data to advertisers or data brokers, ever
7. Data Retention
Sparks expire automatically after 24 hours
Direct messages and voice messages are stored until you or the other party deletes the conversation
Removal cooldowns expire after 24 hours and are retained for moderation audit purposes
Check-in history is retained for the duration of your account to power encounter tracking and social features
Verification (biometric) images are retained only while your account is verified. Failed-attempt images are deleted within 30 days. All verification images are deleted when you delete your account
Hashed contact fingerprints are retained while your account is active and deleted when you delete your account. Raw phone numbers are never stored
Crash reports are retained by Sentry for up to 90 days
Account data is retained until you delete your account
When you delete your account, all your personal data is permanently removed within 30 days. Some anonymized, aggregated data (e.g., total check-in counts at a location) may be retained as it cannot be linked back to you
8. Your Rights
Regardless of where you live, you have the right to:
Access — request a copy of your personal data
Correction — update your profile and information at any time in the app
Deletion — delete your account and all associated data from Settings → Danger Zone → Delete Account in the app, or by emailing us
Portability — request your data in a portable format by contacting us
Objection — object to certain processing by adjusting privacy settings in the app
Withdraw consent — revoke permissions (location, camera, notifications) at any time through your device settings
If you are located in the European Economic Area (EEA) or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority.
9. Age Requirement
Circles is intended for users aged 18 and older. We do not knowingly collect personal information from individuals under 18. If we become aware that someone under 18 has provided us with personal information, we will delete it promptly. If you believe someone under 18 has an account, contact us at privacy@circlesmap.com.
10. Security
We use industry-standard measures to protect your data, including:
TLS encryption for all data in transit
Encrypted storage at rest via Supabase (AES-256)
Row-Level Security (RLS) policies on all database tables to ensure users can only access their own data
Regular security audits of our codebase and infrastructure
However, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password for your account.
11. Data Breach Notification
In the unlikely event of a data breach that affects your personal information, we will:
Notify affected users via email and/or in-app notification within 72 hours of becoming aware of the breach
Notify relevant data protection authorities as required by applicable law
Provide details about what data was affected and what steps we are taking to address the breach
12. Content Ownership and License
You retain ownership of all content you create and share on Circles (posts, photos, messages, reviews). By posting content on Circles, you grant us a non-exclusive, worldwide, royalty-free license to store, display, and distribute that content within the Circles platform for the purpose of operating and providing the service. This license ends when you delete the content or your account.
We do not claim ownership of your content and will never use it for advertising or sell it to third parties.
13. International Users
Circles is a globally distributed service. Our data is processed and stored in data centers located in Southeast Asia (via Supabase on AWS ap-southeast-1, Singapore). Our team operates internationally. By using the app, you acknowledge that your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for any such transfers, including standard contractual clauses where applicable.
14. Governing Law and Dispute Resolution
Circles operates globally. We respect and comply with the data protection laws applicable to our users, including:
European Economic Area (EEA) and UK: We process your data in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing are: consent (location, camera, notifications), contractual necessity (account and service operation), and legitimate interest (security, fraud prevention, product improvement). You may exercise your GDPR rights as described in Section 8
California, USA: Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request deletion, and opt out of the sale of your data. We do not sell personal information. To exercise your CCPA rights, contact us at privacy@circlesmap.com
All other jurisdictions: We comply with applicable local data protection laws. If local law provides you with greater rights than those described in this policy, those rights apply
Any disputes arising from this policy or your use of Circles will be resolved through good-faith negotiation first. If a resolution cannot be reached within 30 days, the dispute will be submitted to binding arbitration under the rules of the Singapore International Arbitration Centre (SIAC), with proceedings conducted in English. You agree to waive any right to participate in a class action lawsuit or class-wide arbitration.
We chose Singapore as a neutral international arbitration venue that is accessible and recognized globally.
15. Limitation of Liability
To the maximum extent permitted by applicable law, Circles and its operators shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of the service, including but not limited to loss of data, loss of profits, or damages resulting from user-generated content, service interruptions, or unauthorized access to your account.
The service is provided on an "as is" and "as available" basis, without warranties of any kind, either express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
16. Changes to This Policy
We may update this privacy policy from time to time. If we make material changes, we will notify you through the app or by email before the change takes effect. Continued use of the app after that date constitutes your acceptance of the updated policy.
17. Contact Us
For any privacy questions, data requests, or concerns: