Within Logo

Privacy Policy

Privacy with purpose

Within Social, Inc. (“Within,” “we,” “us,” or “our”) explains how we collect, use, disclose, and protect information when you use the Within website (datingwithin.com), our iOS and Android apps, and related services (collectively, the “Services”). This Policy applies to the United States.

We may update this Policy from time to time. If we make material changes, we will provide notice (e.g., in-app, email, or on-site) and update the effective date above.

Contact privacy teamView Cookie Policy

Effective date

10/24/2025

We will update this date whenever the Policy changes.

Company & mailing address

Within Social, Inc.

4516 Burleson Rd #17275, Austin, TX 78760 (USA)

Primary contact

policy@datingwithin.com

1) Eligibility

The services are intended for adults 18+. We do not knowingly collect personal information from anyone under 18.

If you believe a minor has provided information to us, contact policy@datingwithin.com and we will delete it.

2) Information We Collect

  • Account & Profile. Name, email, phone number, date of birth (age-gate 18+), gender, sexual orientation/preferences, pronouns, photos, and any other profile fields you provide.
  • Contacts / Address Book (optional). If you choose to import contacts to build your social graph or send referrals, we process selected phone numbers and not the contacts’ names. We hash/transform identifiers and upload only the contacts you select in encrypted form. You can exclude or block specific contacts at any time.
  • Non-user contacts. Contact identifiers for people who do not use Within may be stored to generate mutual-friend signals and avoid unwanted suggestions. You can remove them from your graph at any time. Non-users may request removal by emailing policy@datingwithin.com.
  • Location. Approximate or precise location (if you allow it in your device settings) to power discovery and safety features.
  • Messaging & user content. Messages, attachments, likes, reports/blocks, and moderation outcomes.
  • Device & app data. Device identifiers, OS/app version, push tokens, diagnostics/crash logs, and analytics events.
  • Payments. Purchases are processed by Apple App Store / Google Play Billing. We receive purchase status/identifiers and do not receive full credit-card numbers.
  • Sensitive data (optional). To support matching and health awareness, you may choose to provide sexual orientation and a Sickle Cell awareness field. Providing this information is optional; it may be edited or removed at any time in settings.

Sensitive data use

Sensitive data is handled with heightened safeguards, is visible only according to your settings, and can be removed whenever you like.

3) Sources of Information

  • Directly from you (account setup, profile, messaging, settings, referrals).
  • Automatically via the app/website (analytics, diagnostics, device data).
  • From your device’s contacts only if you opt in and select contacts.
  • From platforms (Apple/Google) for billing and distribution.

4) How We Use Information

  • Provide and operate the Services (accounts, profiles, messaging, referrals, mutual-friend graph, notifications).
  • Matching & trust signals based on shared contacts and preferences.
  • Safety & moderation (report/block tools, investigating abuse, enforcing policies).
  • Communications (service emails/SMS; optional marketing with unsubscribe controls).
  • Analytics, performance, and troubleshooting (e.g., Crashlytics; Firebase Analytics).
  • Compliance with law, prevention of fraud and misuse, and to protect our rights and users.

Sensitive data use

Sexual orientation and Sickle Cell awareness data are used only for user-directed features and safety.

We do not use sensitive data for advertising.

5) Sharing & Disclosure

We do not sell or share personal information for cross-context behavioral advertising. We may disclose information to:

  • Service providers / processors operating under contracts with us: Google/Firebase (Auth, Firestore/Realtime DB, Functions, Analytics, Crashlytics, Remote Config), Apple/Google billing, Firebase Dynamic Links (referrals), Twilio (SMS/email). These providers process data on our behalf.
  • Other users according to your settings (e.g., profile content, mutual-friend signals, messages to matches).
  • Legal and safety purposes (complying with law, protecting rights, addressing security incidents).
  • Business transfers (e.g., merger, acquisition), subject to this Policy.

6) Retention

We retain information for as long as needed to provide the Services and for legitimate business needs, then delete or de-identify it.

Default targets:

Account & profile

Account lifetime + 30 days

After a verified deletion request, your account data is queued for deletion within 30 days. Limited logs may be retained up to 24 months for fraud, safety, or compliance.

Messages & user content

Within 24 months of account deletion

Messages, attachments, likes, reports, and moderation outcomes are deleted or de-identified within 24 months unless retained for safety or legal reasons.

Contacts graph

Removed on demand / within 12 months

Contacts (including non-user hashes) are removed when you delete or exclude them, and after account deletion they are purged within 12 months.

Diagnostics & analytics

12–18 months

Diagnostics logs, analytics events, and crash reports are retained for up to 18 months.

Backups

35–90 days

Rolling encrypted backups are typically retained for 35–90 days before being overwritten.

7) Your Choices & Rights

  • Access / Correction / Deletion. Email policy@datingwithin.com or use in-app tools. We may need to verify your identity.
  • Marketing opt-out. Use unsubscribe links in emails/SMS.
  • Permissions. Control Location, Contacts, Camera, Microphone, and Notifications via device settings.
  • CPRA (California). We honor rights to know, delete, correct, and to limit use of sensitive personal information (used only for user-directed features). We do not sell or share personal information.

Requests may be submitted by email or web form; we will respond within applicable timeframes.

8) Security

We use administrative, technical, and organizational measures appropriate to the risk, including encryption in transit and at rest (Firebase), access controls, and least-privilege practices.

No system is 100% secure—use strong credentials and report concerns to policy@datingwithin.com.

Encryption

In transit & at rest

Hosting

Google Cloud / Firebase

Approach

Least privilege access

9) Data Location & Transfers

Data is hosted in Google Cloud/Firebase US regions. If we transfer data to other locations, we will use appropriate safeguards.

10) Contact Us

Questions, requests, or complaints: policy@datingwithin.com.

Privacy & data requests

Send questions, access requests, or deletion requests to our dedicated inbox.

policy@datingwithin.com

Mailing address

Within Social, Inc.

4516 Burleson Rd #17275

Austin, TX 78760 (USA)