privacy policy

• account information: email address (required), phone number (required for account registration), display name
• profile data: photos, bio, city, interests, and custom profile fields you choose to share
• location data: approximate location (city-level) for the find feature. precise location only when you grant permission, never stored permanently.
• usage data: app interactions, feature usage for improving the service
• device information: device type, os version (for push notifications and compatibility)

• provide and improve the niche social networking service
• show you relevant profiles in the find feature based on location and interests
• send push notifications for messages, group invites, and event updates
• verify your identity (email/phone verification)
• detect and prevent fraud, abuse, and security threats
• monitor application performance and fix bugs (via sentry error tracking)

• all data is encrypted at rest (aes-256) and in transit (tls 1.2+)
• passwords are hashed using bcrypt with owasp-recommended settings
• data stored on aws infrastructure in the united states (us-west-2)
• access restricted to authorized personnel only
• regular security audits and monitoring via cloudtrail

we use the following third-party services to operate niche:

• amazon web services (aws): cloud hosting, email delivery (ses), sms (sns), file storage (s3)
• apple push notification service (apns): push notifications on ios
• sentry: error tracking and performance monitoring (pii is scrubbed before transmission)
• maplibre gl js & carto: map rendering and tile service in the find feature (webapp only; no user data is sent to these services)

we do not sell your personal data to third parties.

• account data: retained while your account is active; deleted upon account deletion request
• stories: automatically deleted after 7 days
• deleted messages: permanently purged after 30 days
• refresh tokens: expire after 30 days
• backups: retained for 14 days
• audit logs: retained for 90 days
• media files: old versions removed after 90 days

• access: export all your data via settings → export data
• deletion: delete your account and all associated data via settings → delete account
• correction: edit your profile information at any time
• portability: download your data in json format

niche is not intended for users under the age of 18. we do not knowingly collect personal information from anyone under 18. if you believe a minor has provided us with personal information, please contact us and we will delete it.

niche uses:

• authentication cookies: httponly, secure cookies for session management
• local storage: app preferences and consent status (no tracking)

we do not use advertising cookies or third-party tracking cookies.

we may update this policy from time to time. we will notify you of significant changes via the app or email.

if you are a california resident, you have specific rights under the california consumer privacy act (ccpa) regarding your personal information.

categories of personal information we collect:

• identifiers: email address, phone number, display name, device identifiers
• personal information (cal. civ. code 1798.80): name, phone number
• internet or network activity: app usage data, feature interactions, browsing history within the app
• geolocation data: approximate (city-level) and precise location when permission is granted
• inferences: interest-based profile matching for the find feature

your ccpa rights:

• right to know: you may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collecting it, and the categories of third parties with whom we share it.
• right to delete: you may request that we delete the personal information we have collected about you. you can do this directly via settings → delete account, or by contacting us.
• right to opt-out of sale: we do not sell your personal information. we have never sold personal information and have no plans to do so.
• right to non-discrimination: we will not discriminate against you for exercising any of your ccpa rights.

we do not sell personal information. niche does not sell, rent, or trade your personal data to third parties for monetary or other valuable consideration.

to exercise your ccpa rights, contact us at privacy@niche.social. we will verify your identity before processing your request and respond within 45 days as required by law.

if you are located in the european union or european economic area, you have rights under the general data protection regulation (gdpr) regarding your personal data.

data controller: niche social inc. is the data controller responsible for your personal data. for inquiries, contact us at privacy@niche.social.

lawful basis for processing:

• consent: where you have given clear consent for us to process your personal data for a specific purpose (e.g., analytics cookies)
• legitimate interest: where processing is necessary for our legitimate interests (e.g., providing and improving the service, security, fraud prevention) and those interests are not overridden by your rights

your gdpr rights:

• right of access: you may request a copy of the personal data we hold about you
• right to rectification: you may request that we correct inaccurate or incomplete personal data
• right to erasure: you may request that we delete your personal data, subject to legal retention requirements
• right to data portability: you may request your data in a structured, commonly used, machine-readable format
• right to restriction: you may request that we restrict the processing of your personal data in certain circumstances
• right to object: you may object to the processing of your personal data where we rely on legitimate interest as our lawful basis

cross-border data transfers: your data is stored on aws infrastructure in the united states. we protect cross-border transfers through appropriate safeguards, including standard contractual clauses as approved by the european commission.

right to lodge a complaint: if you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority in the eu/eea member state where you reside, work, or where the alleged infringement occurred.

to exercise your gdpr rights, contact us at privacy@niche.social. we will respond to your request within 30 days as required by law.

for privacy questions or data requests, contact us at: privacy@niche.social