Privacy policy

We run Friends? to help you make real friends off-platform. Everything else is in service of that. We do not sell your personal information. We do not train AI models on your direct messages. Your DMs are end-to-end encrypted — we can't read them even if we wanted to.

You can delete your account at any time by emailing yourfriend@arewefriends.org from the address on file. We'll confirm and purge your profile, matches, personality scores, posts, and server-side message ciphertext within seven days.

Account basics — your email address (for sign-in and billing), a password hash (if you use email + password), a handle, a display name, birthdate (to confirm you're 18+ and for age-based matching), optional location label, and your 120-item IPIP-NEO personality responses.

Matching signals — interests you pick, who you send or accept friend requests to, who you pass on, and who you message. We use these to improve the candidates we surface, never to target ads.

Device and network basics — IP address and a device identifier, used for session management, rate limiting, and fraud prevention. Retained for no longer than 90 days in identifiable form.

Subscription metadata — if you upgrade, Stripe holds your card on its servers. We never see or store card numbers. We keep only the customer ID, subscription status, and the tier you're on so the app can show the right features.

Your DM plaintext. Your encryption keys are wrapped with your passphrase in your browser. The private half never touches our servers in unwrapped form.

Your payment card. Stripe handles card entry. We never see the number.

Your real-time location. We ask for a general city/neighborhood label during onboarding — that's it. We don't pull live GPS.

Active accounts — indefinitely, until you delete. Deleted accounts — 7 days to process, then purged. Stripe retains billing records for its own legal reasons (typically 7 years) — that's out of our control; Stripe's policy is at stripe.com/privacy.

Backups — we keep encrypted database snapshots for up to 30 days for disaster recovery. Deleted accounts are overwritten in snapshots within that window.

Public profile fields — your handle, display name, bio, pronouns, location label, interests, and Big Five percentiles are visible to anyone who visits your profile page (signed in or not).

Friend-only fields — your feed posts default to Friends only. Your DMs are visible only to you and the other participant, and only they can decrypt them.

Administrative access — Bryan and a small technical team can view database contents (not DMs) to debug, ship features, and handle safety reports. Actions are logged.

We use: DigitalOcean (hosting), Stripe (billing), Resend (transactional email), Cerebras / Groq / Anthropic (the Friend? AI), and Open-Meteo + Ticketmaster + Yelp + OpenStreetMap + Reddit + Nager.Date (events feed). Each sees only the minimum data needed for its job. The AI providers receive message text for chats you explicitly start with Friend? — they do not receive your DMs with other humans.

Delete — email yourfriend@arewefriends.org with subject "Delete account." Export — email the same address with subject "Export my data" and we'll send a JSON dump of your profile, posts, matches, and personality scores within 30 days.

Opt out of personalization — we don't run ads, so there's nothing external to opt out of. Matching is core to the product; turning it off would mean closing your account.

We'll update this page when the policy changes and post a note at the top. For material changes, we'll also email you. The date at the top of this page is the most recent revision.

Email yourfriend@arewefriends.org. We're a small team in Phoenix, AZ, operated by Qira LLC.