Privacy Policy
Last updated: 1 July 2026
Floret helps you see when your friends are free and meet up in real life. This policy explains what information we collect, why we collect it, and the choices you have. The short version: we collect the minimum needed to make Floret work, we never sell your data, and we don’t use it for advertising or tracking.
What we collect and why
- Account details. Your email address and name, provided when you sign up with Apple or email. Used to create your account and show your friends who you are.
- Profile photo (optional). If you add one, it’s stored privately on our servers and is only viewable by you and friends you’ve connected with, via short-lived access links. You can remove it at any time.
- Approximate locations you type in. Your home and office areas (for example, “Camden, London”) and optional meetup locations. We store area-level map coordinates for the places you enter so we can suggest convenient meetups. Floret never accesses your device’s GPS — the app doesn’t request location permission at all.
- Availability and meetups. The days, times, activities, and locations you share, plus invites and any notes you write with them. This is the core of Floret — it’s only visible to friends you’ve connected with.
- Contacts (optional, hashed). If you choose to find friends from your contacts, Floret converts phone numbers to irreversible cryptographic hashes on your device. Only those hashes are uploaded and compared against hashes from other Floret users. Names, emails, and raw phone numbers never leave your phone. Hashes are replaced on every sync and deleted with your account.
- Push notification token. A device identifier used solely to deliver invites and notifications through Apple’s push service.
What we don’t do
- We don’t sell your data — to anyone, ever.
- We don’t show ads and don’t share data with ad networks.
- We don’t track you across other apps or websites, and we don’t use analytics or tracking SDKs.
- We don’t access your GPS location or read your calendar (Floret can add meetups to your calendar, but only on your device, with your permission).
Where your data lives
Floret runs on Supabase, hosted in the European Union (Ireland). Data is encrypted in transit. Supabase acts as our data processor and doesn’t use your data for its own purposes.
How long we keep it
We keep your data while your account is active. Contact hashes are replaced each time you sync and removed if you disconnect contacts. When you delete your account, your profile, availability, meetups, contact hashes, and photos are removed from our systems.
Your rights and choices
- Export your data in the app: Profile → Settings (gear icon) → Export My Data — or by emailing us.
- Delete your account in the app: Profile → Settings (gear icon) → Delete Account — this removes your data as described above.
- Ask us anything about your data — access, correction, or deletion requests — at [email protected]. We respond within 30 days.
If you’re in the UK or EU, you have rights under GDPR including access, rectification, erasure, portability, and objection, and you can complain to your local supervisory authority (in the UK, the ICO).
Children
Floret isn’t directed at children under 13, and we don’t knowingly collect their data.
Changes
If we change this policy, we’ll update the date above and flag significant changes in the app.
Contact
Privacy questions or requests: [email protected]