Privacy Policy

Last updated: April 8, 2026

1. What We Collect

  • Email address — for authentication (OTP login)
  • Username — public, chosen by you
  • GPS coordinates — only during scans, to validate proximity. Used for heatmaps (visibility controlled by you).
  • Photos — uploaded voluntarily after scans
  • IP address & user agent — for security (fraud detection, rate limiting)
  • Push notification tokens — if you opt in

2. How We Use It

  • Authenticate you and keep your session secure
  • Calculate and display scores, badges, and leaderboards
  • Show your heatmap (only to you by default, or others if you choose)
  • Send push notifications about scans (if opted in)
  • Prevent abuse (GPS spoofing, spam, multi-accounting)
  • Reverse geocode scan coordinates to city/country names (via OpenStreetMap Nominatim)

3. What We Don't Do

  • We don't sell your data to third parties
  • We don't track your location in the background
  • We don't use advertising trackers or analytics cookies
  • We don't share your email with anyone
  • We don't reveal who scanned whom (scanner identity is private)

4. Visibility Controls

You control who sees your content:

  • Photos — Public, Scanned only, or Request-based
  • Heatmap — Public, Scanned only, or Request-based (Private by default)
  • Profile — always public (username, score, level, badges)
  • Reactions — anonymous (the receiver never sees who reacted)
  • DMs — only between users who scanned each other

5. Data Storage

Your data is stored on servers located in Europe. We use PostgreSQL for structured data, Redis for caching, and local storage for uploaded photos. Data is encrypted in transit (HTTPS/TLS).

6. Data Retention

We keep your data as long as your account is active. When you delete your account, all your data (profile, scans, photos, messages, reactions) is permanently deleted.

7. Your Rights

You can:

  • Access your data via the dashboard
  • Export your data by emailing hi@fck.you
  • Delete your account and all associated data
  • Block or mute other users at any time

8. Third-Party Services

  • OpenStreetMap / Nominatim — reverse geocoding (we send coordinates, receive city names)
  • CARTO — map tiles for heatmap display
  • Web Push (VAPID) — browser push notifications

No data is shared with advertising or analytics platforms.

9. Children

fck.you is not intended for users under 13. If you are under 13, do not create an account.

10. Changes

We may update this policy. We'll notify registered users of material changes via email.

11. Contact

Questions or requests? Email hi@fck.you