Adventure FrensAdventure Frens

Privacy Policy

Last updated: May 7, 2026

Adventure Frens ("we," "us," or "our") operates an outdoor adventure social platform that lets you discover, create, and join adventures with other users. This Privacy Policy explains what data we collect, how we use it, and what choices you have. It applies to our website and to our iOS and Android apps.

1. Data We Collect

Account Information

When you register, we collect your name, email address, username, and optional profile photo. If you sign in through a third-party provider (e.g., Google, Apple, Facebook, GitHub), we receive the profile information that provider shares — typically name, email, and profile photo URL. If you sign in with Apple and choose "Hide My Email," Apple gives us a private relay email address; we treat that as your account email and never see your real one.

Location Data

Adventures you create or browse include geographic coordinates (latitude and longitude). When you use the Explore page, your approximate location may be determined via IP geolocation to show nearby adventures. We do not request device GPS access, and we do not continuously track your location in the background.

User-Generated Content

This includes adventures you create, RSVPs, group memberships, direct messages, comments, and feedback submissions. You control what content you post.

Device Push Tokens (Mobile Apps)

When you use the Adventure Frens iOS or Android app and grant notification permission, we collect a push notification token issued by Firebase Cloud Messaging (FCM) and store it against your account so we can deliver notifications you've opted into. The token identifies the device, not the person — we do not use it to track you across other apps or websites.

  • iOS: Firebase exchanges an Apple Push Notification service (APNs) token for an FCM token; both Apple and Google are in the delivery path when we send you an iOS push.
  • Android: The token comes directly from FCM and notifications are delivered by Google.
  • You can revoke this at any time by turning off notifications in your device OS settings or by signing out of the app — we delete the device's token when you sign out.

Usage Data

We collect standard server logs (IP address, browser type, pages visited, timestamps) to operate and improve the service. The mobile apps may also report basic platform data (OS version, app version) in those logs.

2. How We Use Your Data

  • Provide and personalize the Adventure Frens service
  • Show you relevant adventures based on location
  • Deliver notifications about RSVPs, fren requests, messages, and group activity. On the mobile apps, this means sending notification payloads (e.g., "Alice RSVP'd to Hike Mt Sanitas" and a deep link to the adventure) through Apple's APNs and Google's FCM to your device.
  • Enforce our Terms of Service and prevent abuse
  • Improve the platform based on aggregated usage patterns

3. Authentication & Cookies

We use Auth.js for authentication. Sessions are managed with JSON Web Tokens (JWTs) stored in HTTP-only cookies. These cookies are essential for keeping you logged in and do not track you across other websites. We do not use advertising or analytics cookies.

On the iOS and Android apps, social sign-in (Apple, Google, Facebook) runs through each platform's native SDK rather than the web's OAuth redirect flow. The SDK returns a signed identity or access token to the app, which we send to our server to verify with the provider before issuing your session cookie. The web continues to use the standard OAuth redirect flow.

4. Third-Party Services

We use the following third-party services:

  • HERE — provides location search and geocoding. When you search for locations, HERE receives the query and your IP address. See HERE's Privacy Policy.
  • Protomaps / OpenStreetMap — provides map tiles and geographic data. Map tiles are served via Protomaps using OpenStreetMap data.
  • Open-Meteo — provides weather forecast data for adventure locations. When weather is displayed, Open-Meteo receives the location coordinates. See Open-Meteo's Terms.
  • Apple Push Notification service (APNs) — Apple infrastructure used to deliver push notifications to iOS devices. Apple receives the device token and notification payloads we send to your device.
  • Google Firebase Cloud Messaging (FCM)— Google infrastructure used to deliver push notifications to Android devices, and to route iOS notifications via Firebase's APNs bridge. Google receives the FCM token and notification payloads we send to your device.
  • Authentication providers(Apple, Google, Facebook, GitHub) — receive only the data necessary to verify your identity during sign-in, whether through the web OAuth flow or the mobile apps' native sign-in SDKs.

We do not sell your personal data to third parties or use it for advertising.

5. Mobile Apps and Permissions

Our iOS and Android apps embed the Adventure Frens website inside a native shell. The apps add native features (push notifications, deep linking, haptic feedback, share sheet, app badge count) on top of the same service the web uses.

The apps request only the permissions needed for those features:

  • Notifications— optional, prompted on first launch. Used only to deliver push notifications you've opted into.

The apps do not request:

  • Device location / GPS — we use IP-based location only
  • Contacts
  • Camera or photo library, unless you choose to upload a photo
  • Microphone
  • Background location or background tracking

We do not bundle any third-party advertising, analytics, or cross-app tracking SDKs in the apps.

6. Data Retention & Deletion

You can delete your account at any time from inside the app — open Edit Profileand use the “Delete my account” option in the Danger zone. You can also email us (see Section 7).

When you delete your account, we perform a soft delete: your profile and content are hidden from other users but retained in our database for up to 90 days to handle abuse reports, legal obligations, and accidental deletions. After the retention period, data is permanently purged.

If you change your mind during the retention window, signing up again with the same email reactivates your account and restores your content.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate information on your profile
  • Delete your account and associated data
  • Request a copy of your data in a portable format
  • Withdraw consent for optional data processing

How to Exercise Your Rights

For account deletion, the fastest path is the in-app option on your Edit Profile page. For data export or any other request, email [email protected] with the following:

  1. The email address registered to your account
  2. What you are requesting: data export, account deletion, or both

We will respond within 30 days. If we need to verify your identity before processing the request, we will let you know.

8. Data Security

We protect your data with HTTPS encryption in transit, hashed passwords (never stored in plaintext), and access controls on our database. No system is perfectly secure, but we take reasonable measures to safeguard your information.

9. Children's Privacy

Adventure Frens is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, please contact us so we can remove it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or an in-app notice. Continued use of Adventure Frens after changes take effect constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at [email protected].