Privacy Policy

1. Who We Are

Qrious Technologies Inc. is a Delaware C-Corporation headquartered at 251 Little Falls Drive, Wilmington, DE 19808, USA. We operate the QRIOUS mobile application and related services.

For privacy-related inquiries, contact us at privacy@qrious.social.

2. What This Policy Covers

This policy describes how we collect, use, share, and protect your personal information when you use the QRIOUS mobile application and any associated services, features, and content (collectively, the “Service”).

It applies to all users of the Service regardless of location, though additional rights may apply depending on your jurisdiction (see Your Rights below).

3. Age Requirement

QRIOUS is designed for users aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we become aware that a user is under 18, we will promptly delete their account and associated data. If you believe a minor has provided us with personal information, please contact us at privacy@qrious.social.

4. Information We Collect

Account Information

When you create an account, we collect your email address, phone number, name, date of birth, and gender. This information is required to provide the Service and verify your eligibility.

Profile Content

You choose what to share in your profile. This includes photos, biographical text, and persona details you create for each of QRIOUS’s seven contexts (Romance, Community, Career, Adventure, Learn, Create, and Family). Each persona is independently configured by you.

Location Data

We collect location data to power matching, discovery, and venue recommendations (Places). Location is collected while the app is in active use. Background location tracking is not enabled unless you explicitly opt in through your device settings. You can revoke location permissions at any time through your device’s settings.

Meeting Data

QRIOUS uses QR code confirmations (IRL Bridge) to verify in-person meetings between users. We collect meeting confirmation data, including timestamps and participating users, to calculate trust tiers and improve match quality.

Device & Technical Information

We automatically collect device identifiers, operating system version, app version, IP address, and crash/diagnostic logs. This data helps us maintain, troubleshoot, and improve the Service.

Usage Data

We collect information about how you interact with the Service, including feature usage patterns, context switches, matching interactions, and session data. This data is used for analytics and product improvement.

Communications

Messages you send to other users through the Service are stored to deliver them and provide message history. Support requests and communications with our team are also retained.

Payment Information

If you make purchases through the Service, payment transactions are processed by third-party payment processors. We do not store your credit card numbers or full payment credentials. We receive limited transaction information (such as confirmation of payment and subscription status) from our payment processors.

5. How We Use Your Information

• Matching & Discovery: To connect you with other users across QRIOUS’s contexts based on your personas, preferences, and location.
• Trust Tier Calculation: To determine trust levels from confirmed in-person meetings via IRL Bridge, improving the quality and safety of connections.
• Venue Recommendations: To suggest relevant places and venues through the Places feature based on your location and preferences.
• Safety & Moderation: To detect and prevent fraud, abuse, harassment, and other violations of our terms of service.
• Analytics & Improvement: To understand how the Service is used and to improve features, performance, and user experience.
• Communications: To send you service-related notifications, respond to support requests, and deliver updates about the Service.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area, United Kingdom, and other jurisdictions that require a legal basis for processing personal data, we rely on the following:

• Consent: You give consent when creating your account and when opting into optional features such as background location tracking or specific data sharing.
• Contractual Necessity: Processing required to provide the Service you have requested — including account management, matching, messaging, and venue recommendations.
• Legitimate Interest: Processing necessary for our legitimate interests, including platform safety, fraud prevention, abuse detection, and service analytics, where those interests are not overridden by your rights.
• Legal Obligation: Processing required to comply with applicable laws, including responses to valid legal requests from law enforcement or regulatory authorities.

7. Information Sharing

Other Users

Your profile information is visible to other users only within the context where you have shared it. Persona separation means that what you share in one context (e.g., Romance) is not visible to users interacting with you in another context (e.g., Career). You control what each persona reveals.

Venues & Places Partners

We may share aggregated, anonymized data with venue partners to support the Places feature. We never share individual user profiles, personal information, or identifiable data with venues.

Service Providers

We work with third-party service providers who assist in operating the Service, including cloud hosting, analytics, payment processing, and push notifications. These providers are bound by contractual obligations to protect your data and may only process it on our behalf for the purposes we specify.

Legal Requirements

We may disclose your information if required to do so by law, in response to valid legal process (such as a court order or subpoena), or when we believe in good faith that disclosure is necessary to protect the safety of any person, prevent fraud, or address security issues.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via the app or email before your data becomes subject to a different privacy policy.

We do not sell your personal data. Period.

8. Persona Privacy & Context Separation

QRIOUS is built around the principle that you are more than one thing. You can create distinct personas across seven contexts, and these personas are kept separate by design:

• Other users cannot see your activity or profile across contexts. Someone you match with in Romance has no visibility into your Career persona, and vice versa.
• You decide independently what information each persona contains — different photos, different bios, different levels of detail.
• Account-level actions (such as blocking a user) apply across all contexts, ensuring comprehensive protection regardless of where an interaction originated.

Context separation is enforced at the system level. It is not optional or configurable by other users.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a structured, commonly used, machine-readable format.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Object to Processing: Object to processing based on legitimate interests, including profiling.
• Restrict Processing: Request that we limit the processing of your data in certain circumstances.
• Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights have been violated.

To exercise any of these rights, email privacy@qrious.social. We will respond within 30 days.

10. Data Retention

• Active Accounts: We retain your data for as long as your account is active and as needed to provide the Service.
• Deleted Accounts: When you delete your account, we delete your profile data, personas, and matches within 30 days. Some data may be retained longer where required by law or for legitimate safety purposes (e.g., records related to abuse reports).
• Messages: Messages are deleted when both participants have deleted their accounts. If only one participant deletes their account, the remaining user retains access to the conversation.
• Anonymized Data: Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for analytics and product improvement.

11. Data Security

We implement industry-standard security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS) and at rest.
• Access controls and authentication for internal systems.
• Regular security assessments and monitoring.
• Row-level security policies enforced at the database level.
• Incident response procedures for potential data breaches.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any incidents.

12. International Data Transfers

Qrious Technologies Inc. is based in the United States. If you access the Service from outside the United States, your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For users in the European Economic Area and United Kingdom, we ensure that international transfers of personal data are conducted in compliance with applicable data protection laws, using appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

13. Third-Party Services

The Service may integrate with or contain links to third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies. Key third-party services we use include:

• Supabase: Backend infrastructure, database hosting, and authentication.
• Stripe: Payment processing for subscriptions and purchases.
• OpenAI: AI-powered features including profile embedding generation for matching.
• Apple & Google: App distribution, push notifications, and in-app purchases.

14. Beta Program Notice

QRIOUS is currently available as a beta release. During the beta period:

• Features and data handling practices may change more frequently than in a general release.
• We may collect additional diagnostic data to identify and resolve issues.
• We will notify beta participants of material changes to this policy via the app or email.
• Your continued use of the Service during the beta period constitutes acceptance of these practices.

Upon general availability, this policy will be updated to reflect final data handling practices and any changes will be communicated in advance.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Notify you through the QRIOUS app or via email.
• Update the “Last updated” date at the top of this page.
• Provide a summary of key changes where appropriate.

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. We encourage you to review this page periodically.

16. Contact

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, contact us at:

Email: privacy@qrious.social

Mail: Qrious Technologies Inc., 251 Little Falls Drive, Wilmington, DE 19808, USA