Privacy Policy — F0K
Draft v0.1 — to be reviewed by a lawyer before launch. Last updated: 6 June 2026.
F0K (the "App") is published by ABBAQ SAS, company number (SIREN) 850959552, 101 Rue de Sèvres, 75006 Paris, France ("we", "us"). Your privacy is fundamental to us. F0K is built on data minimization: we collect only what is necessary, and you stay in control.
1. Data controller
ABBAQ SAS — 101 Rue de Sèvres, 75006 Paris, France.
Contact: [email protected].
2. Data we process
a) Account creation & sign-in
- Email address or phone number (to send you a one-time sign-in code).
- Date of birth (only to verify you are at least 16).
- Username and avatar (an emoji you choose).
b) Content you share
- Photos taken in the App (NIGHTLIFE / KONFIDENCE modes). Visible for 24 h maximum, then automatically deleted.
- Your friend circles (members, invitations) and the votes/reactions exchanged.
- Where applicable, the names of people you "tag" as being with you.
c) Location (optional, off by default)
- Only if you enable it: an approximate location (city/neighborhood). We never store your exact GPS coordinates.
d) Notifications
- If you allow them: a technical device identifier (push token) to send you alerts.
e) Technical & analytics data
- Aggregated, minimized usage data (product events) via our EU-hosted analytics tool, to improve the App. No advertising profiling.
3. Purposes and legal bases (GDPR art. 6)
| Purpose | Legal basis |
|---|---|
| Provide the service (account, circles, sends, votes) | Performance of a contract |
| Verify minimum age (16+) | Legal obligation / legitimate interest |
| Location sharing, notifications, optional features | Consent (withdrawable anytime) |
| Security, abuse prevention | Legitimate interest |
| Analytics | Consent / legitimate interest (per configuration) |
4. Retention
- Photos and alerts: 24 hours, then automatically deleted (unless you explicitly choose to keep a memory in your encrypted vault, an optional feature).
- Account and profile: until you delete your account.
- Approximate location: for the duration of the relevant alert, then deleted.
- We do not keep data longer than necessary for the purposes described.
5. Recipients & processors
Your data is never sold. It is accessible only to you and the circle members you choose, and processed by our technical sub-processors under contract (DPA):
- Supabase — hosting, database, storage, authentication (EU, Frankfurt).
- Resend (via AWS SES) — sending sign-in emails (EU, eu-west-1).
- PostHog — analytics (EU).
- Expo / EAS — web hosting and app delivery.
- *(When enabled)* RevenueCat (subscriptions) and Google AdMob (ads). The KONFIDENCE flow remains ad-free.
6. Transfers outside the EU
We prioritize hosting within the European Union. Where a processor involves a transfer outside the EU, it is covered by appropriate safeguards (Standard Contractual Clauses).
7. Your rights
Under the GDPR, you have the rights of access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent at any time. Exercise them at [email protected]. You may also lodge a complaint with the French supervisory authority (CNIL, www.cnil.fr) or your local authority.
8. Security
Encrypted transport (HTTPS/TLS), database-level access isolation (row-level security), ephemeral data, and no storage of exact GPS.
9. Minors
F0K is for people aged 16 and over. We do not knowingly collect data from anyone under 16.
10. Image rights (NIGHTLIFE mode)
You are responsible for the photos you share. Do not share the image of an identifiable person without their consent. You can report content for removal at any time via [email protected].
11. Changes
We may update this policy. For significant changes, we will notify you in the App.
12. Contact
Questions about your data: [email protected].