Privacy Policy

Last updated: June 15, 2026

Qairros ("we", "us", or "our") operates the Qairros mobile application and related services. This Privacy Policy explains what information we handle, what we deliberately do not store, and the choices you have.

Our privacy-first approach

Qairros is built around minimizing sensitive data on our servers. We do not collect, receive, or store:

• App PINs or unlock codes
• Device passcodes, patterns, or passwords
• Biometric data (such as fingerprint or face templates)
• Private encryption keys for your messages
• Raw biometric scans from your device

Authentication uses one-time codes, OAuth providers (such as Google or Apple), or your existing account credentials through those providers — never an app-specific PIN stored on our servers.

Information you provide

To operate a social platform, we process limited account and content data that you choose to submit:

• Account identifiers: email address, display name, username, profile photo, and optional phone number for verification.
• Content you publish: posts, reels, comments, likes, follows, and public profile information.
• Messages: chat content is stored on your device by default, not on our servers. After a message is delivered to your device, it is deleted from our servers. If a message cannot be delivered, it may remain on our servers in encrypted form for up to 30 days, then deleted. Optional per-conversation modes (timed deletion or view-once) are available in chat settings.
• Support requests: information you send when contacting support.

We use this information only to provide, secure, and improve the service — not to sell your personal information.

Device security: biometrics and passkeys

Biometrics (Face ID, Touch ID, fingerprint)

If you enable encrypted message backup or local message archives, Qairros may ask your device operating system to verify your identity using biometrics or your device lock screen.

• Biometric verification happens entirely on your device through iOS or Android.
• We never receive, process, or store biometric templates or unlock secrets.
• Encrypted backup keys are stored in your device's secure storage (Keychain / Keystore), not on Qairros servers.

Passkeys (WebAuthn)

You may optionally register a passkey to unlock encrypted message backups across devices.

• We store only public WebAuthn credential metadata needed to verify a passkey (credential ID, public key, sign counter, and device label).
• Your passkey private key remains on your device or password manager; we cannot access it.
• Passkey challenges are short-lived and used only for backup unlock — not for general account login.

End-to-end encrypted messaging

When end-to-end encryption is enabled for a conversation:

• Message plaintext is encrypted on your device before transmission.
• Only public key material is uploaded to our servers so other participants can encrypt messages to you.
• Private keys never leave your device.
• We cannot read end-to-end encrypted message content.

What stays on your device

The following sensitive material is designed to remain on your phone:

• Session tokens and signing keys in secure storage
• Local encrypted message archives ("stored on device" chats)
• Message backup encryption keys
• Private E2E identity keys

If you uninstall the app or clear app data, device-local encrypted content may be lost unless you have a passkey-protected backup configured.

Information collected automatically

When you use Qairros, we may automatically receive:

• Device and app data: device model, operating system version, app version, language, and a device identifier for session security.
• Network data: IP address (for fraud prevention, rate limiting, and approximate region — not precise GPS from this alone).
• Usage data: in-app feature usage and interaction signals (for example content views) to operate and improve the service. Google Play builds do not upload crash logs or remote performance diagnostics to our servers. Internal tester builds may offer optional, user-initiated diagnostic exports only when you choose to share them.
• Push notification tokens: to deliver notifications you opt into.

You can limit some collection through in-app privacy settings and your device notification permissions.

Location

Qairros does not request GPS or background location permissions on Android or iOS. Profile or post "location" labels are text you type yourself. We may infer an approximate country from your IP address for fraud prevention and language defaults — not precise GPS coordinates from your device.

Advertising

Qairros may show ads through Google AdMob. Before personalized ads load, we show Google's consent form where required (EEA/UK/CH). You can accept or decline personalized ads; if you decline, we request non-personalized ads only. Ad partners may use the Android Advertising ID subject to your consent and device settings. Manage ad choices in the consent form and your device privacy settings.

How we use information

We use the information described above to:

• Create and secure your account
• Deliver posts, reels, messages, and notifications
• Enforce community guidelines and prevent abuse
• Comply with legal obligations
• Improve performance and fix bugs

We do not sell your personal information.

Data retention

• Messages (default): stored on your device; server copies are removed after delivery. Undelivered messages may remain encrypted on our servers for up to 30 days, then deleted.
• Timed / view-once modes: server retention follows the timer or view-once rules you choose in chat settings.
• Account data: retained while your account is active; deleted or anonymized after account deletion subject to legal holds.
• Security logs: retained for a limited period for fraud and abuse investigation.

Sharing with third parties

We share information only when necessary:

• Service providers (hosting, email/SMS delivery, push notifications, analytics, payments) under contractual confidentiality obligations.
• Legal requirements when required by law or to protect users and the platform.
• Other users see information you make public or send directly to them.

We do not share biometric data, device unlock secrets, or private encryption keys — because we do not possess them.

Your rights and choices

Depending on your region, you may have rights to access, correct, delete, or export your data, and to object to certain processing. Use in-app account settings or contact us at support@qairros.com.

You can:

• Delete your account permanently from Settings → Delete account (type DELETE to confirm), or on this page: Delete account
• Control visibility, blocking, and notification preferences
• Revoke device sessions from Settings → Devices
• Disable push notifications at any time

Children's privacy

Qairros is not directed at children under 13 (or the minimum age in your country). We do not knowingly collect personal information from children. Contact us if you believe a child has provided data.

International transfers

Your information may be processed in countries other than your own. We apply appropriate safeguards for cross-border transfers where required.

Security

We use encryption in transit (TLS), access controls, rate limiting, and secure device storage patterns. No method of transmission or storage is 100% secure; report concerns to support@qairros.com.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated in the app or on our website. Continued use after the effective date constitutes acceptance of the updated policy.

Contact us

Qairros
Email: support@qairros.com
Website: https://qairros.com