At a glance โ what we collect
We do not collect your real name, phone number, location, contacts, photos, or any data that identifies you to other users. We never sell your data.
Contents
๐ 1. Overview
STRNGER ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your data when you use the STRNGER mobile application.
By using STRNGER, you agree to the practices described in this policy. If you do not agree, please do not use the app.
โ๏ธ 2. Not a Medical App
STRNGER is a peer-to-peer anonymous support and wellness journaling application. It is not a medical device, mental health treatment platform, therapy service, or clinical intervention tool of any kind.
- We do not provide medical advice, diagnosis, or treatment
- We do not employ licensed therapists, counselors, psychiatrists, or any medical professionals
- Conversations between users are anonymous peer support โ not professional mental health care
- Mood tracking is a personal self-reflection tool with no clinical or diagnostic purpose
- Crisis resource features display publicly available helpline numbers only โ they do not constitute crisis intervention or emergency response
๐ข 3. Who We Are
STRNGER is an independent mobile application. For all privacy-related questions or data requests, please use the contact information provided in Section 13.
Our backend infrastructure is hosted on Google Firebase in the European Union (eur3 region), meaning your data is stored on servers located in Europe.
๐ 4. What We Collect
4.1 Information you provide
| Data | How it is stored | Visible to other users |
|---|---|---|
| Email address | Securely stored by Firebase Authentication for account login and email verification purposes. We do not display or share your email with other users. Internally, we also store a SHA-256 hash of your email for fraud prevention. | Never |
| Password | Managed entirely by Firebase Authentication using industry-standard secure hashing. We never see or store your password in plaintext. | Never |
| Country | Selected by you at signup. Stored in your profile. | Never |
| Nickname & avatar emoji | Auto-generated randomly at account creation. You do not choose them. Used as your anonymous identity inside the app. | Shown anonymously |
4.2 Content you create
| Data | Encrypted | Who can read it |
|---|---|---|
| Chat messages | AES-256-GCM E2E | Only the two participants in the conversation |
| Journal entries (Keep mode) | AES-256-GCM | Only you |
| Express entries โ Burn / Float / Dissolve | Never stored or transmitted | No one. Text is cleared from the device immediately after the release animation. It never reaches our servers. |
| Garden memories | Stored in your private subcollection | Only you |
| Time capsules | AES-256-GCM | Only you, after the unlock date you set |
| Mood check-ins | A numerical score (1โ5). No text is stored. | Only you |
4.3 Automatically collected data
- Device ID: Used by Firebase App Check to verify your app installation is genuine and to prevent automated abuse. Not linked to your personal identity.
- Online/offline status: Stored temporarily in Firebase Realtime Database to show presence indicators. Automatically cleared when you disconnect or close the app.
- Crash reports and diagnostics: Collected by Firebase to help us identify and fix bugs. This data is anonymised and not linked to your account.
- IP address: Processed by Firebase infrastructure during normal HTTPS operation. We do not log or store IP addresses independently.
4.4 What we do NOT collect
Crisis detection runs entirely on your device. Any crisis-related keywords detected in typed text are processed locally and are never transmitted to our servers or stored anywhere.
โ๏ธ 5. How We Use Your Data
- Account management: Creating and maintaining your account, verifying your email, and authenticating your sessions
- App functionality: Enabling anonymous matching, encrypted messaging, and wellness features
- Safety and security: Detecting abuse, preventing spam, enforcing community guidelines, and processing user reports
- Fraud prevention: Using hashed identifiers to prevent banned accounts from re-registering
- Service improvement: Understanding how features are used in aggregate โ never at the individual level โ to improve the app
- Communications: Sending account-related emails such as email verification and security notices
We do not use your data for advertising, behavioural profiling, or any commercial purpose beyond operating the app. We display no advertisements.
๐ 6. Encryption & Security
- All data is transmitted over TLS โ encrypted in transit
- Messages are AES-256-GCM encrypted end-to-end โ encrypted at rest
- Email addresses are stored by Firebase Authentication under their security standards; we additionally store only a one-way SHA-256 hash for fraud prevention
- Screenshots are blocked within the app on supported Android devices
- Firebase App Check verifies every request comes from a genuine installation of our app
- Accounts with multiple verified reports are automatically suspended for review
- Messages containing personal contact information (phone numbers, email addresses, social media handles) are automatically blocked before sending
While we take extensive security measures, no system is completely immune to risk. We encourage you to use a strong, unique password.
๐๏ธ 8. Data Retention
| Data type | Retention period |
|---|---|
| Chat messages | 24 hours by default. Extended if both users agree, or until the conversation is ended. |
| Journal entries | Until you delete them individually or delete your account. |
| Garden memories | Until you delete them individually or delete your account. |
| Time capsules | Until you delete your account. |
| Mood check-ins | Until you delete your account. |
| Account & profile data | Deleted immediately upon account deletion request, except as noted below. |
| Email address (Firebase Auth) | Deleted from Firebase Authentication immediately upon account deletion. |
| Email hash (fraud prevention) | Retained for up to 30 days after account deletion to prevent re-registration of banned accounts, then permanently purged. |
| Crash logs & diagnostics | 90 days, managed by Firebase. Anonymised. |
โ๏ธ 9. Your Rights & Deletion
You have the following rights regarding your personal data:
- Access: Request a copy of the data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Delete your account and all associated data at any time
- Portability: Request your data in a portable format
- Objection: Object to certain processing of your data
How to delete your account
๐๏ธ Option 1 โ Delete directly in the app
Open STRNGER and go to the Profile tab (bottom navigation)
Scroll to the bottom and tap "Delete My Account & All Data"
Check the confirmation box and enter your password
Tap "Delete Everything" โ deletion is immediate and permanent.
This process deletes your STRNGER account and all associated data.
If you cannot access the app, you can request account deletion by submitting this form:
Official account deletion request form
We will process your request within 7 business days.
What gets deleted: Your account credentials, nickname, avatar, country, all conversations and messages, all journal entries, garden memories, time capsules, and mood history. See Section 8 for the limited data retained for fraud prevention.
Partial data deletion
You can delete individual journal entries, garden memories, and time capsules from within the app without deleting your entire account.
To exercise rights other than deletion, contact us at afrahyasin333@gmail.com. We will respond within 30 days.
๐ถ 10. Children
STRNGER is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. The app displays an age confirmation screen at signup.
If we become aware that a user under 18 has created an account, we will immediately delete their account and all associated data. If you believe a minor has registered, please contact us immediately at afrahyasin333@gmail.com.
This app is not directed at children under 13 under any circumstances.
๐ 11. Third-Party Services
STRNGER uses the following third-party services. Each is governed by its own privacy policy:
| Service | Purpose | Provider |
|---|---|---|
| Firebase Authentication | Secure account creation and sign-in | Google LLC |
| Cloud Firestore | Encrypted data storage | Google LLC |
| Firebase Realtime Database | Online presence detection | Google LLC |
| Firebase App Check | App integrity verification and abuse prevention | Google LLC |
| Firebase Crashlytics | Anonymised crash reporting and diagnostics | Google LLC |
We do not use any advertising SDKs, social media SDKs, or third-party analytics services beyond Firebase.
๐ 12. Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and displaying an in-app notice on your next login.
Continued use of the app after changes take effect constitutes acceptance of the updated policy.
๐ฌ 13. Contact Us
For privacy questions, data requests, or to report a concern:
STRNGER Privacy
๐ง Email: afrahyasin333@gmail.com
๐๏ธ Delete account form: forms.gle/iq5sQt1WpTL2PoKY7
๐ Data stored in: European Union (Firebase eur3 region)
We aim to respond to all privacy inquiries within 30 days.