Within Logo

Security Program

Data Protection & Security

At Within Social, Inc., protecting our community’s data is core to our mission. This page explains how we secure your data, where it’s stored, how long we keep it, who helps us process it, and how to contact us about privacy and security.

United StatesGoogle Cloud · FirebaseApps · Web

Contact: 4516 Burleson Rd #17275, Austin, TX 78760 • policy@datingwithin.com

Review scopeView Privacy Policy
1) Scope & Roles2) Where Your Data Lives3) Security Measures4) Data We Process (Summary)5) Sub-processors6) Retention7) Your Controls & Requests8) Incident Response9) Vulnerability Disclosure10) Cookies & Tracking (Website)11) Children12) Changes to This Page13) Contact

Effective date

10/24/2025

Hosting

Google Cloud · Firebase

Production workloads reside in U.S. regions.

Questions?

policy@datingwithin.com

Hosting

Google Cloud · U.S. regions

Encryption

TLS 1.2+ & at rest

MFA coverage

100% admin accounts

Incident response

Playbooks & on-call

1) Scope & Roles

  • Controller: Within Social, Inc. (U.S. users) determines the purposes and means of processing personal data in our website and apps.
  • Processors/Sub-processors: Trusted vendors process data strictly under our instructions (see Sub-processors below).
  • Services covered: datingwithin.com, the Within iOS/Android apps, and related online services (the “Services”).

2) Where Your Data Lives

  • Hosting: Google Cloud / Firebase in U.S. regions.
  • Backups: Rolling encrypted backups retained on a limited schedule (see Retention).

3) Security Measures

We use administrative, technical, and organizational measures proportional to risk.

  • Encryption: TLS 1.2+ for data in transit; at-rest encryption via Firebase-managed keys.
  • Access Controls: Least-privilege access, MFA for admin accounts, role-based permissions, and periodic access reviews.
  • Network & App Security: Firewalls, Firebase security rules, environment separation, dependency monitoring, and change management.
  • Data Segmentation: Separation of production and non-production data; no use of production data in lower environments without de-identification.
  • Logging & Monitoring: Centralized logging, anomaly alerts, and crash/analytics telemetry for reliability.
  • Secure Development: Code review, secrets management, and periodic security checks.
  • Personnel: Security awareness and confidentiality obligations for employees and contractors.

Need to report an issue?

No system is 100% secure. If you suspect a vulnerability or incident, contact us immediately (see Contact).

4) Data We Process (Summary)

  • Account & profile: name, email, phone, date of birth (18+), gender, sexual orientation/preferences, pronouns, photos, and other profile fields you provide.
  • Contacts (optional): selected contacts for social graph/referrals; identifiers are hashed/transformed and transmitted in encrypted form.
  • Location: approximate or precise (if enabled) for discovery and safety features.
  • Messaging & content: chats, attachments, likes, reports/blocks, and moderation outcomes.
  • Device & usage: device IDs, app/OS version, push tokens, diagnostics/crash logs, analytics events.
  • Purchases: subscription status and purchase identifiers from Apple/Google (no full card numbers).
  • Sensitive (optional): sexual orientation and Sickle Cell awareness—used only for user-directed features (matching/awareness) and safety.

Full details appear in our Privacy Policy.

5) Sub-processors

Vendors operate under data processing agreements and security obligations.

  • Google / FirebaseAuthentication; Firestore / Realtime DB; Cloud Functions; Analytics; Crashlytics; Remote Config (U.S. regions).
  • Apple / GoogleApp distribution and in-app purchases / billing.
  • Firebase Dynamic LinksReferral and deep-link infrastructure.
  • TwilioSMS/email communications (verification codes, service notices).

We update this list as our service evolves. For questions, see Contact.

6) Retention

We keep personal data only as long as necessary to provide the Services and for legitimate business purposes, then delete or de-identify it.

Account & profile

Account lifetime + 30 days

Queued for deletion within 30 days after a verified deletion request. Limited logs may persist up to 24 months for fraud, safety, or compliance.

Messages & content

Within 24 months of account deletion

Removed or de-identified unless needed for safety, legal, or compliance reasons.

Contacts graph

Removed immediately / within 12 months

Removed when you exclude or delete; after account deletion, purged within 12 months.

Diagnostics & analytics

12–18 months

Crash logs, telemetry, and analytics events follow a 12–18 month retention window.

Backups

35–90 days

Rolling encrypted backups retained 35–90 days before being overwritten.

7) Your Controls & Requests

  • In-app: manage profile fields, permissions (Location, Contacts, Camera, Microphone, Notifications), and self-serve account deletion.
  • Data rights (U.S. incl. California): request access, deletion, or correction by emailing policy@datingwithin.com or using our web form. We verify requests and respond within applicable timeframes.
  • Marketing: unsubscribe via the link in messages; service and security notices may still be sent.

8) Incident Response

We maintain an incident response procedure covering identification, containment, investigation, remediation, and notification. If legally required to notify you of a breach, we will do so without undue delay.

9) Vulnerability Disclosure

We welcome responsible disclosure of security issues. Email policy@datingwithin.com with details (affected components, reproduction steps, impact). Do not access other users’ data or disrupt the service. We will acknowledge receipt and work to remediate.

10) Cookies & Tracking (Website)

We use necessary cookies to operate the site and analytics cookies to improve performance. You can manage analytics cookies via our banner. See our Cookies Policy for details.

11) Children

Within is for individuals 18+ only. We do not knowingly collect personal information from minors. If we learn we have, we will delete it.

12) Changes to This Page

We may update this Data Protection page as our practices evolve. Material changes will be communicated via the website or app. Check the effective date at the top of this page for the latest version.

13) Contact

Reach us any time:

Questions about security?

Our trust & safety team is on-call.

policy@datingwithin.com

Mailing address

Within Social, Inc.

4516 Burleson Rd #17275

Austin, TX 78760 (USA)