Privacy Policy
Last updated: 04 March 2026
1. Introduction
Rezonect ("we", "us", "our") is committed to protecting your personal data in full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and all applicable European Union and Romanian data protection legislation. This Privacy Policy explains what information we collect when you use the Rezonect mobile application and related services (the "Services"), why we collect it, how we use and share it, and your rights regarding it.
We provide you with meaningful control over your data, including the ability to download a portable copy of your personal data and to permanently delete your account and all associated data directly from within the app — no request to support is required.
Please read this Policy carefully before using the Services. By using Rezonect, you acknowledge that you have read and understood this Policy.
2. Who We Are / Data Controller
Rezonect SRL is the data controller of your personal data as described in this Policy.
Registered address: Dumbravita 307160, Timis, Romania
Contact email: dpo@rezonect.com
As a data controller established in Romania, a Member State of the European Union, we operate under Romanian law and are fully subject to the General Data Protection Regulation (EU) 2016/679 (GDPR) and all applicable European Union data protection legislation. We are committed to lawful, transparent, and fair processing of your data.
3. Minimum Age
The Services are not directed to, and we do not knowingly collect personal data from, anyone under the age of 16. If we become aware that a user is under 16, we will delete their account and associated data promptly.
4. Data We Collect
4.1 Data you provide to us
| Category | Data |
|---|---|
| Account data | First name, last name, username, email address, phone number, date of birth |
| Profile data | Profile picture, biography, profile color/gradient |
| Emotion data | Current emotion, intensity level, emotion history, timestamps |
| Moments | Text content, images, videos (optionally linked to your emotion) |
| Reactions | Emoji reactions sent or received (Vibe Reactions) |
| Chat data | Text messages, images, videos, voice messages sent via in-app chat |
| Friend data | Friend connections, friend requests sent/received, blocked users |
| Support data | Content of communications with our support team |
4.2 Data collected automatically through your use of the Services
| Category | Data |
|---|---|
| Device data | Device type, operating system version, user agent string, unique device identifiers |
| Usage data | App interactions, feature usage, notification interactions, login events, session data |
| Network data | IP address, stored at registration and updated on each login or token refresh |
| IP geolocation | Country and Internet Service Provider (ISP/organisation), inferred from your IP address via ipinfo.io. Stored at registration and updated on each login |
| Notification tokens | Firebase Cloud Messaging device tokens for push delivery |
4.3 Data from device permissions
| Permission | Purpose |
|---|---|
| Camera | Take photos or videos for profile picture or Moments |
| Photo library | Select existing photos or videos for profile picture or Moments |
| Microphone | Record voice messages in chat |
| Contacts | Find friends who already use Rezonect; invite others |
| Notifications (OS) | Receive push notifications for activity, messages, and updates |
Granting or denying these permissions is your choice. Denying certain permissions will limit specific features.
4.4 Data from third parties
5. How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Create and maintain your account | Account data, profile data | Contract performance |
| Provide the core Services (emotion sharing, Circle, Moments, reactions) | Emotion data, Moments, reactions, usage data | Contract performance |
| Real-time messaging (chat) | Chat data (processed by GetStream) | Contract performance |
| Send push notifications | Notification tokens, device data | Contract performance / Legitimate interest |
| Find friends and manage connections | Contacts (with permission), friend data | Contract performance / Consent |
| Detect and prevent fraud, abuse, and security incidents | Device data, usage data, account data, IP address, IP geolocation | Legitimate interest |
| Analytics to improve the Services | Anonymised usage events — no personal identifiers, no IP address (processed on EU servers via Amplitude) | Legitimate interest |
| Error and crash reporting | Device data, crash logs (Sentry) | Legitimate interest |
| Respond to support requests | Support data, account data | Legitimate interest / Legal obligation |
| Comply with legal obligations | All categories as required | Legal obligation |
We do not use your emotion data for advertising profiling.
6. Chat Data and GetStream
Chat functionality in Rezonect is powered by GetStream, Inc. ("Stream"), a third-party service provider. This means:
- Your chat messages, media, and chat metadata are transmitted to and stored on Stream's infrastructure.
- Stream processes this data as a data processor acting on our behalf, under a Data Processing Agreement.
- Stream may have its own data retention policies and security practices. We recommend reviewing Stream's Privacy Policy at https://getstream.io/legal/privacy-policy/.
- We do not use your chat content for any purpose other than delivering the messaging feature.
- In the event of a data incident on Stream's side, our ability to notify you and limit exposure depends on information Stream provides us.
7. Third-Party Service Providers
| Provider | Purpose | Data shared |
|---|---|---|
| GetStream, Inc. | Real-time chat infrastructure | Chat messages, media, user identifiers |
| Google Firebase (FCM) | Push notification delivery | Device notification tokens |
| Amplitude | Anonymous product analytics | Anonymised usage events only — no name, email, phone number, or IP address; EU servers |
| Sentry | Error and crash reporting | Crash logs, device data, user identifiers |
| ipinfo.io | IP-based geolocation (country, ISP) for security and fraud prevention | IP address |
| Azure Blob Storage | Media storage (Moment images/videos, profile pictures) | Uploaded media files |
All providers are bound by data processing agreements. We do not sell your personal data to third parties.
8. How We Share Your Data
8.1 With other users
- Your first name, username, and profile picture are visible to friends you connect with.
- Your current emotion and intensity are visible to friends in your Circle (unless you activate an Emotional Break or adjust sharing settings).
- Moments you post — including their descriptions, images, and videos — are visible only to users within your connection circle. Moments are never publicly accessible and cannot be viewed by users who are not part of your connections.
- Your friend list and friend count may be visible to other users.
8.2 With service providers
8.3 For legal reasons
8.4 Business transfers
8.5 We do not sell your data
9. Data Retention
We retain your personal data for as long as your account is active and as necessary to provide the Services or comply with legal obligations.
| Data type | Retention period |
|---|---|
| Account and profile data | Until account deletion, then deleted within 30 days |
| Emotion data and history | Until account deletion |
| Moments | Until deleted by you or account deletion |
| Chat data | Subject to GetStream's retention policies; deleted from our systems upon account deletion request |
| Usage / analytics data | Up to 24 months from collection, then anonymised or deleted |
| Crash logs | Up to 12 months |
| IP address and geolocation | Registration IP retained until account deletion; last-login IP overwritten on each login/refresh and deleted upon account deletion |
| Notification tokens | Until account deletion or token invalidation |
If your account is inactive for 24 consecutive months, we will notify you and delete your account if no action is taken.
10. Data Security
We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:
- JWT-based authentication with automatic token refresh
- Secure token storage using device-level secure storage (iOS Keychain / Android Keystore)
- Encrypted data transmission (HTTPS/TLS)
- Session invalidation controls for multi-device security
However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Services at your own risk.
11. Your Rights
As a data subject under Romanian law and European Union GDPR (Regulation (EU) 2016/679), you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal obligations. You can delete your account directly from the Settings section of the app, which triggers erasure of all your personal data in accordance with the retention periods described in Section 9.
- Right to restriction: Request that we restrict processing of your data in certain circumstances.
- Right to data portability: Receive your personal data in a structured, machine-readable format. You can request an export of your personal data directly from the Settings section of the app. The export includes your account data, profile data, emotion history, and other personal information we hold about you, delivered in a portable format.
- Right to object: Object to processing based on legitimate interest, including for profiling.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: File a complaint with the Romanian data protection authority (ANSPDCP – Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) at www.dataprotection.ro, or with any supervisory authority within the European Union.
11.1 How to exercise your rights in the app
Rezonect provides self-service tools to exercise your core GDPR rights directly within the app:
- Download your data: Go to Settings > Account > Request Personal Data Export. You will receive a downloadable copy of your personal data.
- Delete your account: Go to Settings > Account > Delete Account. This permanently deletes your account and all associated personal data. Deletion of third-party data (e.g. chat messages stored by GetStream) is initiated promptly and completed in accordance with each provider's deletion process.
You may also contact us at dpo@rezonect.com to exercise any of your rights. For any further information regarding data protection, contact us at dpo@rezonect.com.
We will respond within 30 days. We may ask you to verify your identity before acting on requests.
12. International Data Transfers
Your data may be processed by service providers located outside Romania and the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to providers covered by an adequacy decision
- Data Processing Agreements with all third-party processors
13. Emotion Data
Rezonect processes emotional state information that you voluntarily share. We treat this data with care:
- Emotion data is shared only with friends you have explicitly connected with, unless you activate privacy controls.
- We do not use emotion data for advertising, profiling for commercial purposes, or share it with advertisers.
14. Analytics and Tracking
We use Amplitude (https://amplitude.com) to collect anonymous product analytics that help us understand how the app is used and improve it over time. Our Amplitude integration is configured as follows:
- No personally identifiable information is sent — no name, email address, phone number, or user account identifiers
- IP address tracking is explicitly disabled
- Cookies are disabled
- Data is processed exclusively on EU-region servers
Analytics events are anonymous usage signals (e.g. feature interactions, screen views, app errors) that cannot be linked back to any individual user.
We do not use third-party advertising trackers or sell advertising inventory.
15. Notifications
We use Firebase Cloud Messaging (Google) to deliver push notifications. You can disable push notifications at any time via your device's OS settings or within the Rezonect app settings. Note that in-app notifications (delivered while the app is open via our real-time connection) may still be shown regardless of OS notification settings.
16. Children
Rezonect is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at dpo@rezonect.com and we will delete it promptly.
17. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the current version.
18. Contact Us
For questions, requests, or complaints regarding your personal data:
Rezonect SRL
Dumbravita 307160, Timis, Romania
Email: support@rezonect.com
For any further information regarding data protection, you may contact us at dpo@rezonect.com.
For data protection authority complaints (Romania):
ANSPDCP – www.dataprotection.ro