Privacy Policy
Last updated: 8 June 2026
1. Introduction
Rezonect ("we", "us", "our") is committed to protecting your personal data in full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and all applicable European Union and Romanian data protection legislation. This Privacy Policy explains what information we collect when you use the Rezonect mobile application and related services (the "Services"), why we collect it, how we use and share it, and your rights regarding it.
We provide you with meaningful control over your data, including the ability to download a portable copy of your personal data and to permanently delete your account and all associated data directly from within the app — no request to support is required.
Please read this Policy carefully before using the Services. By using Rezonect, you acknowledge that you have read and understood this Policy.
2. Who We Are / Data Controller
Rezonect SRL is the data controller of your personal data as described in this Policy.
Registered address: Dumbravita 307160, Timis, Romania
Contact email: dpo@rezonect.com
As a data controller established in Romania, a Member State of the European Union, we operate under Romanian law and are fully subject to the General Data Protection Regulation (EU) 2016/679 (GDPR) and all applicable European Union data protection legislation. We are committed to lawful, transparent, and fair processing of your data.
3. Minimum Age
The Services are not directed to children under 13. You must be at least 13 years old to create an account or use Rezonect, unless a higher minimum age applies to you under applicable law.
In European Union member states, the minimum age to use the Services without verifiable parental consent is set by each country's GDPR digital-consent rules (typically 13, 14, 15, or 16). At registration we ask for your age and use your approximate country (inferred from your IP address) to apply the minimum age for your location. If you do not meet the applicable minimum age, you cannot create or maintain an account.
We do not knowingly collect personal data from anyone below the applicable minimum age. If we become aware that a user does not meet the minimum age for their location, we will delete their account and associated data promptly.
For child safety standards and how to report concerns, see https://rezonect.com/child-safety/.
4. Data We Collect
4.1 Data you provide to us
| Category | Data |
|---|---|
| Account data | First name, last name, username, email address, phone number, date of birth |
| Profile data | Profile picture, biography, profile color/gradient |
| Emotion data | Current emotion, intensity level, emotion history, timestamps |
| Moments | Text content, images, videos (optionally linked to your emotion) |
| Reactions | Emoji reactions sent or received (Vibe Reactions) |
| Chat data | Text messages, images, videos, voice messages sent via in-app chat |
| Friend data | Friend connections, friend requests sent/received, blocked users |
| Support data | Content of communications with our support team |
| Reports and moderation data | In-app reports you submit (reported content type, reason, optional description), associated account identifiers, timestamps, and moderation outcomes |
4.2 Data collected automatically through your use of the Services
| Category | Data |
|---|---|
| Device data | Device type, model, operating system version, screen size, user agent string, unique device identifiers |
| Usage data | App interactions, feature usage, notification interactions, login events, session data |
| Network data | IP address, stored at registration and updated on each login or token refresh |
| IP geolocation | Country and Internet Service Provider (ISP/organisation), inferred from your IP address. Used for security, fraud prevention, and to determine the applicable minimum registration age for your location. Stored at registration and updated on each login |
| Notification tokens | Firebase Cloud Messaging device tokens for push delivery |
| Install attribution | When you visit rezonect.com from a marketing link (e.g. QR code or flyer), we log the campaign identifier, IP address, coarse device characteristics, and timestamp. If you later register in the app, we may link that visit to your account using device and network signals collected at registration |
4.3 Data from device permissions
| Permission | Purpose |
|---|---|
| Camera | Take photos or videos for profile picture or Moments |
| Photo library | Select existing photos or videos for profile picture or Moments |
| Microphone | Record voice messages in chat |
| Contacts | Find friends who already use Rezonect by matching submitted phone numbers against existing accounts; invite others |
| Notifications (OS) | Receive push notifications for activity, messages, and updates |
Granting or denying these permissions is your choice. Denying certain permissions will limit specific features.
When you grant Contacts permission, we use submitted contact phone numbers only to check whether those numbers already belong to existing Rezonect accounts. We do not store your address book as a server-side contacts list and we do not upload contact names. Contact numbers are processed for matching and anti-abuse controls, including temporary in-memory rate-limit/abuse data.
4.4 Data from third parties
5. How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Create and maintain your account | Account data, profile data | Contract performance |
| Provide the core Services (emotion sharing, Circle, Moments, reactions) | Emotion data, Moments, reactions, usage data | Contract performance |
| Real-time messaging (chat) | Chat data (processed by GetStream) | Contract performance |
| Send push notifications | Notification tokens, device data | Contract performance / Legitimate interest |
| Find friends and manage connections | Contact phone numbers (with permission), friend data | Contract performance / Consent |
| Detect and prevent fraud, abuse, and security incidents | Device data, usage data, account data, IP address, IP geolocation | Legitimate interest |
| Analytics to improve the Services | Usage events and IP address (for approximate country/region) linked by a pseudonymous user ID; no name, email, or phone; processed on EU servers via Amplitude | Legitimate interest |
| Measure install campaign effectiveness (e.g. QR codes, flyers) | Install attribution data, device data, IP address | Legitimate interest |
| Error and crash reporting | Device data, crash logs (Sentry) | Legitimate interest |
| Respond to support requests | Support data, account data | Legitimate interest / Legal obligation |
| Comply with legal obligations | All categories as required | Legal obligation |
| Keep users safe (reports, blocks, moderation review) | User reports, account and content data, chat data (via GetStream) | Legitimate interest |
| Process notice-and-takedown requests and respond to authorities | Notice and report data, account and Content data, correspondence with complainants and affected users | Legitimate interest / Legal obligation |
| Display optional public profile at rezonect.com/@username (when you enable "Share profile" in Settings) | Profile picture (thumbnail), full name, username | Consent |
Contact numbers provided for friend discovery are used only to perform account matching and abuse/rate-limit protection. We do not sell them and do not share them with third parties for their own marketing or advertising purposes.
We do not use your emotion data for advertising profiling.
6. Chat Data and GetStream
Chat functionality in Rezonect is powered by GetStream, Inc. ("Stream"), a third-party service provider. This means:
- Your chat messages, media, and chat metadata are transmitted to and stored on Stream's infrastructure.
- Stream processes this data as a data processor acting on our behalf, under a Data Processing Agreement.
- Stream may have its own data retention policies and security practices. We recommend reviewing Stream's Privacy Policy at https://getstream.io/legal/privacy-policy/.
- We do not use your chat content for any purpose other than delivering the messaging feature.
- In the event of a data incident on Stream's side, our ability to notify you and limit exposure depends on information Stream provides us.
7. Third-Party Service Providers
| Provider | Purpose | Data shared |
|---|---|---|
| GetStream, Inc. | Real-time chat infrastructure | Chat messages, media, user identifiers |
| Google Firebase (FCM) | Push notification delivery | Device notification tokens |
| sendsms.ro | SMS/OTP delivery for phone verification (login and registration) | Phone number (for delivery of verification codes only) |
| Amplitude | Product analytics | Pseudonymous user ID (internal account identifier only — no name, email, or phone number); usage events; IP address (used to derive approximate country and region for analytics); EU servers |
| Sentry | Error and crash reporting | Crash logs, device data, user identifiers |
| IP geolocation provider | IP-based geolocation (country, ISP) for security, fraud prevention, and registration age eligibility | IP address |
| Azure Blob Storage | Media storage (Moment images/videos, profile pictures) | Uploaded media files |
All providers are bound by data processing agreements. We do not sell your personal data to third parties.
8. How We Share Your Data
8.1 With other users
- Your first name, username, and profile picture are visible to friends you connect with.
- Your current emotion and intensity are visible to friends in your Circle (unless you activate an Emotional Break or adjust sharing settings).
- Moments you post — including their descriptions, images, and videos — are visible only to users within your connection circle. Moments are never publicly accessible and cannot be viewed by users who are not part of your connections.
- Your friend list and friend count may be visible to other users.
- Optional public profile page: If you enable "Share profile" in Settings (Support section), your profile picture (thumbnail), full name and username are visible to anyone on a public webpage at https://rezonect.com/@username. You can turn this off at any time in Settings; when off, that page is not displayed. This processing is based on your consent. The data shown there is part of your profile data and is included in data export and erased when you delete your account or turn the setting off.
8.2 With service providers
8.3 For legal reasons
8.4 Business transfers
8.5 We do not sell your data
9. Data Retention
We retain your personal data for as long as your account is active and as necessary to provide the Services or comply with legal obligations.
| Data type | Retention period |
|---|---|
| Account and profile data | Until account deletion, then deleted within 30 days |
| Emotion data and history | Until account deletion |
| Moments | Until deleted by you or account deletion |
| Chat data | Subject to GetStream's retention policies; deleted from our systems upon account deletion request |
| Usage / analytics data | Up to 24 months from collection, then anonymised or deleted |
| Crash logs | Up to 12 months |
| IP address and geolocation | Registration IP retained until account deletion; last-login IP overwritten on each login/refresh and deleted upon account deletion |
| Notification tokens | Until account deletion or token invalidation |
| Contact phone numbers submitted for friend discovery | Not stored as a server-side address-book contacts list; processed for matching and temporary anti-abuse controls (in-memory cache up to 4 hours) |
| Install attribution (unmatched website visits) | Up to 30 days, then deleted |
| Install attribution (linked to your account) | Until account deletion |
| Reports and moderation records | For the duration of the moderation case and related appeals, then up to 3 years for legal compliance, dispute resolution, and repeat-infringer enforcement |
If your account is inactive for 24 consecutive months, we will notify you and delete your account if no action is taken.
10. Data Security
We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:
- JWT-based authentication with automatic token refresh
- Secure token storage using device-level secure storage (iOS Keychain / Android Keystore)
- Encrypted data transmission (HTTPS/TLS)
- Session invalidation controls for multi-device security
However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Services at your own risk.
11. Your Rights
As a data subject under Romanian law and European Union GDPR (Regulation (EU) 2016/679), you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal obligations. You can delete your account directly from the Settings section of the app, which triggers erasure of all your personal data in accordance with the retention periods described in Section 9.
- Right to restriction: Request that we restrict processing of your data in certain circumstances.
- Right to data portability: Receive your personal data in a structured, machine-readable format. You can request an export of your personal data directly from the Settings section of the app. The standard export includes your account data, profile data, emotion history, moments, and chat messages authored by you. If you need broader chat-thread context, you can submit an additional request.
- Right to object: Object to processing based on legitimate interest, including for profiling.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: File a complaint with the Romanian data protection authority (ANSPDCP – Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) at www.dataprotection.ro, or with any supervisory authority within the European Union.
11.1 How to exercise your rights in the app
Rezonect provides self-service tools to exercise your core GDPR rights directly within the app:
- Download your data: Go to Settings > Account > Request Personal Data Export. We process requests within 30 days. Standard export includes your own chat messages first; broader chat context can be requested separately.
- Delete your account: Go to Settings > Account > Delete Account. This permanently deletes your account and all associated personal data. Deletion of third-party data (e.g. chat messages stored by GetStream) is initiated promptly and completed in accordance with each provider's deletion process.
You may also contact us at dpo@rezonect.com to exercise any of your rights. For any further information regarding data protection, contact us at dpo@rezonect.com.
We respond to valid requests within 30 days. We may ask you to verify your identity before acting on requests, especially for broader chat-context requests.
12. International Data Transfers
Your data may be processed by service providers located outside Romania and the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to providers covered by an adequacy decision
- Data Processing Agreements with all third-party processors
13. Emotion Data
Rezonect processes emotional state information that you voluntarily share. We treat this data with care:
- Emotion data is shared only with friends you have explicitly connected with, unless you activate privacy controls.
- We do not use emotion data for advertising, profiling for commercial purposes, or share it with advertisers.
14. Analytics and Tracking
We use Amplitude (https://amplitude.com) to collect product analytics that help us understand how the app is used and improve it over time. Our Amplitude integration is configured as follows:
- We send a pseudonymous user identifier (an internal account ID that we assign to your account). This allows us to analyse usage patterns per user (e.g. retention, feature adoption) without sending your name, email address, phone number, or any other directly identifying information.
- We send your device's IP address with analytics events so that Amplitude can derive approximate location (country and region) for aggregate analytics (e.g. understanding where our users are based). We do not use this for individual tracking or advertising.
- Cookies are disabled
- Data is processed exclusively on EU-region servers
Analytics events (e.g. feature interactions, screen views, app errors) are linked only to this pseudonymous ID. When you delete your account, we take steps to ensure your analytics data associated with that ID is deleted or anonymised in line with our retention and erasure practices.
We do not use third-party advertising trackers or sell advertising inventory.
15. Notifications
We use Firebase Cloud Messaging (Google) to deliver push notifications. You can disable push notifications at any time via your device's OS settings or within the Rezonect app settings. Note that in-app notifications (delivered while the app is open via our real-time connection) may still be shown regardless of OS notification settings.
16. Children
Rezonect is not intended for anyone below the minimum age that applies to them (see Section 3). We do not knowingly collect personal data from children below that age. If you believe a child has registered in breach of the minimum age rules, please contact us at dpo@rezonect.com or safety@rezonect.com and we will delete the account and associated data promptly.
17. User Safety, Content Moderation, and Notice-and-Takedown
17.1 Our approach
Rezonect hosts user-generated Content and acts as a hosting provider under applicable EU law. We do not pre-screen all Content before it is posted, and we do not guarantee that all inappropriate or unlawful Content will be detected or removed.
17.2 Safety and reporting tools
We provide tools to help keep the Services safe, including:
- In-app reporting on user profiles, Moments, and chat messages
- The ability to block other users
- Human review of user reports by our team, with removal of Content or account action where appropriate
If you see Content or behaviour that violates our Terms or threatens safety, please report it in the app or contact safety@rezonect.com.
17.3 Notice-and-takedown process
Our Terms of Service and Notice and Takedown page describe how illegal Content and intellectual property infringement claims are handled, including:
- that notices must be sufficiently precise and adequately substantiated to allow us to identify and assess Content without detailed legal investigation;
- how to submit a notice of illegal Content (safety@rezonect.com) or copyright/IP infringement (support@rezonect.com, subject line: "IP Notice");
- priority handling for serious illegal Content and target review timeframes;
- how we review notices and may remove or restrict Content proportionately;
- how affected users are notified and may appeal through our internal complaint-handling system;
- how counter-notices may be submitted where Content was removed in error.
When you submit a report or formal notice, we process the information you provide — including your account details, the reported Content, and your correspondence — to investigate the claim, take appropriate action, comply with legal obligations, and handle appeals. Where permitted by law, we may share relevant information with the user whose Content is reported so they can respond or appeal.
17.4 Data we process for moderation
For reports, notices, appeals, and authority requests, we may process:
- reporter or complainant identity and contact details;
- the reported Content and related account identifiers;
- moderation decisions, statements of reasons, and appeal outcomes;
- records needed to identify repeat infringers or enforce prior decisions.
This processing is described in Sections 4, 5, and 9 of this Policy.
17.5 Contact for authorities
Judicial authorities, regulators, and other competent bodies may contact us regarding illegal Content at safety@rezonect.com.
18. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the current version.
19. Contact Us
For questions, requests, or complaints regarding your personal data:
Rezonect SRL
Dumbravita 307160, Timis, Romania
Email: support@rezonect.com
For any further information regarding data protection, you may contact us at dpo@rezonect.com.
For illegal Content reports and moderation appeals: safety@rezonect.com
For copyright and intellectual property infringement notices: support@rezonect.com (subject line: "IP Notice")
For data protection authority complaints (Romania):
ANSPDCP – www.dataprotection.ro