Privacy Policy — F0K
v1.1 — 18 June 2026. Published policy (source of the online version at f0k.app/privacy). Drafted in-house by ABBAQ SAS (internal compliance pack: records of processing, processor DPAs). Designed for worldwide distribution via the App Store and Google Play: see §11 for jurisdiction-specific terms.
Last updated: 18 June 2026.
F0K (the "App") is published by ABBAQ SAS, company number (SIREN) 850959552, 101 Rue de Sèvres, 75006 Paris, France ("we", "us"). Your privacy is fundamental to us. F0K is built on data minimization: we collect only what is necessary, and you stay in control.
1. Data controller
ABBAQ SAS — 101 Rue de Sèvres, 75006 Paris, France.
- Personal data / GDPR: privacy@f0k.app
- Support / general questions: support@f0k.app
- Content report / image rights: abuse@f0k.app
2. Data we process
a) Account creation & sign-in
- Email address or phone number (to send you a one-time sign-in code).
- Date of birth (only to verify you are at least 18; your date of birth is not shown publicly).
- Username and avatar (an emoji you choose).
b) Content you share
- Photos taken in the App (NIGHTLIFE / KONFIDENCE modes). Visible for 24 h maximum, then automatically deleted.
- Each photo is automatically screened before sending (moderation) to block illegal or hateful content; this screening is performed by a specialized processor (see §5).
- Your friend circles (members, invitations) and the votes (GO / STOP / Hmm) exchanged. NIGHTLIFE votes have no free-text comments.
- Where applicable, the names of people you "tag" as being with you.
b bis) Consent of the photographed person (NIGHTLIFE)
- When you send a NIGHTLIFE photo, the photographed person gives consent directly on screen (after being informed of the purpose and their right to object). We keep a timestamped record of this consent (date/time, linked to the send) as proof, in line with our obligations.
c) Location (optional, off by default)
- By default: an approximate location (city/neighborhood), only if you enable it.
- KONFIDENCE (safety) — "exact location" option: you may choose to share your exact GPS coordinates with your trusted circle (and only them), for safety. This is opt-in, off by default, and limited to the KONFIDENCE flow. Outside this explicit choice, we only process the approximate location.
d) Notifications
- If you allow them: a technical device identifier (push token) to send you alerts.
e) Technical & analytics data
- Aggregated, minimized usage data (product events) via our EU-hosted analytics tool, to improve the App. No advertising profiling.
f) What we do NOT collect / do *(commitments)*
- No biometric data: no facial geometry analysis, no facial recognition.
- No social-media data (Facebook, Instagram, Spotify…) and no access to your address book / contacts.
- No cross-site/cross-app advertising tracking, no advertising profile, no targeted behavioral advertising.
- We never sell or "share" your data (in the sense of selling / sharing for advertising purposes).
- We belong to no group of companies: we never pool your data with other apps or businesses.
3. Purposes and legal bases (GDPR art. 6)
| Purpose | Legal basis |
|---|---|
| Provide the service (account, circles, sends, votes) | Performance of a contract |
| Sharing a third party's image (NIGHTLIFE) | Consent of the photographed person (art. 6.1.a), collected on screen and timestamped |
| Verify minimum age (18+) | Legal obligation / legitimate interest |
| Location sharing, notifications, optional features | Consent (withdrawable anytime) |
| Marketing communications (news, safety tips) | Consent (opt-in box unchecked by default, withdrawable) |
| Advertising (NIGHTLIFE only, if enabled) | Consent collected via a Consent Management Platform (CMP); ads are non-personalized; KONFIDENCE remains ad-free |
| Security, abuse prevention | Legitimate interest |
| Analytics | Consent — analytics is enabled only with your agreement |
4. Retention
- NIGHTLIFE photos: 24 hours, then the photo is deleted automatically — or immediately if the photographed person requests removal. The associated votes may be kept beyond that, without the photo (unless you keep a memory in your optional encrypted vault).
- Consent proof (NIGHTLIFE): the timestamp of the photographed person's consent is kept for as long as needed as evidence (notably the applicable limitation period), then deleted.
- KONFIDENCE (safety) photos: kept until all your recipients confirm you are safe, then deleted (the photo stays useful for the safety purpose until your contacts confirm offline).
- Account and profile: until you delete your account.
- Location: for the duration of the relevant alert, then deleted.
- Messages: deleted with the associated send.
- Technical logs: kept for at most 12 months for security purposes.
- Support tickets: kept for at most 3 years after the last exchange.
- Deleted accounts: data erased within a reasonable time; some data may persist for up to 30 days in encrypted backups before rotation/overwrite.
- We do not keep data longer than necessary for the purposes described.
5. Recipients & processors
Your data is never sold. It is accessible only to you and the circle members you choose, and processed by our technical sub-processors under contract (DPA):
- Supabase — hosting, database, storage, authentication (EU, Frankfurt).
- Resend (via AWS SES) — sending sign-in emails (EU, eu-west-1).
- PostHog — analytics (EU).
- Expo / EAS — web hosting and app delivery (United States; covered by the Standard Contractual Clauses + the EU-US Data Privacy Framework).
- OpenAI (OpenAI Ireland Ltd) — automated photo moderation (each photo is screened before sending). Processing in the United States, covered by the European Commission's Standard Contractual Clauses.
- *(When enabled)* RevenueCat (subscriptions) and Google AdMob (ads).
If advertising is enabled (NIGHTLIFE only), it is non-personalized and shown only after your consent, collected via a GDPR-compliant Consent Management Platform (CMP); you can change or withdraw this choice at any time. The KONFIDENCE flow remains ad-free.
6. Transfers outside the EU
We prioritize hosting within the European Union. Where a processor involves a transfer outside the EU, it is covered by appropriate safeguards: this includes photo moderation (OpenAI, United States), covered by Standard Contractual Clauses, and hosting/delivery (Expo/EAS, United States), covered by Standard Contractual Clauses and the EU-US Data Privacy Framework.
7. Your rights
Under the GDPR, you have the rights of access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent at any time. In the App, you can export your data and delete your account directly from your profile. You may also contact us at privacy@f0k.app. You may lodge a complaint with the French supervisory authority (CNIL, www.cnil.fr) or your local authority (see §11).
8. Security
Encrypted transport (HTTPS/TLS), database-level access isolation (row-level security), ephemeral data. Exact GPS is processed only if you explicitly enable the KONFIDENCE "exact location" option, and only towards your trusted circle.
9. Minors
F0K is for people aged 18 and over. We do not knowingly collect data from anyone under 18.
10. Image rights (NIGHTLIFE mode)
Before each send, the App collects the consent of the photographed person themselves on a dedicated screen, which informs them of the purpose (a private circle's opinion), the controller (ABBAQ SAS) and their right to object (GDPR art. 13-14); without their consent, sending is blocked, and a timestamp of the consent is kept as proof. The photographed person can obtain immediate removal of their image at any time, via abuse@f0k.app, the report button, or directly through the user who photographed them. Opinions (GO / STOP / Hmm) carry no free-text comments and are meant for the user only.
11. International terms (worldwide distribution)
F0K is available worldwide on the App Store and Google Play. ABBAQ SAS (France) is the data controller for all users, wherever they reside. Your data is processed primarily within the European Union (Supabase, Frankfurt) — a high protection standard that benefits everyone. Whatever your jurisdiction, we apply the same commitments: minimization, 24-hour ephemerality, no sale of data, no behavioral advertising.
🇺🇸 California (CCPA / CPRA). Categories collected in the last 12 months: identifiers (email/phone, username), account information, content you provide (ephemeral photos), geolocation (approximate; precise only if you enable KONFIDENCE), technical device identifiers, usage data. We do not "sell" or "share" any personal information (including for cross-context behavioral advertising), and have not done so. Sensitive information (precise geolocation, only if you enable it) is used solely to provide the safety feature you request, never to infer characteristics — you may request to limit its use. You have the rights to know/access, delete, correct, opt out of sale/sharing (not applicable: we do not sell), and to non-discrimination. Exercise them at privacy@f0k.app; no financial incentive is attached to your data.
🇬🇧 United Kingdom. The UK GDPR applies; supervisory authority = ICO (ico.org.uk).
🇧🇷 Brazil (LGPD). Equivalent rights (confirmation, access, correction, anonymization/deletion, portability, information about sharing); authority = ANPD. Contact: privacy@f0k.app.
🇨🇦 Canada (PIPEDA). Processing based on consent and minimization; you can access your data and contact the Office of the Privacy Commissioner of Canada (OPC).
🌍 Other countries. We apply the same standards everywhere (with the GDPR as our baseline). If your jurisdiction grants specific rights, write to privacy@f0k.app and we will act on them. Additional local terms will be added if/when F0K formally enters those markets.
12. Changes
We may update this policy. For significant changes, we will notify you in the App. This policy complements our Terms of Service (f0k.app/terms).
13. Contact
Questions about your data: privacy@f0k.app.