BeHere

Privacy Policy

Last updated: August 9, 2025

This Privacy Policy explains how BeHere ("BeHere", "we", "us") collects, uses, shares, and protects your information when you use our mobile and web applications and related services.

By using BeHere, you agree to this Policy. If you do not agree, please do not use the Service.

1. Introduction

BeHere is a location‑based photo sharing service. We collect and process information to authenticate users, provide core social features (posting photos with location, friends, notifications), keep our Service secure, and improve reliability. This Policy is written in plain English and is intended to meet the requirements of the EU/UK GDPR and the California Consumer Privacy Act (CCPA), as amended by CPRA.

2. Information We Collect

We collect the following categories of information:

  • Account and Profile Information: name, username, email address, profile image, and timestamps for account creation/updates.
  • Authentication and Session Data: session tokens and their expiry, and, where available, IP address and user agent at sign‑in for security and fraud prevention.
  • Social Graph and Interactions: friendships (requester/addressee and status), your posts, post view records (who viewed which post), and view intents (scheduled fetches).
  • Content You Provide: photos/media you upload and optional descriptions. Media is stored in an S3‑compatible object store; database records reference media keys.
  • Location Data: precise latitude/longitude for posts you create, required location name, and a geographic point saved in the database to enable map features. The app may request your device location to attach it to a post or enhance map experiences. You control OS permissions.
  • Device and Push Notification Data: mobile push notification token (e.g., Expo push token) to deliver notifications and your notification preferences.
  • Security Signals: Firebase App Check token used to verify that requests originate from genuine app instances.
  • Diagnostics and Analytics (if enabled): crash reports and basic analytics events via Firebase (platform‑level SDKs). See “Cookies and Tracking Technologies.”

We do not intentionally collect payment information. We do not intentionally collect your address book/contacts.

3. How We Use Your Information

We use information to:

  • Provide the Service: create and maintain accounts, authenticate you, enable posting, maps, viewing friends’ posts, and other features.
  • Operate Social Features: manage friendships, send notifications (e.g., friend requests/acceptance), and compute view counts.
  • Location‑Based Functionality: attach your provided location to posts, show relevant content on the map, and generate vector tiles for map rendering.
  • Security and Abuse Prevention: protect APIs from abuse, detect unauthorized access, and enforce our Terms.
  • Communications: send transactional notifications to your device (you can disable in OS/app settings).
  • Improvement and Reliability: measure performance, diagnose crashes, and improve stability (where analytics/crash reporting are enabled).
  • Legal/Compliance: comply with law, enforce agreements, and respond to lawful requests.

4. Legal Bases for Processing (EEA/UK users)

Where GDPR applies, our legal bases include:

  • Performance of a Contract: to provide the Service you request (account, posts, friends, notifications).
  • Consent: for optional features like precise location access, notifications, and certain analytics on platforms requiring consent. You can withdraw in OS/app settings.
  • Legitimate Interests: to keep the Service secure (fraud prevention), to measure basic usage and reliability, and to improve features, balanced against your rights.
  • Legal Obligations: to comply with applicable laws and enforce our Terms.

5. How We Share Information

We do not sell your personal information. We share information only as needed to operate the Service and as described below:

  • Service Providers and Infrastructure:
    • Cloud Database and Hosting: PostgreSQL with PostGIS via our cloud database provider.
    • Object Storage: S3‑compatible storage provider for images/media (region and endpoint configured by environment).
    • Push Notifications: Expo Push Notification Service to deliver device notifications.
    • Authentication: Apple and Google for OAuth; Better Auth service runtime.
    • Maps: Mapbox SDK for map rendering. Telemetry is disabled in code where supported.
  • Other Users: Content you choose to share (e.g., posts, username, profile image) is visible to permitted audiences per app design.
  • Legal Requirements: We may disclose information if required by law, subpoena, or to protect rights, security, or integrity of BeHere and its users.
  • Business Transfers: In a merger, acquisition, or asset sale, information may be transferred as part of the transaction subject to this Policy.

We impose contractual obligations on service providers to process personal data only on our instructions and to protect it appropriately.

6. Data Retention

We retain information for as long as necessary to fulfill the purposes described in this Policy, including:

  • Account and Profile: kept while your account is active; deleted or anonymized after you request deletion, subject to legal holds.
  • Content (Photos/Posts): kept until you delete the content or your account, or as required for safety/legal reasons.
  • Push Tokens: kept while notifications are enabled for your account or until the token is revoked/invalid.
  • Sessions: kept until expiry and then removed; metadata may be retained briefly for security/audit.
  • Verification Codes/Identifiers (SMS/OTP): kept only as long as needed to complete verification and handle abuse prevention.
  • Analytics/Crash Data: retained according to the provider’s default retention, only if enabled.

7. Security

We use administrative, technical, and organizational measures to protect your data:

  • Transport security (HTTPS/TLS) for data in transit.
  • Cloud provider encryption at rest for databases and object storage.
  • Principle of least privilege for service credentials and environment‑scoped access.
  • Monitoring and logs for operational security.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access, Correction, and Deletion: request access to, correction of, or deletion of your personal data.
  • Portability: receive certain data in a portable format.
  • Restriction/Object: request we restrict or object to certain processing, including processing based on legitimate interests.
  • Consent Withdrawal: withdraw consent at any time (e.g., disable location or notifications in device settings; toggle analytics where applicable).

How to exercise:

  • In‑App: use account and privacy settings (including account deletion) where available.
  • Email: [email protected] with your request and sufficient information to verify your identity.

We will not discriminate against you for exercising your rights.

California (CCPA/CPRA)

  • No Sale or Sharing: We do not sell or "share" personal information for cross‑context behavioral advertising.
  • Sensitive Personal Information: We may process precise geolocation to provide features you request. You can limit use by disabling location permissions.
  • Right to Know/Delete/Correct: You can request details about categories/sources/purposes and request deletion/correction as described above.

EEA/UK

You may lodge a complaint with your local data protection authority. We encourage you to contact us first so we can resolve your concern.

9. Cookies and Tracking Technologies

  • Mobile Apps: We do not use traditional web cookies. We may use device identifiers and SDKs for push notifications, crash reporting, and basic analytics, subject to your OS permissions.
  • Web App: We may use cookies or similar technologies to maintain your session and secure access. These are primarily functional/necessary cookies via our authentication client.
  • Analytics/Crash Reporting: Our apps include Firebase Analytics and Crashlytics SDKs. Where required, we seek consent before enabling analytics. You can limit analytics in OS settings or through any in‑app controls we provide. Crash reports help us fix issues and typically include device model, OS version, app version, and stack traces, but not your photos or precise location unless included in the crash context by the platform.
  • Mapbox Telemetry: We instruct the Mapbox SDK to disable telemetry.

10. Third‑Party Services

The following providers process data on our behalf or as part of the Service:

Links are provided for convenience; providers may change URLs or terms.

11. International Data Transfers

We may process and store information in the United States and other countries. Where transferring personal data from the EEA/UK/Swiss jurisdictions to countries without an adequacy decision, we rely on approved safeguards such as the European Commission’s Standard Contractual Clauses and implement additional measures where appropriate.

12. Children’s Privacy

BeHere is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided information, contact us and we will take steps to delete it. Users 13–17 should use the Service only with parental consent and supervision.

13. Changes and Contact

We may update this Policy from time to time. We will post changes here and update the "Last updated" date. If changes materially affect your rights, we will provide additional notice (e.g., in‑app notice or email, if available). Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

Contact us with questions or privacy requests:

If you contact us, we may request additional information to verify your identity before fulfilling your request.

This Policy applies to the BeHere mobile and web applications and related backend services identified in our legal notices. It does not cover third‑party sites or services that are not controlled by BeHere.