Privacy Policy
Last Updated: June 1, 2026
Who We Are
This Privacy Policy explains how Meetsup ("Meetsup", "we", "us", or "our") collects, uses, shares, and protects information when you use the Meetsup mobile application (the "App"). Meetsup is an anonymous, consent-based, ephemeral chat service for adults aged 18 and over.
For the purposes of data-protection laws such as the EU/UK GDPR, Meetsup is the data controller of the personal data described here. If you have any privacy question or wish to exercise your rights, contact us at privacy@meetsup.in. This policy applies worldwide to all users of the App.
Information We Collect
We are built to collect as little as possible. We do not require your real name, email address, or phone number.
Account information:
- An anonymous user identifier generated for your device.
- A display name you choose.
- Your age. At sign-up you confirm a date of birth to prove you are 18+; we convert it to an age and do not store the full date of birth.
- Gender, and up to three profile pictures you upload.
Content you create:
- Messages you send (text and any image, audio, video, or GIF media).
- Connection requests, favourites, and blocks.
- Reports you file and their context.
Usage and technical data:
- Presence ("last seen") timestamps and basic chat metadata.
- Behavior signals used for safety scoring (e.g. rates of requests, reports against you).
- Approximate location derived only from the coarse range of your IP address (we do not collect precise GPS location).
- Device and connection signals (user agent, language, and, on Android, a device identifier) used to build an abuse-prevention fingerprint (see below).
- A push notification token if you enable notifications.
- Limited diagnostic and crash data to keep the App stable.
We do NOT collect: your email or phone number, your device contacts, your precise GPS location, or your payment details.
Device Fingerprint (Abuse Prevention)
Because Meetsup has no traditional login, we derive an opaque device fingerprint to detect spam, harassment, and ban evasion. It is computed as a SHA-256 hash of signals including your coarse IP range, user agent, language, browser/canvas/audio/WebGL characteristics, screen dimensions, timezone, and (on Android) the platform-provided device identifier.
We store only the resulting hash and never the raw signals. The hash is not currently combined with a secret salt. This fingerprint is used solely for fraud, abuse, and child-safety prevention — never for advertising, profiling for marketing, or tracking you across other apps or websites. The lawful basis for this processing is our legitimate interest (and, where applicable, legal obligation) in keeping the service safe.
How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the App and match you with other users.
- Deliver push notifications you have enabled.
- Keep the service safe — detect and act on spam, abuse, fraud, and prohibited content, and respond to reports.
- Enforce our Terms of Service and Child Safety Standards.
- Comply with legal obligations and respond to lawful requests.
- Diagnose problems and improve reliability.
We do not sell your personal information, we do not "share" it for cross-context behavioural advertising, and we do not use your message content for advertising.
Legal Bases for Processing (EEA, UK and similar laws)
Where the GDPR, UK GDPR, or a comparable law applies, we rely on the following legal bases:
- Performance of a contract — to provide the App you have asked to use.
- Legitimate interests — to keep the service safe and prevent abuse (including the device fingerprint and behavior scoring), balanced against your rights.
- Consent — where required, for example to send push notifications; you can withdraw it at any time.
- Legal obligation — to respond to lawful requests and to meet child-safety reporting duties.
We do not carry out fully automated decision-making that produces legal or similarly significant effects on you. Our safety system may automatically limit certain features (the "friction ladder"); you can contact us to query any restriction.
How We Share Information
With other users:your display name, profile pictures, and the messages and media you send are shown to the users you choose to interact with. Your "last seen" presence may be visible to a current chat partner, subject to your settings.
With service providers (processors acting on our instructions):
- Cloudflare — hosting, storage, edge compute, and content-safety scanning (Workers, D1, R2, KV, Durable Objects, Analytics Engine, Queues).
- Google Firebase Cloud Messaging — delivery of push notifications.
For legal and safety reasons:we may disclose information to law enforcement or other authorities where required by law or to prevent imminent harm, and we report child sexual abuse material to the National Center for Missing & Exploited Children (NCMEC) or the relevant local authority.
Payments: if you choose to send a voluntary contribution, you leave the App for an external payment provider governed by its own privacy policy; we never see or store your payment details.
We do not sell, rent, or trade your personal information.
International Data Transfers
Meetsup runs on Cloudflare's global edge network, so your information may be processed in countries other than your own, including countries whose data-protection laws differ from those where you live. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and our providers' security commitments. By using the App you understand that your information will be processed in these locations.
Data Retention
We keep information only as long as needed:
- Direct chats, their messages, and any media — deleted within 24 hours of the chat's expiry.
- View-once media — deleted from storage immediately after being viewed (or within 24 hours, whichever is first).
- Connection requests that are ignored, declined, or expire — deleted within 24 hours.
- Profile data (display name, age, gender, pictures, settings) — kept until you delete your account.
- Safety records (reports, moderation logs, behavior-score snapshots, and the device-fingerprint hash) — kept for as long as needed for safety enforcement and legal compliance, typically up to 12 months, and may be retained after you delete your account.
Ephemeral Messaging
Chats on Meetsup are ephemeral by design. They expire and are permanently deleted from our servers within 24 hours, and we do not archive them. Please remember that another user can still screenshot, copy, or otherwise save what you send before it expires — deletion on our side cannot control what another person does on their own device.
Data Storage & Security
Data is transmitted between your device and our servers using HTTPS/TLS encryption, and stored encrypted at rest by our infrastructure provider. Meetsup is NOT end-to-end encrypted: our systems can technically access message content because we must be able to moderate content, act on reports, and meet child-safety obligations. We apply access controls and other reasonable safeguards, but no system is completely secure. Please do not share sensitive personal, financial, or identifying information in any chat. If a data breach affects your information, we will notify you and the relevant authorities where the law requires.
Your Privacy Rights
Depending on where you live, you may have some or all of the following rights over your personal data: to access it; to correct or rectify it; to delete or erase it; to restrict or object to its processing; to data portability; to withdraw consent; and to opt out of any "sale" or "sharing" (we do not do either). You will not be treated differently for exercising these rights.
To exercise them: delete your account at any time via Settings → Account → Delete My Account (or the public deletion page), or email privacy@meetsup.in. We will verify and respond to your request within 30 days, or sooner where the law requires. You also have the right to lodge a complaint with your local data-protection or privacy authority.
Region-Specific Rights
European Economic Area & United Kingdom:you have the GDPR / UK GDPR rights above and may complain to your national Data Protection Authority or the UK Information Commissioner's Office (ICO).
California (CCPA/CPRA):the categories of personal information we collect are identifiers, internet/app activity, approximate geolocation (from IP), user-generated content, and inferences for safety. You have the right to know, delete, and correct your information, and to opt out of sale/sharing — we do not sell or share your personal information and do not offer financial incentives for data. We will not discriminate against you for exercising these rights.
India (Digital Personal Data Protection Act): you may access, correct, and erase your personal data and seek grievance redressal. You can reach our Grievance Officer at privacy@meetsup.in, and you may nominate another person to exercise your rights in the event of death or incapacity.
Other regions (e.g. Brazil's LGPD, Canada's PIPEDA): we honour equivalent rights. Contact privacy@meetsup.in and we will assist.
Children's Privacy
Meetsup is strictly for users aged 18 or older. We require date-of-birth confirmation at sign-up and do not knowingly collect data from anyone under 18. If we learn that a minor has accessed Meetsup, we will terminate the account, delete associated data, and restrict the device. To report a suspected minor, use the in-app report flow ("Involves a minor") or the path on our Child Safety Standards page. We have zero tolerance for child sexual abuse and exploitation and report it to NCMEC or the relevant authority.
Reports, Moderation & Blocking
When you file a report we collect the report content, the reported user's identifier, and relevant context (including any attached media). Reports are reviewed with a target response of 24 hours, and reports involving minors are prioritised immediately. When you block someone, we store that block so we can enforce it; blocked users cannot see your profile, message you, or be matched with you, and are not told they were blocked. Safety and moderation records may be retained after account deletion as described in Data Retention.
Account Deletion
You can permanently delete your account at any time from Settings → Account → Delete My Account, or via our public deletion page. Deletion is immediate: your profile, chats, messages, media, requests, favourites, blocks, settings, and notification tokens are erased and cannot be recovered. The only items retained are the anonymized device-fingerprint hash (with the link to your account removed) and minimal safety records, kept for the limited safety periods described above.
Local Storage on Your Device
We use on-device local storage to remember your session, theme, notification preferences, and one-time interface dismissals (such as accepting the Global Chat rules). We do not use third-party tracking technologies or cross-site advertising cookies.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through an in-app notice and update the "Last Updated" date below. Your continued use of Meetsup after an update takes effect constitutes acceptance of the revised policy.
Contact Us
Privacy questions and rights requests: privacy@meetsup.in (also our Grievance Officer contact for India).
Child-safety concerns: safety@meetsup.in and our Child Safety Standards page.
Law-enforcement requests: legal@meetsup.in.
You can also reach us via Settings → Help & Support in the App.