Home About Help Contact
Privacy

Privacy Policy.

How we collect, use, and protect your information.

On this page

Last updated: June 6, 2026 ยท Effective: June 6, 2026

1. Introduction

This Privacy Policy describes how UfaqEdge (“we,” “us,” “our,” or “UFAQ”) collects, uses, discloses, retains, and protects personal information when you access or use the UFAQ mobile application (the “App”), the website at ufaqedge.com (the “Website”), and any related online services (collectively, the “Services”).

By creating an account, downloading the App, or using any of the Services, you acknowledge that you have read this Policy and agree to the collection, use, disclosure, retention, and protection of your information as described herein. If you do not agree, you must not use the Services.

This Policy is intended to comply with major global data protection laws, including the GDPR, UK GDPR, CCPA/CPRA, COPPA, the Pakistan Personal Data Protection Act, India’s DPDP Act, Brazil’s LGPD, Canada’s PIPEDA, Australia’s Privacy Act, Japan’s APPI, China’s PIPL where applicable, UAE Federal Decree-Law No. 45 of 2021, Saudi Arabia’s Personal Data Protection Law, and South Africa’s POPIA.

Where any provision of this Policy conflicts with the mandatory requirements of a law applicable to you, the mandatory requirement of that law shall prevail, but only with respect to the persons protected by that law.

2. Who we are

The data controller responsible for your personal information is:

UfaqEdge
55360 Habibabad/Wan Radha Ram, Pattoki, Punjab, Pakistan
Email: support@ufaqedge.com

For data protection and privacy inquiries (GDPR, CCPA/CPRA, and other privacy law requests): privacy@ufaqedge.com.

For users in the EEA and UK, our data protection contact serves as our representative for privacy matters. If you remain dissatisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

For California residents, you may contact us to exercise your rights under CCPA/CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information.

3. Scope

This Policy applies to:

  • Visitors to the Website
  • Users who create an account in the App
  • Users who interact with us by email or other channels
  • Any other person whose personal information we process

It does not apply to third-party websites or services linked from the Services (they have their own privacy practices), or to information you choose to make public within the App.

4. Age restrictions

The Services are intended for users aged thirteen (13) years or older. Users in the European Economic Area, the United Kingdom, Switzerland, and certain other jurisdictions must be at least sixteen (16) years old, except where local law sets a different minimum age.

We do not knowingly collect personal information from children below the applicable minimum age. If we become aware of such collection without verifiable parental consent, we will take reasonable steps to delete that information promptly.

Parents or legal guardians who believe a child has provided personal information to us may contact us at support@ufaqedge.com to request deletion.

5. What we collect

5.1 Information you provide

Account registration (email and password): email address, password (hashed by Firebase Authentication; we never see your plain-text password), username, display name.

Sign-in with Google (optional): if you choose to create or access your account using Google Sign-In, we receive from Google your email address, your name, your profile photo URL, your Google account identifier, and a verification token confirming your email is verified. We never receive your Google password, contacts, search history, or any other Google account data. You may revoke this connection at any time at myaccount.google.com → Security → Third-party connections; revocation does not delete your UFAQ account.

Phone number sign-in / sign-up (optional): if you choose to create or access your account using your phone number, we collect the phone number you provide, send a one-time SMS verification code via Firebase Authentication, and verify the code you enter. Standard carrier SMS and data charges may apply. We retain your verified phone number to authenticate you on future sign-ins and, where you enable it, for account recovery and two-factor authentication.

Two-factor authentication (2FA, optional): if you enable 2FA on your account, we store the second-factor credential you choose — either a phone number (for SMS codes) or a TOTP authenticator-app secret (for app codes such as Google Authenticator or Authy). Verification codes are time-limited, single-use, and processed through Firebase Authentication. You can enable, change, or disable 2FA at any time in the App’s Settings under Security.

Profile information (optional): profile photograph, cover photograph (Premium), bio, self-reported location (text only, no GPS), website URL, date of birth, zodiac display preference, university/institution, major, year of study, country, gender, language, “looking for” preference, communication style, availability, tags, support style.

User-generated content: posts (text, photos, videos, carousels), comments, direct messages (text, voice notes, photos, videos, attachments), hashtags, mentions, reports, Spark Match feedback, search queries.

Connections and activity: followers, following, blocked users, posts you like/save/react to, Spark Match requests and conversations.

Settings: notification preferences, privacy preferences (private account, read receipts, last-seen visibility, Quick Spark availability), communication preferences.

Payment information: we do not collect or store payment card details. Payments are processed by Google Play Billing. We receive only a purchase token, product identifier, purchase status, and renewal/expiry date.

5.2 Information collected automatically

When you use the App or Website, we (and our service providers) automatically collect: account creation timestamp, last active timestamp, login times, device push notification token (FCM token), IP address, app version, operating system, device model, device language/locale, approximate region (inferred from IP — no precise location), crash and error logs.

We do not currently use Google Analytics for Firebase, Crashlytics, Performance Monitoring, or any third-party analytics platform. If we begin using any such service, we will update this Policy and provide notice in the App.

5.3 Information from third parties

We obtain personal information from the following third-party sources:

  • Google Sign-In: when you choose to authenticate using your Google account, we receive your email address, name, profile photo URL, Google account identifier, and email-verified status. We do not receive your Google password, contacts, search history, calendar, or any other Google account data.
  • Firebase Authentication SMS: for phone number sign-in, account recovery, and SMS-based 2FA, Google’s infrastructure delivers one-time codes to the phone number you provide.
  • Google Play Billing: purchase tokens, product identifiers, purchase status, and renewal/expiry dates for Premium subscriptions. We do not receive your payment card number, billing address, or bank details.
  • Firebase services: our infrastructure provider, processing data on our behalf under Google’s Data Processing and Security Terms.

6. How we use information

6.1 To provide the Services

  • Create and authenticate your account using email and password, Google Sign-In, or phone number sign-in
  • Display your profile and content to other users per your privacy settings
  • Match you via Spark Match using profile attributes
  • Power search across usernames, display names, bios, universities, locations, and tags
  • Deliver direct messages
  • Show posts, comments, and content from users you follow
  • Maintain your followers, following, blocked, saved, and liked lists
  • Calculate and update your UFAQ Score

GDPR legal basis: performance of a contract (Article 6(1)(b)).

6.2 To communicate with you

  • Send push notifications you have enabled
  • Respond to support inquiries
  • Send transactional emails (verification, password reset, account notices)
  • Send SMS verification codes for phone sign-in, account recovery, and two-factor authentication
  • Notify you of changes to this Policy or Terms
  • Send marketing communications where you opt in or where local law permits

6.3 Payments and subscriptions

  • Verify Premium purchases via Google Play Billing
  • Maintain your subscription status and entitlements
  • Apply Premium benefits
  • Process renewals, cancellations, refunds, and chargebacks

6.4 Safety, security, and integrity

  • Detect and prevent fraudulent, unauthorized, harmful, or illegal activity
  • Enforce our Terms and Community Guidelines
  • Investigate reports of abuse, harassment, spam, or policy violations
  • Verify identity for account recovery, including via phone number or linked Google account
  • Offer and operate two-factor authentication (2FA) to protect your account from unauthorized access
  • Defend against legal claims

6.5 To improve the Services

  • Understand how users interact with the App
  • Diagnose crashes and technical errors
  • Develop new features
  • Conduct internal research in aggregated and de-identified form

6.6 To comply with legal obligations

  • Respond to lawful requests from authorities
  • Comply with tax, accounting, and financial reporting obligations
  • Comply with Google Play policies

7. Special category data

We do not intentionally collect special-category personal data under GDPR Article 9 (such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation).

However, if you choose to disclose such information voluntarily in your profile, posts, comments, messages, or other user-generated content, that information will be processed as part of your content. By providing such information, you give your explicit consent under GDPR Article 9(2)(a).

We urge you not to share special-category data on the Services unless you intend to make it public.

8. How we share information

We do not sell personal information. We share personal information only as described below.

8.1 With other users

Information you choose to make public on your profile (username, display name, photos, bio, tags, location, posts) will be visible to other users per your privacy settings. Public accounts are visible to all users and may be indexed by search engines. Private accounts limit post visibility to approved followers.

Direct messages are visible only to the participants. Spark Match conversations are visible only to the two matched users.

8.2 With service providers

  • Google LLC (Firebase platform): authentication (including email/password sign-in, Google Sign-In, phone number sign-in, and two-factor authentication), database (Cloud Firestore), file storage, push notifications, serverless compute, and SMS delivery for phone verification and 2FA codes. Your Google account credentials, when used for Google Sign-In, are verified directly by Google and never transmitted to or stored by UFAQ. Firebase privacy · Google privacy
  • Google Play Billing: processing Premium subscriptions on Android
  • Google Cloud Messaging: delivering push notifications
  • Stellar / Namecheap: website hosting

All service providers are required to maintain confidentiality, use the information only to provide their services, and apply appropriate security measures.

8.3 Reporting and safety

If you submit a report about another user, the content may be reviewed by our moderation team, by Google Play’s enforcement systems, or by law enforcement where required.

8.4 Corporate transactions

If we are involved in a merger, acquisition, financing, asset sale, reorganization, bankruptcy, or similar transaction, personal information may be transferred to a successor entity.

8.5 To comply with law

We may disclose personal information to comply with legal process, cooperate with law enforcement, defend legal claims, or protect rights, property, or safety.

8.6 With your consent

For any other purpose, with your specific consent.

9. International data transfers

UFAQ is operated from Islamic Republic of Pakistan. Our infrastructure provider, Google (Firebase), operates servers in multiple countries, including the United States, the European Union, India, Singapore, Brazil, and other regions.

By using the Services, you acknowledge that your personal information may be transferred to and processed in these countries, which may have different data protection laws.

For transfers from the EEA, UK, or Switzerland to countries without adequacy decisions, we rely on safeguards required by GDPR Articles 44-49, including Standard Contractual Clauses and Google’s Data Processing and Security Terms for Firebase.

For a copy of the safeguards applied to transfers of your personal information, contact privacy@ufaqedge.com.

10. Data retention

We retain personal information for as long as necessary to provide the Services and fulfill the purposes described in this Policy.

  • Active account data: retained while your account is active and for 30 days after deletion request
  • Soft-deleted accounts: marked for deletion for up to 7 days, then permanently deleted
  • Backup copies: may persist in infrastructure backup systems for up to 90 days
  • Direct messages: retained while the conversation exists; purged when both participants delete
  • Phone numbers used for sign-in or 2FA: retained while linked to your account; removed within 30 days of you unlinking the number or deleting your account
  • User reports: retained for up to 2 years for safety and policy enforcement
  • Transaction records: retained for the period required by tax, accounting, and consumer-protection law (typically up to 7 years)
  • Server logs: retained for up to 90 days for security and diagnostics
  • Legal hold data: retained for the period required by law

When personal information is no longer needed and we have no legal obligation to retain it, we delete or anonymize it.

11. Your rights

11.1 GDPR / UK GDPR rights (EEA, UK)

  • Right of access (Art. 15) — confirmation we process your data and a copy of it
  • Right to rectification (Art. 16) — correct inaccurate data
  • Right to erasure (Art. 17) — request deletion, subject to exceptions
  • Right to restriction (Art. 18) — limit processing in certain circumstances
  • Right to data portability (Art. 20) — receive your data in machine-readable format
  • Right to object (Art. 21) — object to processing based on legitimate interests, including marketing
  • Right to withdraw consent (Art. 7)
  • Right not to be subject to automated decision-making (Art. 22)
  • Right to lodge a complaint with a supervisory authority

11.2 CCPA / CPRA rights (California residents)

  • Right to know what we collect, use, disclose, and sell or share
  • Right to delete personal information
  • Right to correct inaccurate information
  • Right to opt out of sale or sharing (we do not sell or share)
  • Right to limit use and disclosure of sensitive personal information
  • Right to non-discrimination for exercising these rights
  • Right to designate an authorized agent

11.3 Other jurisdictions

Users in India, Brazil, Canada, Australia, Pakistan, Saudi Arabia, UAE, South Africa, Japan, and elsewhere have similar rights to the extent required by local law.

11.4 How to exercise your rights

You can exercise most rights directly in the App:

  • Access and view your information: Profile and Settings screens
  • Correct your information: Edit Profile
  • Delete your account: Settings → Delete Account
  • Manage sign-in methods: Settings → Security (link or unlink Google Sign-In, add or change phone number)
  • Manage two-factor authentication: Settings → Security → Two-factor authentication
  • Disconnect Google Sign-In externally: myaccount.google.com → Security → Third-party connections
  • Opt out of marketing: Settings → Notifications → Tips & Updates
  • Privacy controls: Settings → Privacy

For other requests, contact privacy@ufaqedge.com. We respond within 30 days, or sooner if required by your local law.

We may verify your identity before fulfilling requests. We will not charge a fee unless your request is manifestly unfounded or excessive.

12. Security

We implement reasonable and appropriate technical and organizational measures to protect personal information:

  • TLS encryption in transit for all communications
  • Encryption at rest provided by infrastructure partners
  • Hashed password storage (passwords are never stored in plain text)
  • Access controls limiting employee access on a need-to-know basis
  • Regular review of security practices
  • Use of established cloud providers (Google Firebase) with industry-standard certifications
  • Optional two-factor authentication (2FA) via SMS or authenticator app, configurable by you in Settings
  • Verification of email addresses (via email link) and phone numbers (via one-time SMS code) at registration and when added to an account
  • Rate limiting and abuse detection on authentication endpoints to slow brute-force attempts

No security measures are perfect. We cannot guarantee our security measures will prevent every unauthorized attempt to access, use, or disclose personal information.

If we become aware of a security breach affecting your personal information, we will notify you and, where required, the relevant authorities, in accordance with applicable law.

The Website uses cookies and similar technologies. See our Cookie & Tracking Notice for details.

The App does not use browser cookies, but may use device storage to cache data for performance.

14. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will notify you by email (if you provided one), through a notice in the App, or by posting the updated Policy on the Website with an updated “Last updated” date.

Your continued use of the Services after the effective date of an updated Policy constitutes acceptance. If you do not agree, you must stop using the Services and may request deletion of your account.

15. Contact

For any questions, concerns, or requests regarding this Policy:

UfaqEdge
55360 Habibabad/Wan Radha Ram, Pattoki, Punjab, Pakistan

General inquiries: support@ufaqedge.com
Privacy and data protection: privacy@ufaqedge.com

Scroll to Top