Privacy policy

1. Who we are

Piaar is a product operated by Saad Abdullah, PhD, based in Sweden. For the purposes of GDPR, the data controller is the founding entity behind Piaar; contact details are at the bottom of this page.

If you're in the EU/EEA, your local data protection authority can hear complaints if you ever feel we've mishandled your data. In Sweden that's the Integritetsskyddsmyndigheten (IMY).

2. What we collect

Information you give us

• Account data — name, email, password (hashed), profile photo if you choose to add one
• Profile data — bio, role, organization, the skills you offer and look for, custom skill proposals
• Location — either your precise coordinates or, if you opt out of precise location, a ~1 km grid square
• Communications — messages you send through the app, connection requests, support emails
• Preferences — discoverability settings, search radius, notification toggles

Information we generate

• Match scores — computed from your skills against other users' skills; never stored as a permanent attribute, regenerated when inputs change
• Activity signals — when you last opened the app, last updated your profile, accepted connections; used for sort order and freshness ranking
• Device data — device type and OS version (for crash diagnostics), app version, anonymized IP for security and rate limiting

Information we do not collect

• We don't track you across other apps or websites
• We don't import your contacts
• We don't scrape public profiles from LinkedIn, GitHub, or anywhere else
• We don't use third-party advertising trackers

3. Why we collect it

Every piece of data has a specific purpose. If a use case isn't listed here, we don't have it.

• To match you with people — skills and location are the inputs to the matching engine
• To deliver the app — account data, device data, and activity signals are needed for the product to work
• To keep you safe — anonymized IP and security logs help us detect abuse and rate-limit attacks
• To respond to you — your support emails and in-app messages are stored so we can follow up
• To meet legal obligations — limited retention for tax, fraud, and statutory compliance

4. Legal basis under GDPR

For each category of data, the legal basis is one of the following:

• Consent — for optional features like precise location and discoverability. You can withdraw consent in Account settings at any time.
• Contract — for processing necessary to provide the service you signed up for (matching, messaging, account).
• Legitimate interest — for security, fraud prevention, and product improvement. We've conducted balancing tests and limit processing accordingly.
• Legal obligation — for retention periods imposed by Swedish or EU law.

5. Sharing

We share your data with a short list of service providers ("processors") under written contracts that bind them to our standards:

• Google Firebase (EU region) — authentication, database, file storage
• OpenStreetMap / Nominatim — for city lookups and map tiles; no personal data is sent to them
• Email infrastructure — for transactional emails (password reset, verification). Provider details available on request.

We do not sell your data. Not to advertisers, not to recruiters, not to data brokers. If Piaar is ever acquired, your data only transfers to the buyer after you re-consent.

6. Retention

We keep data only as long as we need it for the purpose we collected it.

• Profile data — until you delete your account
• Message history — until you delete the thread or your account
• Activity logs — 90 days for product improvement, then aggregated or deleted
• Security logs — 12 months for incident investigation
• Deletion request handling — your profile row is removed within 24 hours; downstream caches and matches clear within 7 days; backups roll over within 35 days

7. Your rights

Under GDPR, you have the right to:

• Access the personal data we hold about you (data export)
• Correct inaccurate or incomplete data
• Delete your account and the data attached to it
• Restrict processing for specific purposes
• Object to processing based on legitimate interest
• Portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time, without affecting prior lawful processing
• Lodge a complaint with your local data protection authority

To exercise any of these, email privacy@piaar.app. We respond within statutory windows (typically 30 days, extendable to 60 days for complex requests).

8. Security

We use industry-standard protections including encryption in transit (TLS 1.3), encryption at rest, password hashing with modern algorithms, role-based access controls inside our team, regular dependency audits, and 2FA on all administrative accounts. No system is 100% secure — if a breach affecting you ever happens, you'll hear from us within 72 hours per the GDPR breach notification rule.

9. International transfers

Your data is stored in EU data centers (Firebase europe-west region). If any processor we use is outside the EU/EEA, we ensure transfers are protected by Standard Contractual Clauses or equivalent safeguards in line with the Schrems II ruling.

10. Children

Piaar is not intended for users under 16. We don't knowingly collect data from anyone under that age. If you believe a child is using the service, contact privacy@piaar.app and we will delete the account promptly.

11. Changes to this policy

If we change this policy meaningfully, we'll notify you in-app and by email at least 30 days before the change takes effect. The version number and "last updated" date at the top of this page change with every revision; older versions are archived and available on request.

12. Contact

Privacy questions: privacy@piaar.app
General contact: hello@piaar.app

Postal: We're a small team operating from Sweden — for formal correspondence requiring a physical address, email privacy@piaar.app and we'll provide one.