Privacy Policy
This policy explains what information Confer collects, how it is used, and the choices you have. Confer is operated by Yaroslav Petriv (the "Operator", "we", or "us"). Questions: privacy@getconfer.app.
What we collect
We collect only what is needed to operate the service.
- Account identifier. When you sign in with Apple, we receive a stable Apple user identifier and the name and email address you choose to share. If you use Apple's private relay email, we never see your real address.
- Card content. The information you put on your card — display name, tagline, bio, photo, and the social handles you add (LinkedIn, Instagram, X, WhatsApp, email, website). This content is public to anyone you share your card with.
- Scan events. When someone scans your card, we record the card identifier, an approximate (city-level) location, a timestamp, and the source (App Clip or full app). Until the recipient signs in, this scan is anonymous; once they sign in, it is associated with their account so the connection appears in both of your apps.
- Connections. A connection is a scan after both parties have signed in. We store the scan event and its participants.
- Push notification tokens. If you allow notifications, we store the Apple Push Notification service (APNs) token for your device so we can send you a notification when someone connects with you.
- Operational logs. Standard server logs (IP address, request path, timestamp) generated by our hosting providers, used for security, abuse prevention, and debugging.
What we do not collect
- No third-party analytics or advertising SDKs.
- No tracking across other apps or websites.
- No precise location. The App Clip records only an approximate (city-level) location for the scan event.
- No contacts, calendar, microphone, or photo library access beyond the photo you explicitly upload for your card.
How we use it
- To create and display your card to people you share it with.
- To deliver your card via the App Clip when someone scans your QR code.
- To record connections between you and people you meet.
- To send you a push notification when someone connects with you.
- To detect and prevent abuse, including rate-limiting and content moderation of user-uploaded photos and text (required by Apple's App Store guidelines).
We do not sell your information. We do not use it for advertising. We do not share it with data brokers.
Who processes data on our behalf
We rely on the following service providers ("subprocessors"). They process data only as needed to provide their service.
- Apple Inc. — Sign in with Apple, APNs push delivery, App Store / App Clip distribution.
- Supabase Inc. — Database, file storage (your card photo), authentication, and serverless functions.
- Vercel Inc. — Hosting for getconfer.app and serving the App Clip experience metadata.
Retention and deletion
- Your account and card. Retained until you delete your account. You can delete your account at any time from the app; deletion removes your profile, card content, photo, and the push token. Connection records that include you are anonymized by removing your identifier.
- Scan events. Retained as part of the connection history visible to you and the other party. They are removed when either party deletes their account, in line with the bullet above.
- App Clip local data. Apple's App Clip system removes local App Clip data within 10–30 days of last use; we do not control this and do not persist additional copies on the device.
- Operational logs. Rotated and discarded by our hosting providers on their standard schedule (typically within 30 days).
Your choices and rights
You can:
- Access — see all the data we hold about you (the card you created, your connections) directly in the app.
- Edit — change or remove any field on your card at any time.
- Delete — delete your account from within the app. This is irreversible.
- Export — request a copy of your data by emailing privacy@getconfer.app.
- Object — if you are in the EU/EEA or UK, you have rights under the GDPR, including the right to lodge a complaint with your local data protection authority.
- California residents have rights under the CCPA/CPRA, including the right to know, to delete, and not to be discriminated against for exercising those rights. We do not sell or share personal information as those terms are defined under the CCPA.
Security
We use industry-standard transport encryption (HTTPS/TLS) for all network traffic, row-level security in our database, and Apple's keychain for credentials on device. No system is perfect; if you discover a vulnerability, please email privacy@getconfer.app.
Children
Confer is not directed at children under 16. If we learn that we have collected information from a child under 16 without parental consent, we will delete it.
International transfers
Our subprocessors operate globally. Where data is transferred outside your country of residence (for example, from the EU/EEA to the United States), our subprocessors maintain appropriate safeguards such as Standard Contractual Clauses.
Changes to this policy
We may update this policy as the service evolves. The "Effective" date at the top of this page will change when we do. Material changes will be communicated in-app or by email before they take effect.
Contact
Yaroslav Petriv
privacy@getconfer.app