Privacy Policy

Effective: April 4, 2026 · Last updated: April 4, 2026

Amigens ("we," "us," "our") operates the Amigens mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

Data	Purpose	Storage
Bluesky handle & DID	Authentication	On your device (SecureStore)
Push notification token	Deliver notifications	Cloudflare D1 (our server)

1.2 Information We Cache

Data	Purpose	Retention
Circle posts & metadata	Feed performance	Rolling 30-day cache
Circle member lists	Feed aggregation	Updated every 10 minutes
Like records	Like count display	Rolling 30-day cache
Notification history	In-app notification center	90 days

1.3 Information We Do NOT Collect

We do not store your password or authentication credentials on our servers
We do not collect your location, contacts, phone number, or device identifiers
We do not use cookies, analytics SDKs, advertising trackers, or fingerprinting
We do not process biometric data
We do not sell, rent, or share your personal data with third parties for commercial purposes

2. How We Use Your Information

To authenticate you via the AT Protocol (Bluesky)
To deliver push notifications about replies, likes, and circle invitations
To cache and serve circle feeds for improved performance
To enforce our Terms of Service, Child Safety Policy, and applicable law
To respond to legal requests and prevent harm

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

Processing Activity	Legal Basis
Authentication	Performance of contract (Art. 6(1)(b) GDPR)
Push notifications	Consent (Art. 6(1)(a) GDPR) — you opt in via device permissions
Feed caching	Legitimate interest (Art. 6(1)(f) GDPR) — improving service performance
Safety & moderation	Legal obligation (Art. 6(1)(c) GDPR) and legitimate interest
Law enforcement requests	Legal obligation (Art. 6(1)(c) GDPR)

4. Your Rights

4.1 Rights Under GDPR (EEA/UK/Switzerland)

You have the right to:

Access — Request a copy of the personal data we hold about you
Rectification — Request correction of inaccurate data
Erasure — Request deletion of your personal data ("right to be forgotten")
Restriction — Request restriction of processing
Data Portability — Receive your data in a structured, machine-readable format. Note: your posts already live on your Bluesky PDS, which you control
Object — Object to processing based on legitimate interest
Withdraw Consent — Withdraw consent for push notifications at any time via device settings
Lodge a Complaint — File a complaint with your local data protection authority

To exercise these rights, email privacy@amigens.com. We will respond within 30 days.

4.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know — You may request disclosure of the categories and specific pieces of personal information we collect
Right to Delete — You may request deletion of your personal information
Right to Opt-Out of Sale — We do not sell your personal information. No opt-out is necessary
Right to Non-Discrimination — We will not discriminate against you for exercising your rights
Right to Correct — You may request correction of inaccurate personal information
Right to Limit Use of Sensitive Personal Information — We do not collect sensitive personal information as defined by CPRA

To exercise these rights, email privacy@amigens.com or submit a request through the app. We will verify your identity and respond within 45 days.

Do Not Sell My Personal Information: Amigens does not sell, share for cross-context behavioral advertising, or otherwise monetize your personal information.

4.3 Rights Under Other Jurisdictions

Users in Brazil (LGPD), Australia (Privacy Act), Canada (PIPEDA), South Korea (PIPA), Japan (APPI), and other jurisdictions with data protection laws have similar rights to access, correct, and delete their personal data. Contact privacy@amigens.com to exercise your rights.

5. Children's Privacy (COPPA)

Amigens is not directed at children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us at safety@amigens.com and we will delete such information promptly.

Users under 18 are not permitted to use Amigens. See our Child Safety Policy for more information.

6. Data Storage and Security

6.1 Where Your Data Lives

Your posts, circles, likes, and member records — Stored on your Bluesky Personal Data Server (PDS), operated by Bluesky PBC or your self-hosted PDS provider. We have no control over this data.
Cached data and push tokens — Stored on Cloudflare's global network via Cloudflare D1 (SQLite) and Workers. Cloudflare is certified under ISO 27001, SOC 2, and the EU-US Data Privacy Framework.
Session credentials — Stored locally on your device in Expo SecureStore (iOS Keychain / Android Keystore).

6.2 Security Measures

All data in transit is encrypted via TLS 1.3
Authentication credentials are stored in platform-native secure storage (not in plaintext)
Our server does not store passwords — authentication is delegated to the AT Protocol
Access to production infrastructure is restricted and audited

6.3 International Data Transfers

Our server infrastructure is provided by Cloudflare and operates globally. If you are located in the EEA, UK, or Switzerland, your cached data may be processed in countries outside your jurisdiction. Cloudflare participates in the EU-US Data Privacy Framework, ensuring adequate data protection safeguards. For transfers to other countries, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.

7. Data Retention

Data Type	Retention Period
Cached posts	Rolling 30 days (refreshed by crawler)
Push tokens	Until you sign out or revoke
Notification history	90 days
Circle member lists	Active while circle exists

When you sign out, your push token is removed immediately. Cached data associated with your account is purged within 30 days.

8. Data Deletion

You can delete your data at any time:

Posts: Delete from the app (3-dot menu) or directly from your Bluesky PDS
Circles: Delete from the circle settings screen
Account data: Sign out from the app. Contact privacy@amigens.com to request complete deletion of cached data
Push tokens: Automatically removed on sign-out

9. Third-Party Services

Service	Purpose	Privacy Policy
Bluesky PBC (AT Protocol)	Authentication, data storage	Link
Expo (Expo.dev)	Push notifications	Link
Cloudflare	Server hosting, CDN, D1 database	Link
Apple (APNs)	iOS push delivery	Link
Google (FCM)	Android push delivery	Link

10. Law Enforcement and Legal Requests

We may disclose your information if required by law, regulation, legal process, or governmental request. We will attempt to notify you of such requests unless prohibited by law or court order. Note that most user data lives on your Bluesky PDS — we can only provide data we cache on our servers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes through the app or by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance.

12. Data Protection Officer

For GDPR-related inquiries, you may contact our data protection point of contact:

Email: dpo@amigens.com

13. Contact Us

For any privacy-related questions or requests:

Email: privacy@amigens.com
Child safety: safety@amigens.com
GDPR/DPO: dpo@amigens.com