Privacy Policy

Last updated: 15 June 2026

Fenzly is built on a simple promise: the people you share your location with should be the only ones who can see it. This policy explains what little data we process, what we deliberately cannot see, and the rights you have.

1. Who is responsible

The data controller for Fenzly is Logil Sàrl (“we”, “us”), [registered address], Switzerland (company no. CHE-435.741.642).

For any privacy question, contact us at privacy@fenzly.app.

2. Our core principle: end-to-end encryption and a “blind” server

Fenzly encrypts your locations, places, and messages on your device using the Signal protocol, individually for each recipient. Our servers only ever relay opaque encrypted data. As a result, we cannot read:

  • your GPS coordinates or movements;
  • the names, coordinates, or radius of your places (“zones”);
  • the content of your messages;
  • who is in your circles, or your address book.

This is by design, not by policy: even if compelled, we cannot produce data we are not technically able to read.

3. Data we process

Account data. To create an account you provide either an email address or a phone number (one is sufficient), and a password (stored only as a salted hash). We also store a username and a display name. For optional contact discovery, we store one-way SHA-256 hashes of email/phone numbers — never the values in clear.

Device data. A push notification token (Firebase Cloud Messaging) and basic device information, used solely to deliver notifications.

Cryptographic material. Your public Signal keys (identity key, signed pre-keys, one-time pre-keys), needed so others can start an encrypted session with you. These are public by design and reveal nothing about your activity.

Encrypted content we relay (but cannot read). Encrypted location updates, place definitions, zone-crossing events, and messages transit our servers temporarily (e.g. via short-lived queues) so they can be delivered when a recipient comes online. They are stored encrypted and expire automatically (see Retention).

Backups. If you enable backups, your data is encrypted on your device. In automatic mode we use a split-key scheme: we hold only a random key share and an encrypted blob, and your cloud (Google Drive or Apple iCloud) holds the other share — neither part alone can decrypt anything.

Diagnostic data. Crash reports and technical logs (via Firebase Crashlytics) to detect and fix bugs. These do not contain your location or message content.

4. Data we do not have

We never receive your address book, your social graph, your coordinates, or your place names — these stay on your device or are encrypted end-to-end.

Where the GDPR applies, we rely on: performance of a contract (Art. 6(1)(b)) to provide the service; your consent (Art. 6(1)(a)) for optional features such as contact discovery or phone-based discoverability; and our legitimate interests (Art. 6(1)(f)) in keeping the service secure and functioning. Where Swiss law applies, processing is carried out in accordance with the Federal Act on Data Protection (FADP/nLPD).

6. Service providers (sub-processors)

We rely on a small number of providers, chosen with privacy in mind:

  • Infomaniak (Switzerland) — hosting of our servers and databases, and outbound email. Data hosted in Switzerland.
  • Twilio — sending SMS one-time codes, if you sign in by phone.
  • Google Firebase (Cloud Messaging and Crashlytics) — push notifications and crash reporting.
  • MapTiler — map tiles and address search. Address searches are proxied through our servers, so your IP address and search query are not exposed to MapTiler.
  • Google Drive / Apple iCloud — only if you enable backups; your encrypted backup is stored in your own cloud account.

7. International transfers

Our core infrastructure is hosted in Switzerland. Some providers (e.g. Google Firebase) may process limited data outside Switzerland/the EU; such transfers are governed by appropriate safeguards (e.g. EU Standard Contractual Clauses).

8. Retention

  • Encrypted messages and events queued for offline delivery: up to 30 days, then deleted automatically.
  • Encrypted location updates: kept only for the duration of the share, then expire.
  • Backups: the most recent versions are retained; older versions are pruned automatically.
  • Account data: kept until you delete your account, after which it is removed (subject to any legal retention obligations).

9. Your rights

You have the right to access, rectify, delete, restrict, or object to the processing of your personal data, and to data portability. You can delete your account at any time from the app. You may withdraw consent for optional features at any time. You also have the right to lodge a complaint with a supervisory authority — in Switzerland, the [Federal Data Protection and Information Commissioner (FDPIC)]; in the EU, your national data protection authority.

To exercise your rights, contact privacy@fenzly.app.

10. Security

We protect your data with end-to-end encryption (Signal protocol), device-bound key storage (Keychain/Keystore), TLS in transit, and Swiss hosting. No system is perfectly secure, but our architecture is designed so that the most sensitive data is never readable by us in the first place. Our encryption is implemented with a pure-Dart port of the Signal protocol; it has not undergone an independent third-party cryptographic audit, and we describe it accurately rather than claiming certifications we do not hold.

11. Children

Fenzly is not directed to children under 13, and we do not knowingly collect personal data from them. Where required by law — under the GDPR for users below the age of digital consent in their country (which varies between 13 and 16), and under the U.S. COPPA for children under 13 — processing a minor’s personal data requires verifiable parental consent. Until a parent-managed family mode is available, we do not knowingly onboard children below these thresholds. If you believe a child has provided us personal data without the required consent, contact us at privacy@fenzly.app and we will delete it.

12. Changes to this policy

We may update this policy from time to time. Material changes will be announced in the app or by email. The “last updated” date above always reflects the current version.

13. Contact

Logil Sàrl — Switzerland — privacy@fenzly.app