Privacy Policy

The short version

Maybe is designed so that we — Maybe — see as little of your activity as architecturally possible. We do not sell your data to anyone, ever. Conversations are end-to-end encrypted; we cannot read them. Your physical location is never recorded.

What we collect

Account data

• Email address, used to sign in and to send transactional emails (password reset, account verification).
• Display name, age, and gender as you enter them. Age must be 18+; Maybe is not available to minors. Age is stored on the server but never displayed in the product.
• Profile photos (one public, up to four hidden). Stored in our private S3 bucket; served only via short-lived signed URLs.
• Bio and interests as you enter them.
• Optional home city if you choose to display it.

Cryptographic keys

• Your device's public identity key, used to verify signed prekeys.
• A pool of single-use prekeys we publish on your behalf so other devices can establish encrypted sessions with you. Private halves never leave your phone.

Proximity

• A rotating anonymous Bluetooth ID your phone broadcasts so other Maybe phones nearby can discover you. The ID rotates roughly every ten minutes. We do not learn your GPS location.
• The list of rotating IDs your phone has observed, sent to us to resolve into Maybe profiles. We do not retain a long-term history of which IDs you saw.

Conversations

• Encrypted message ciphertext. Each conversation uses Signal-style X3DH key agreement plus a Double Ratchet. Our servers store ciphertext only; plaintext is decryptable only on your device and the other party's device.
• Thread metadata: who started it, what state it's in (pending, accepted, matched, etc.), and timestamps.

Diagnostics

• Standard server logs (IP address, user agent, timestamp) retained for up to 30 days to detect abuse and debug outages.
• Anonymous in-app event counts (sign-up completed, ping sent, photo uploaded) used to monitor product health. No event payload contains conversation content.

Anti-abuse signals

• Your IP address at signup and sign-in, and the city-level location derived from it. We never see GPS coordinates — this is the network-level "where in the world" data your phone reveals any time it connects to any internet service.
• A device fingerprint: a hashed combination of Apple's per-vendor identifier (IDFV) and a random UUID stored in your phone's secure keychain. This is NOT an advertising identifier (IDFA), and Apple does not let us read across other apps. We store only the hash — we cannot reverse it back to the original.
• The canonical form of your email (e.g. john+spam@gmail.com normalized to john@gmail.com), used to detect alias-based ban evasion.

Anti-abuse

Dating apps are uniquely targeted by harassers who circumvent bans by signing up again under a new identity. Maybe is designed to detect and stop that pattern. At signup and sign-in we retain a small set of signals — IP-derived city, a hashed device fingerprint, and the canonical form of your email — solely to identify returning bad actors.

If your account is in good standing this data sits unused. We do not use these signals for analytics, for advertising, or to share with third parties. The fingerprint is a one-way hash; we cannot reverse it. None of this data ever leaves our infrastructure.

Retention: anti-abuse signals for active accounts are retained for the life of the account. Signals associated with deleted accounts are kept for 2 years for ban-evasion detection, then deleted automatically.

Analytics on this marketing site

This website (trymaybe.social) uses Google Analytics to count visits and see which pages people read most. Google receives basic interaction data: approximate location, device type, referrer URL, and the pages you visit on trymaybe.social. We do not pass any account or profile data to Google.

Analytics applies only to this marketing site. The Maybe mobile app does NOT include Google Analytics or any third-party tracker.

To opt out site-wide, install Google's official opt-out browser add-on or use your browser's "Do Not Track" / private-browsing mode.

What we don't collect

• Your GPS location.
• Your contacts.
• Plaintext messages.
• Browsing history outside the app.
• Advertising identifiers.

How we use what we collect

• To run the product — show you nearby people, deliver pings, sync profile changes.
• To send you transactional email (sign-in verification, password reset, account deletion confirmations). We never send marketing email to addresses on file.
• To investigate abuse reports. When you report a message, the relevant ciphertext + decryption metadata is sent to our moderation team. Outside an active report, server-side moderators cannot read messages.
• To detect and prevent ban evasion — anti-abuse signals are checked at every signup attempt. We never share these signals.
• To comply with valid legal process. We will challenge overbroad requests and notify users when we're legally permitted to do so.

Who sees what

• Strangers nearby see your public photo, display name, and intent lane in the feed. They do not see your age, hidden photos, or bio.
• People you've pinged see your full profile (public + hidden photos, bio, interests) once they accept.
• People who ping you see your full profile when their ping arrives. You see only their public photo until you accept.
• People you've ignored or blocked become permanently invisible to you, and you to them. We do not surface "indirect" or "friend-of-friend" connections.

Your controls

• Edit or delete any profile field from Settings → Edit profile.
• Block anyone you've started a conversation with from the conversation menu.
• Delete your account from Settings → Privacy → Delete account. This removes your profile, photos, threads, and prekeys from our servers within 7 days.
• Export your data: request a copy at support@trymaybe.social. We respond within 30 days.

Children

Maybe is not available to anyone under 18. We collect date-of-birth-derived age at sign-up; accounts that misrepresent age are terminated when discovered.

Changes

Material changes to this policy will be announced in-app and reflected in the "Last updated" date above. Continued use after a change constitutes acceptance.

Contact

Privacy questions: support@trymaybe.social.