Privacy Policy

GoSeen | Effective date: May 8, 2026 | Last updated: May 8, 2026

Package: com.goseen.app | Website: goseen.org | Contact: privacy@goseen.org

1. Introduction

Welcome to GoSeen, a messaging and social platform developed and operated by the GoSeen team ("we", "us", or "our"). GoSeen lets you message friends, make audio and video calls, share media, follow channels, and interact with a social feed — all in one place.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over your data. It applies to the GoSeen Android application (com.goseen.app) and our website at goseen.org.

By creating a GoSeen account or using the app, you agree to this Privacy Policy. If you do not agree, please do not use GoSeen.

      We do not sell your personal data. We do not use your messages or call content for advertising. Your private communications are end-to-end encrypted.
    

2. Information We Collect

2.1 Information You Provide Directly

Data	Why It Is Collected
Email address	Used to send a one-time password (OTP) for login. No traditional password is ever stored. Your email identifies your account.
Display name	Shown to other users in chats, calls, and your profile.
Username	A unique handle used to search for and identify you across GoSeen.
Profile photo	Displayed on your profile and in conversations. Optional.
Bio	A short description visible on your profile. Optional.
Messages & media	Text, images, videos, audio, voice messages, and documents you send in chats, groups, and channels.
Posts & stories	Content you publish on the social feed or as ephemeral stories.
Comments & reactions	Interactions you make on other users' posts.

2.2 Information Collected Automatically

Data	Source	Purpose
FCM device token	Firebase Cloud Messaging	Deliver push notifications to your device.
Online / last-seen timestamps	App activity	Show presence status to your connections (controllable in privacy settings).
Call logs	In-app calls	Records who called whom, call duration, and timestamp. Stored in Firestore.
App analytics events	Firebase Analytics	Measure feature usage and app performance trends to improve reliability and UX.
Device information	Firebase Analytics SDK	OS version, app version, and device category used for analytics and compatibility insights.
IP address & approximate location	Firebase infrastructure	Not actively collected or stored by GoSeen. Firebase may log IPs as part of standard server operations.

2.3 Information From Your Device (Permissions)

GoSeen requests specific device permissions only when needed for features you use. We never access permissions silently. See Section 11 for a full list.

3. How We Use Your Information

We use the data we collect solely to provide and improve GoSeen. Specifically:

Account management: Create and authenticate your account using email OTP; support multiple accounts on one device.
Messaging & calls: Deliver messages, forward and reply functionality, and real-time audio/video calls. Direct messages use end-to-end encryption.
Media delivery: Store and deliver photos, videos, voice messages, documents, and audio files you share.
Notifications: Send push notifications for new messages, incoming calls, connection requests, post interactions, and other app events.
Social features: Operate the feed, stories, channels, connection requests, blocking, and reporting systems.
Presence: Show your online status and last-seen time to connections (subject to your privacy settings).
Bots & mini-apps: Share your user ID and username with bot operators when you voluntarily interact with a bot. No other data is shared without your explicit action.
Search: Allow other users to find your account by username.
Safety & integrity: Investigate reports of abuse, spam, or policy violations. Enforce our Terms of Service.
Product analytics: Use aggregated Firebase Analytics signals to understand feature usage and improve app quality.
Legal obligations: Comply with applicable laws and respond to lawful requests from authorities.

We do not use your content (messages, photos, etc.) to train AI/ML models, profile you for advertising, or sell data to third parties.

5. Third-Party Services

GoSeen relies on the following third-party services to function. Each provider may collect data as described in their own privacy policies.

Service	Provider	Purpose	Privacy Policy
Firebase Authentication	Google LLC	Manages email OTP login and session tokens.	Google Privacy Policy
Firebase Firestore	Google LLC	Stores messages, user profiles, call logs, connections, and feed data.	Google Privacy Policy
Firebase Storage	Google LLC	Hosts media files (photos, videos, voice messages, documents) shared in chats and the feed.	Google Privacy Policy
Firebase Cloud Messaging (FCM)	Google LLC	Delivers push notifications for messages, calls, and social interactions.	Google Privacy Policy
Firebase Analytics	Google LLC	Collects aggregated analytics signals for product improvement and app performance insights.	Google Privacy Policy
Agora	Agora.io, Inc.	Powers real-time audio and video calls. Audio/video streams are routed through Agora's servers during active calls.	Agora Privacy Policy
Resend	Resend.com	Sends transactional emails, including OTP codes for login.	Resend Privacy Policy

All Google Firebase services are subject to Google's Cloud Data Processing terms. Data processed by Firebase may be stored on Google's infrastructure globally, subject to Google's security standards.

During an active call, audio and video data is transmitted through Agora's real-time network. Agora does not permanently store call media content after a call ends. For details, refer to Agora's privacy policy.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specific retention windows:

Data Type	Retention Period
Account profile (name, username, email, photo, bio)	Until account is deleted.
Messages (direct, group, channel)	Until the message is deleted by the user or the account is deleted.
Media files (photos, videos, audio, documents)	Until deleted by the user or account deletion. Firebase Storage may retain files for up to 30 days after deletion request before permanent removal.
Call logs	Until account is deleted. Users may view but not individually delete call log entries (full deletion occurs on account deletion).
FCM device token	Retained while the account is active. Removed on account deletion or when the device unregisters.
Presence / last-seen timestamps	Overwritten in real-time; the most recent timestamp is retained until account deletion.
Analytics events	Retained according to Firebase Analytics retention settings configured for the project.
Stories	Ephemeral — automatically deleted after 24 hours.
Backup / server-side copies after deletion	Up to 30 days on backup infrastructure before permanent deletion.

When you delete your account, we initiate deletion of your profile, messages, media, call logs, and all associated Firestore documents. Due to distributed infrastructure and backups, complete removal from all systems may take up to 30 days.

7. Security

We take the security of your data seriously and implement multiple layers of protection:

End-to-end encryption (E2EE): Direct messages between two users are end-to-end encrypted. This means only you and the recipient can read the message content — not GoSeen, not Firebase.
Transport security: All data in transit between the app and our servers is encrypted using TLS (HTTPS).
Firebase Security Rules: Access to Firestore and Firebase Storage is controlled by strict security rules that ensure users can only read or write data they are authorized to access.
Authentication: We use OTP-based authentication — no passwords are stored anywhere on our systems.
Access control: Internal access to production data is restricted to authorized personnel only.
Analytics minimization: Firebase Analytics data is used in aggregated form for product improvement and does not include your private message content.

Despite these measures, no system is 100% secure. We encourage you to use a strong, unique email account and to log out of GoSeen on devices you do not own. If you believe your account has been compromised, contact us immediately at privacy@goseen.org.

8. Children's Privacy

GoSeen is intended for users who are at least 13 years old. Users in the European Economic Area (EEA) and the United Kingdom must be at least 16 years old (or the applicable minimum digital age in their country) to use GoSeen without parental consent.

We do not knowingly collect personal information from children under the applicable minimum age. If you are a parent or guardian and believe your child has created a GoSeen account, please contact us at privacy@goseen.org and we will promptly delete the account and all associated data.

If we discover that we have collected personal data from a child below the minimum age without verifiable parental consent, we will delete that data immediately.

9. Your Rights and Choices

9.1 Rights Available to All Users

Access: You can view your profile information and messages directly inside the GoSeen app at any time.
Correction: You can update your display name, username, profile photo, and bio in Settings → Profile at any time.
Deletion: You can delete your account and all associated data. See Section 10 for instructions.
Notification control: You can manage push notification preferences in your device's Settings or within GoSeen's notification settings.
Presence control: In Settings → Privacy, you can control who sees your online status and last-seen timestamp (everyone, connections only, or nobody).
Profile visibility: In Settings → Privacy, you can control who can see your profile photo, bio, and who can send you messages.
Block: You can block any user to prevent all communication and hide mutual visibility.

9.2 GDPR Rights (EEA & UK Users)

If you are located in the European Economic Area or United Kingdom, you have the following additional rights under the General Data Protection Regulation (GDPR):

Right to access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal obligations.
Right to restriction: Request that we restrict processing of your data in certain circumstances.
Right to data portability: Request your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

Our legal basis for processing your personal data is: performance of a contract (providing the GoSeen service to you), legitimate interests (security, fraud prevention, service improvement), and consent (where applicable, e.g., optional permissions).

To exercise any GDPR rights, contact us at privacy@goseen.org. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9.3 CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
Right to opt out of sale: We do not sell personal information. No opt-out is needed, but you may contact us to confirm.
Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.
Right to correct: Request correction of inaccurate personal information.

To submit a CCPA request, email us at privacy@goseen.org with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days.

9.4 Data Portability

You can request an export of your GoSeen data (profile information, message history) by contacting privacy@goseen.org. We will provide the data in a commonly used, machine-readable format within 30 days.

10. Account Deletion

      You can permanently delete your GoSeen account and all associated data directly from within the app — no need to contact support.
    

How to Delete Your Account

Open the GoSeen app.
Go to Settings (tap your profile icon or the menu).
Scroll to the bottom and tap Delete Account.
Confirm when prompted. The deletion is permanent and cannot be undone.

What Gets Deleted

Your account profile: display name, username, email, profile photo, bio.
All messages you have sent (in direct chats, groups, and channels).
All media files you have uploaded (photos, videos, voice messages, documents).
Your call log history.
Your social feed posts, stories, comments, and reactions.
Your connection list and any pending connection requests.
Your FCM notification token.
Your account's presence and last-seen records.

Retention After Deletion

Deletion is processed immediately on our active servers. Due to distributed backups and Firebase infrastructure, complete removal from all backup systems may take up to 30 days. During this window, the data is not accessible through the app.

Anonymized, aggregated analytics or crash-report data that cannot be linked back to your identity may be retained indefinitely for service improvement purposes.

If you are unable to access the app to delete your account, contact us at privacy@goseen.org and we will process the deletion manually within 7 business days.

11. Device Permissions

GoSeen requests the following Android permissions. We only request permissions when they are needed for a feature you are actively using.

Permission	Why It Is Needed
`CAMERA`	Take photos or record videos to send in chats or post on the feed.
`RECORD_AUDIO`	Record voice messages and participate in audio/video calls.
`POST_NOTIFICATIONS`	Display push notifications for messages, calls, and social interactions (Android 13+).
`FOREGROUND_SERVICE` `FOREGROUND_SERVICE_DATA_SYNC` `FOREGROUND_SERVICE_MEDIA_PLAYBACK` `FOREGROUND_SERVICE_MICROPHONE`	Keep uploads, voice playback, and active call audio running correctly while required features are in the background.
`USE_FULL_SCREEN_INTENT`	Display incoming call notifications as full-screen alerts so you do not miss calls.
`BLUETOOTH_CONNECT`	Route call audio to a Bluetooth headset or speaker. No Bluetooth device data is collected or stored.
`VIBRATE`	Vibrate the device for incoming messages and calls.
`INTERNET`	Required for all network operations (messaging, calls, media, notifications).
`RECEIVE_BOOT_COMPLETED`	Restore notification listeners after the device restarts.

GoSeen does not request access to your contacts list (READ_CONTACTS). You connect with people on GoSeen by username, not by importing your phone contacts.

You can revoke any permission at any time in your device's Settings → Apps → GoSeen → Permissions. Revoking a permission will disable the corresponding feature.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, features, or legal requirements. When we make a significant change, we will:

Update the "Last updated" date at the top of this page.
Post an in-app notification or banner informing you of the update.
For material changes, send a notice to the email address associated with your account.

Continued use of GoSeen after the effective date of a revised policy constitutes your acceptance of the new terms. If you do not agree to the revised policy, you should delete your account before the effective date.

We encourage you to review this policy periodically at goseen.org/privacy.html.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us:

Email: privacy@goseen.org
Website: https://goseen.org

For GDPR-related requests, please include "GDPR Request" in the subject line. For CCPA requests, include "CCPA Request". We aim to respond to all privacy inquiries within 30 days.

If you are not satisfied with our response to a GDPR-related concern, you have the right to lodge a complaint with your local data protection supervisory authority.