Privacy Policy

Last Updated: March 22, 2026 | Effective Date: March 22, 2026

This Privacy Policy explains how Flutta collects, uses, shares, and protects personal information across the Flutta iOS app and the Flutta website.

Flutta is the current brand name. This version has been aligned to current product behavior in our codebase (app, web, and Firebase backend).

1. Who we are

Flutta is operated by Greenstone Technologies Limited.

Contact: flutta.ms/support or support@greenstone-technologies.com

2. Scope

This policy applies to:

• The Flutta iOS app.
• The Flutta web experience (including onboarding, dashboard, connections, messaging, community, and profile pages).
• Backend services used by these products (Firebase, Cloud Functions, and related processors).

3. Information we collect

Category	Examples from product behavior
Account and authentication	Email address, account UID, display name, auth provider (email, Apple, Google, Facebook), verification status, created/updated timestamps.
Profile information	Name, date of birth, gender, interested-in preferences, relationship intent, bio, tagline, interests, photos, profile image index, matching preferences.
Health-related profile fields (optional)	MS type, mobility aids, openness level, and other MS journey information you choose to share.
Apple Health data (optional)	If you enable Apple Health auto-sync, we may read workout entries, workout timestamps, duration, distance, workout source names, and today's step count to support TodayWithMS fitness tracking.
Location	City/country text, privacy toggle for location, and where enabled latitude/longitude from device/browser location features.
Social and community activity	Likes, Priority Connects, passes, matches, daily check-ins, forum posts/replies/reactions, block/hide actions, and unlocked-liker state.
Messaging and media	Conversation metadata, message text, image attachments, VideoConnect invites/status, read status, and conversation-level state.
Safety and moderation	Reports, report reasons/descriptions, optional evidence images, moderation actions, admin logs, feature restrictions, ban fields, and blocked email hashes for abuse prevention.
Payments, allowances, and ads	Premium/ad-free flags, product IDs, entitlement and usage counters (for Priority Connects/VideoConnect), and ad interaction state.
Technical and device data	FCM/APNs push tokens, app/web runtime metadata, advertising identifiers where permitted by OS settings/consent, and operational logs needed to run and secure the service.
Local device/browser settings	Theme preference, muted groups, voice command preferences, bubble color, hidden IDs, and accepted rules flags stored locally on your device/browser.

4. How we collect information

• Directly from you when you register, complete onboarding, edit profile, message, post, report, or make purchases.
• From authentication providers and platform services when you use Apple, Google, or Facebook login.
• From Apple Health only if you turn on Apple Health auto-sync and grant HealthKit permission on your device.
• From your device/browser when you enable location, speech/microphone input, notifications, camera/photos, or related features.
• From in-app/web actions recorded to operate features (for example, likes/matches, moderation, and entitlement counters).

5. How we use your information

• Create and maintain your account.
• Deliver core connection/community features for friendship, support, and optional dating mode: profile discovery, matches, messaging, and community participation.
• Run TodayWithMS check-ins and feed privacy behavior.
• Import optional Apple Health workout and step data into TodayWithMS so exercise logs, fitness streaks, and related wellbeing features can stay up to date.
• Let you optionally share synced fitness activity in community spaces only when you choose to share it and according to the visibility setting you select.
• Enable VideoConnect workflows and token generation for live calls.
• Operate Priority Connects, premium, ad-free, and usage limits.
• Deliver push notifications for matches, likes, and messages.
• Detect abuse, process reports, and enforce moderation rules.
• Support account controls including hibernation and deletion.
• Comply with legal obligations and protect platform safety.

In the current iOS implementation, Apple Health access is read-only for workouts and step count. Flutta does not currently write workout data back into Apple Health.

6. AI and voice features

Flutta includes optional AI and voice features.

• AI profile writing and quote features send the prompt content you provide to OpenAI endpoints (directly in app/web code and/or via Cloud Functions, depending on feature).
• Text-to-speech voice output and some voice-related prompts use OpenAI audio APIs where enabled.
• Speech-to-text features use device/browser speech recognition services when you activate them.

Use these features only if you are comfortable sharing the prompt content required for generation.

7. Ads and purchases

• The iOS app integrates Google AdMob for banner/interstitial/rewarded ads when you are not premium/ad-free.
• On supported iOS versions, we may request App Tracking Transparency permission after sign-in when personalized ad experiences that require tracking permission are relevant.
• iOS purchases are processed by Apple StoreKit. We store entitlement/usage state in Firestore, not full card details.
• Product examples in code include Priority Connects and VideoConnect packs, plus premium subscriptions.
• Some web surfaces may show test/demo ad flows or simulated purchase UX depending on environment.

8. Sharing and processors

We share data only as needed to provide the service, for safety, or to comply with law.

Primary processors and infrastructure

• Google Firebase (Auth, Firestore, Storage, Cloud Functions, Messaging).
• Postmark (transactional emails such as verification/reset flows).
• OpenAI (AI generation features where enabled).
• LiveKit (video calling infrastructure/token-based session access).
• Apple, Google, Facebook (authentication and/or purchase platform flows you choose).
• Google AdMob (in-app ads).

Website third-party requests

• Services used by specific web pages may include RSS aggregation, geocoding, avatar fallback images, and CDN-hosted assets.
• Those services may receive technical request data such as IP address and user-agent when your browser calls them.

Legal and safety disclosures

• We may disclose data when required by law, legal process, or to protect users and platform integrity.

Apple Health and sensitive data

• Apple Health access is optional and can be turned off at any time.
• Apple Health data is used to power TodayWithMS exercise and wellbeing features, not for advertising, marketing profiling, or match ranking.
• We do not sell Apple Health data.
• Apple Health-derived activity is only shown to other users if you explicitly choose to share it inside the app.

9. Hibernation mode

When you activate hibernation in app, your account is set to hidden/hibernating state and your profile is removed from normal matching visibility. Premium/ad-free flags are moved to free-state behavior while hibernating, and normal discovery features stay limited until you reactivate.

10. Account deletion

Account deletion is available from app/profile flows.

• Our backend deletion workflow is designed to remove the authenticated user and related records, including authentication credentials (such as email/provider login record), user profile documents, matches, reports, daily check-ins/feed entries, user image storage paths used by the app, and direct-message/forum messages authored by the deleted account.
• Some web deletion flows perform best-effort cleanup and user tombstoning before auth deletion.
• As with most cloud systems, backup/operational copies can persist temporarily for security, integrity, and legal reasons before final expiration.

11. Data retention

• Account/profile/messaging data is retained while your account is active.
• Safety/moderation records can be retained longer to prevent repeat abuse and enforce platform rules.
• Entitlement and transaction-related metadata is retained as needed for service operations and dispute/financial compliance.
• Blocked email hashes and moderation references may be retained to enforce anti-abuse controls.

12. Security

We use layered security controls including Firebase security rules, authenticated access, and encryption in transit. Cloud storage providers apply encryption at rest for hosted data.

Direct one-to-one chat text and related system chat text are encrypted client-side before being saved to Firestore in current implementations. This helps protect message text in storage in addition to encryption in transit. Community/forum posts, attachments, and metadata may not use that same application-layer encryption path, and this design is not presented as end-to-end encryption. No system can guarantee absolute security.

13. International transfers

Your data may be processed in countries where our providers operate, including the United States.

14. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or restrict certain processing of your personal data.

• You can edit profile fields in-app/web.
• You can control marketing opt-in during onboarding (where offered).
• You can turn Apple Health auto-sync off in the app and revoke Health access at any time from the Health app or iOS Settings.
• You can control location, microphone/speech, camera/photos, and notification permissions at OS/browser level.
• You can request deletion or data requests via support contact details below.

We do not sell personal information.

15. Children

Flutta is intended for adults 18+. We do not knowingly provide services to children under 18.

16. Changes to this policy

We may update this policy as product behavior or legal requirements change. We will update the date at the top of this page when we do.

17. Contact

Support: flutta.ms/support

Email: support@greenstone-technologies.com