PRIVACY POLICY · v3.2 · LAST UPDATED 27 APR 2026

The world doesn't
get a seat.

This page explains, in plain language, what Ohrny collects, what we refuse
to collect, what we delete and when, and the rights you have over any of it.

READ TIME · ~6 MINNO LEGALESE WALLEFFECTIVE 1 MAY 2026

Our promise.

Ohrny exists for one reason: to give people a private, calm space to connect. We are a subscription product — our incentives are aligned with yours. We don't sell ads, so we have no reason to harvest your data.

THE SHORT VERSION

We collect the minimum needed to run the app. We don't sell your data. We don't share it for advertising. We delete it on a fixed schedule. You control it.

What we collect.

When you sign up and use Ohrny, we collect:

  • Account data: email address, date of birth (age verification only), and the display name you choose.
  • Profile data: photos, preferences, and the bio you write. All voluntary.
  • Messages: stored end-to-end encrypted. We cannot read them.
  • Usage data: which features you use, crash reports, and performance metrics. Never tied to your identity in analytics.
  • Payment data: processed by Stripe. We receive only a token and the last 4 digits of your card — never the full number.
  • Device data: OS version and app version, for debugging only.

We do not collect precise GPS location, contacts, or access to your camera roll beyond photos you explicitly upload.

What we refuse.

Some data is simply off the table, regardless of what's technically possible:

  • No advertising identifiers (IDFA, GAID).
  • No third-party analytics SDKs that phone home.
  • No purchase of data about you from data brokers.
  • No persistent tracking of your location.
  • No profiling for resale or ad targeting — ever.
HARD RULE

We have never sold user data. We will never sell user data. This is a founding commitment — not a policy that can be changed in fine print.

How we use it.

The data we collect is used exclusively for:

  • Running and improving the app (matching, messaging, moderation).
  • Processing your subscription and sending receipts.
  • Detecting and removing fake profiles, spam, and abuse.
  • Complying with legal obligations (fraud prevention, court orders).

Legal basis under GDPR: performance of a contract (core features), legitimate interest (safety), legal obligation (compliance).

Deletion schedule.

We operate on a fixed, automatic deletion schedule:

  • Messages — deleted from our servers 30 days after delivery.
  • Profile photos — deleted within 24 hours of account deletion.
  • Account data — fully purged 30 days after account deletion (retention for fraud prevention).
  • Inactive accounts — accounts with no login for 18 months are automatically deleted with 14 days notice by email.
  • Payment records — retained 7 years per Dutch tax law, then purged.

You can delete your account at any time in Settings → Delete account. This triggers the schedule above immediately.

Who we share with.

We share data only with:

  • Stripe — payment processing. GDPR-compliant, EU data residency.
  • AWS (Frankfurt) — hosting and encrypted storage. EU region only.
  • Postmark — transactional email (receipts, security alerts). No marketing.
  • Law enforcement — only when legally compelled, and only what is specifically requested. We will notify you where legally permitted.

We don't use sub-processors for analytics, ads, or social login. This list is exhaustive.

Your rights.

Under GDPR, you have the right to:

  • Access — request a copy of all data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — delete your account and all associated data.
  • Portability — receive your data in a machine-readable format.
  • Restriction — ask us to stop processing your data in specific ways.
  • Object — object to processing based on legitimate interest.

To exercise any right, email privacy@ohrny.app. We respond within 30 days. No fees.

Cookies.

The Ohrny app uses no advertising or tracking cookies. Our website (ohrny.com) uses:

  • Session cookies — strictly necessary. Expire when you close your browser.
  • Preference cookies — remember your language and theme setting. 1-year expiry.

No analytics cookies. No third-party cookies. No consent banner theatre.

Security.

We take security seriously:

  • All data in transit is encrypted with TLS 1.3.
  • Messages are end-to-end encrypted — not readable by Ohrny employees.
  • Passwords are hashed with bcrypt (cost factor 12). We never store plaintext passwords.
  • We operate a responsible-disclosure programme. Report vulnerabilities to security@ohrny.app.

In the event of a data breach affecting your rights, we'll notify you and the Dutch DPA within 72 hours of discovery.

Contact & DPA.

Data controller: Ohrny BV, Postbus 41, 1011 AA Amsterdam, The Netherlands.

Privacy questions: privacy@ohrny.app

Security issues: security@ohrny.app

Supervisory authority: Autoriteit Persoonsgegevens (AP), The Hague. You have the right to lodge a complaint with the AP at any time, though we'd appreciate the chance to resolve your concern first.

POLICY CHANGES

Material changes will be emailed at least 14 days in advance. Minor corrections (typos, clarifications) are made without notice. Version history is available on request.