Last updated: April 2026
The controller responsible for data processing is: Zypheris GmbH Email: amilu.app@gmail.com If you have any questions about how we handle your data, please contact us at the address above.
We collect and process the following personal data: • Account data: Name, email address, password (encrypted) • Profile data: Birth year, gender, profile photo, bio, interests, languages • Location data: Home location (city), real-time GPS position (only when you grant permission) • Usage data: Activities you create or join, messages you send, friend connections • Technical data: Device push notification token (FCM), app version • Support data: Support tickets and optional screenshots you submit We do not collect data from third-party sources. All data comes directly from you.
We process your data based on the following legal grounds: • Contract performance (Art. 6(1)(b) GDPR): Processing your account data, profile, activities, and messages is necessary to provide the Amilu service. • Consent (Art. 6(1)(a) GDPR): Location access and push notifications are only activated with your explicit consent. You can revoke consent at any time in your device settings. • Legitimate interest (Art. 6(1)(f) GDPR): We process technical data to ensure app security and prevent abuse.
We use your data exclusively to: • Provide and operate the Amilu platform • Display activities and events near you • Connect you with other users through activities and chat • Send you notifications about activity updates, messages, and friend requests • Respond to your support requests • Improve and secure the app We do not sell your personal data to third parties. Amilu is free to use and our business model is not based on advertising or data monetization. We do not use your data for profiling or automated decision-making.
Your profile information (name, photo, birth year, interests, languages, bio) is visible to other Amilu users. This is necessary for the platform to function — users need to see who is joining an activity. Your email address is not visible to other users. Your messages are visible only to participants of the respective activity or DM chat. We do not share your personal data with advertisers or other third parties for their own purposes.
We use the following service providers to operate Amilu. They process your data on our behalf and under our instructions: • Supabase Inc. (database, authentication, file storage) — servers in Frankfurt, Germany (EU). Privacy: https://supabase.com/privacy • Google Firebase (push notifications via FCM) — data processed in the EU/EEA where possible. Privacy: https://firebase.google.com/support/privacy • OpenAI, L.L.C. (automated content moderation) — user-generated content such as messages, profile photos, and uploaded images is sent to OpenAI's Moderation API for automated safety checks. OpenAI does not store this data and does not use it for model training. OpenAI operates zero data retention for moderation requests. Privacy: https://openai.com/policies/row-privacy-policy/ • Anthropic PBC (AI-generated profile introductions) — profile data (name, interests, bio) is sent to Anthropic's API to generate personalized introductions. Anthropic does not use API data for model training. Privacy: https://www.anthropic.com/privacy We have entered into data processing agreements with all processors to ensure GDPR-compliant handling of your data.
We retain your data for as long as your account is active. When you delete your account, it is first deactivated for 30 days. During this period, your profile is no longer visible to other users, but you can reactivate your account at any time by logging back in. After 30 days, your account and all personal data are permanently deleted, including your profile, activity participations, friend connections, and uploaded photos. This deletion is irreversible. After permanent deletion, we retain the following data as required by law: • Consent records (when you accepted the Terms of Service and Privacy Policy) are retained for 3 years in accordance with Art. 7(1) GDPR. • Moderation records (reports and content moderation decisions related to your account) are retained for 3 years in accordance with Art. 17(3) GDPR. These archived records are stored separately, contain no profile information, and are used exclusively for legal compliance. They are automatically deleted after the retention period expires. Messages you sent in group chats remain visible to other participants but are shown under "Deleted User" with no link to your identity. Support tickets are retained for up to 12 months after resolution, then deleted. We may retain anonymized, aggregated statistics that cannot be linked back to you.
You have the following rights regarding your personal data: • Right of access (Art. 15): You can request information about what data we store about you. • Right to rectification (Art. 16): You can update your profile data at any time in the app. • Right to erasure (Art. 17): You can delete your account via Settings. Your account will be deactivated for 30 days (during which you can reactivate it), then permanently deleted. Certain records are retained as described in Section 7. • Right to restriction (Art. 18): You can request that we restrict processing of your data. • Right to data portability (Art. 20): You can request an export of your data. • Right to object (Art. 21): You can object to processing based on legitimate interest. • Right to withdraw consent: You can withdraw consent for location and push notifications at any time in your device settings. To exercise these rights, contact us at amilu.app@gmail.com. We will respond within 30 days.
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.
We implement appropriate technical and organizational measures to protect your data, including: • Encryption in transit (TLS/HTTPS) and at rest • Row-level security policies ensuring users can only access their own data • Secure password hashing • Regular security audits Despite these measures, no system is 100% secure. We cannot guarantee absolute security.
Amilu is intended for users aged 18 and older. By creating an account, each user confirms that they meet this age requirement. Parents and legal guardians are solely responsible for monitoring and supervising the online activities of minors in their care. Amilu assumes no responsibility or liability for any use of the platform by individuals who do not meet the minimum age requirement.
We may update this Privacy Policy from time to time. We will notify you of significant changes through the app. Your continued use of Amilu after changes constitutes acceptance of the updated policy.
For any questions or requests regarding your data: Zypheris GmbH Email: amilu.app@gmail.com