Data Compliance & Security

Last updated: June 6, 2026

This page describes how Social protects user data and aligns with common data-protection expectations. It supplements our Privacy Policy and is maintained by Nadeem Akhtar, developer and creator of Social.

1. Our Commitment

Social is built as a privacy-conscious messaging platform. We design features with security in mind — from encrypted direct messages and biometric app lock to user-controlled blocking, backups, and notification settings.

2. Data Security Measures

Encryption

  • Direct messages use end-to-end encryption where supported, so content is protected in transit and at rest on devices
  • Connections to our services use industry-standard TLS/HTTPS encryption
  • Authentication is handled through secure, industry-standard identity mechanisms

Access controls

  • Optional biometric or device credential app lock adds a layer of protection on your phone
  • Blocked contacts and privacy settings help you control who can reach you
  • Internal access to production systems is limited on a need-to-know basis

Infrastructure

  • Cloud services with established security certifications and monitoring
  • Regular dependency updates and security patches for the mobile applications
  • Logging and alerting to detect abnormal activity where applicable

3. Data We Process & Why

We process personal data only for legitimate purposes related to operating Social:

  • Messaging & sync — deliver, store, and synchronize conversations
  • Account management — registration, authentication, profile, friends, and groups
  • Calls & media — enable voice/video calls and shared files you send
  • Notifications — alert you to new messages when you opt in
  • Safety & abuse prevention — detect spam, enforce terms, and protect users
  • Improvement — diagnose crashes and improve performance (using aggregated or minimized data where possible)

4. Regulatory Alignment

We aim to respect widely recognized data-protection principles, including those reflected in regulations such as:

  • GDPR (EU/EEA) — lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality; rights of access, rectification, erasure, restriction, portability, and objection where applicable
  • UK GDPR — equivalent principles for users in the United Kingdom
  • CCPA/CPRA (California) — transparency about collection and use; rights to know, delete, and opt out of sale (we do not sell personal information)
  • India DPDP Act — notice, consent where required, purpose limitation, and reasonable security safeguards for users in India

Specific rights and obligations depend on your location. Contact us if you need assistance exercising applicable rights.

5. Lawful Basis for Processing (GDPR)

Where GDPR applies, we rely on one or more of the following legal bases:

  • Contract — processing necessary to provide Social under our Terms
  • Legitimate interests — security, fraud prevention, and service improvement, balanced against your rights
  • Consent — optional features such as contacts sync, notifications, or location sharing where required
  • Legal obligation — when we must comply with applicable law

6. Data Minimization & Retention

  • We collect only data reasonably needed to operate messaging, calls, and related features
  • Account and message data are retained while your account is active
  • Deleted accounts and content are removed from active systems within a reasonable period, subject to backup and legal retention requirements

7. Subprocessors & Transfers

We use trusted third-party providers for infrastructure such as cloud hosting, authentication, and push notifications. These providers process data under contractual obligations consistent with this policy. Data may be stored or processed outside your country; we implement appropriate safeguards for international transfers where required.

8. Incident Response

In the event of a personal data breach that poses a risk to your rights, we will investigate promptly, take remedial action, and notify affected users and regulators where required by applicable law.

9. Your Security Responsibilities

  • Keep your device OS and Social app updated
  • Enable app lock and use a strong device passcode
  • Do not share OTP codes or account access with others
  • Report suspicious activity to us immediately

10. Data Subject Requests

To request access, correction, deletion, export, or restriction of your personal data — or to ask compliance questions — contact:

me@nadeemakhtar.in
Developer: Nadeem Akhtar

We will respond within a reasonable timeframe and in accordance with applicable law (typically within 30 days for GDPR requests).

11. Updates

We may update this page as our practices, features, or legal requirements evolve. Material changes will be reflected in the “Last updated” date above.

See also: Privacy Policy · Terms & Conditions