Who we are

String is a project built by a group of Carnegie Mellon University students with the goal of helping people step out, meet new friends, and share real experiences. We are not liable for any interactions, meetings, or outcomes that arise from using the app. Please exercise your own judgment and stay safe. This Privacy Policy explains how we collect, use, and protect your personal data when you use the String app. For privacy questions, contact us at support@thestringapp.com.

Minimum age

String is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover an account belongs to someone under 18, we will work to remove it promptly.

Account and authentication data

When you create an account we collect your email address (used for passwordless sign-in via Firebase), your Firebase user ID (for internal account linkage), your authentication provider, your account status, your last login timestamp, and your account creation date. This data is collected to provide and operate your account.

Profile data

During onboarding you provide your first name, last name, username, date of birth, bio, and gender. Your date of birth is used internally for age-based matching and is never displayed publicly. Your full name and profile picture are shown to your confirmed match after an event is accepted. Profile pictures are publicly accessible by URL, do not upload an image you want kept private.

Preferences

We collect your gender preferences, age range preference, and up to five interests. These are used to filter your event feed and power automated matchmaking for Weekly Exclusives. You can update your preferences at any time from your profile settings.

Location data

String collects location in three ways. First, a home location (latitude, longitude, and city name) is set at onboarding and stored on your profile — used to show you nearby plans in the feed, for proximity matching, and for Weekly Exclusives eligibility. Second, when you create an event, you choose an exact meeting location; this exact location is visible to all users in the feed. Third, when you opt in to a Weekly Exclusive, your location at that moment is captured to verify proximity. String does not track your device location in the background or in real time. Your last known coordinates are also saved in your browser's local storage so the app can restore them across sessions. You can revoke location permission at any time in your browser settings. String does not sell your data.

Location shared with third parties

Your GPS coordinates are sent to Mapbox (to power location search and autocomplete) and to OpenStreetMap Nominatim (to reverse-geocode your city name for display). Both receive your coordinates only for these specific functions.

Events and join requests

We store the events you create (title, description, start time, duration, location, status history, and cancellation reason). We also store join requests you send or receive, including any optional note you include, the request status, and any decline reason. Event data is retained indefinitely for participant reference and moderation. Join request data is retained indefinitely for moderation and abuse investigation.

Chat messages

Text and image messages you send in event chats are stored on String servers and are deleted approximately 180 days after they are sent. Chat is not end-to-end encrypted, do not share sensitive personal information in chat.

Weekly Exclusives and automated matching

When you opt in to a Weekly Exclusive, we store your opt-in status, your location at the time of opt-in, your match status and timestamps, and your refusal reason if you decline a match. Matching is algorithmic and uses your proximity, gender preferences, age preferences, and interests. String does not manually review individual pairings. A match notification is typically sent approximately 6 hours after the match is made. Declining a match because you want a different person keeps you in the pool for that week. Declining because you dislike the activity removes you from that vibe.

Push notifications

If you grant notification permission, your browser generates a push subscription token (including endpoint URL, encryption keys, and your browser user agent) that we store on String servers. We use this to send you notifications about join requests, matches, cancellations, and chat messages. You can revoke push permission at any time in your browser or device settings. String may remove subscriptions that fail with a permanent error response from your browser's push service.

Reports and blocks

When you report a user we store the report reason, an optional description (up to 2,000 characters), the report status, and the reviewer resolution. Block records store who blocked whom and an optional reason. Report and block records are retained indefinitely for safety investigations and are not automatically deleted when an account is deleted.

Media assets

Profile pictures and event images you upload are stored on String's cloud storage. Each file's MIME type, size, and storage key are also recorded for storage management. Profile pictures are publicly accessible by URL.

Audit logs

String maintains internal audit logs recording action type, entity involved, IP address, user agent, and timestamp. These logs are used only by the String team for safety, moderation, and abuse investigation. They are not visible to regular users and are retained for up to 12 months.

Local browser storage

During sign-in your email address is temporarily saved in session storage and removed as soon as sign-in completes. Your GPS coordinates and city name are saved in local storage (key: string-location) and persist across sessions. Firebase stores your authentication session in local storage so you stay logged in until you sign out. Mixpanel stores a persistent analytics identifier in local storage to link your in-app events across sessions. No third-party tracking cookies are used.

Analytics

String uses Mixpanel (Mixpanel, Inc.) to understand how people use the app and to improve the experience. When analytics are active, the following types of information may be sent to Mixpanel: your Firebase user ID, which is used to associate your activity with a single user profile; profile properties including your first name, last name, gender, onboarding completion status, and other account-level attributes; your device type (mobile, tablet, or desktop), browser name (for example Chrome or Safari), screen dimensions, and similar technical context, which are attached to every event; named in-app events that describe your activity, such as which onboarding steps you completed, which features you used, which buttons you tapped, which interests you selected, how many preferences you chose, errors encountered, and other interactions throughout the app — these events may include additional properties such as counts, identifiers, and feature-specific metadata; and a sign-in timing value used to detect sign-in emails that may have landed in spam. This list is not exhaustive — as the app grows, additional events and properties may be sent to Mixpanel to support product analytics. Mixpanel stores a persistent identifier in your browser's local storage to link events across sessions. String respects the Do Not Track browser signal — if your browser has Do Not Track enabled, no analytics events are sent to Mixpanel. Mixpanel does not receive your password, date of birth, exact location, or chat message content. Mixpanel's privacy policy is available at mixpanel.com/legal/privacy-policy.

Third-party services

Firebase (Google LLC) handles authentication, your email address and Firebase UID are shared with Firebase to manage sign-in and sessions. Your uploaded media is stored in cloud storage (S3-compatible). OpenAI receives the title and description of events you create to assign an automated category, no personal data (name, email, location) is sent to OpenAI. Mapbox receives your location search queries and GPS coordinates for location autocomplete. OpenStreetMap Nominatim receives your GPS coordinates for reverse geocoding. Your browser's push service (operated by Apple, Google, or Mozilla) receives encrypted notification payloads to deliver alerts to your device. String's backend runs on Railway and AWS. String does not sell your personal data to any third party.

Legal disclosures

String may disclose your personal data if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of String, our users, or the public. This includes sharing information with law enforcement in response to a lawful request.

Data security

We do our best to look after your information, but like any online service, we cannot guarantee complete security.

Data retention

Account, profile, and preference data is retained until you delete your account. Chat messages are deleted approximately 180 days after they are sent. Event and join request data is retained indefinitely. Report and block records are retained indefinitely. Audit logs are retained for up to 12 months. Push subscriptions are retained until unsubscribed, expired, or account deletion.

Account deletion

When you delete your account, your profile, preferences, push subscriptions, and notifications are deleted. Events, join requests, and chat messages linked to your account may be retained for the other participant's reference and for moderation. Report and block records linked to your account are retained for safety. To delete your account, use the settings in the app or contact support@thestringapp.com.

Your rights

You can update most profile data directly in your profile settings. To request a copy of your data or to request deletion of data that cannot be removed in-app, email support@thestringapp.com, we aim to respond within 30 days. You can revoke location access and notification permission from your browser or device settings at any time. We do not sell your personal data.

California users

If you are a California resident, you have the following rights under the CCPA/CPRA: the right to know what personal data we collect and how it is used; the right to request deletion of your personal data; the right to correct inaccurate personal data; and the right not to be discriminated against for exercising these rights. String does not sell or share your personal data for cross-context behavioral advertising. To exercise any of these rights, contact us at support@thestringapp.com.

EEA and UK users

If you are located in the European Economic Area or the United Kingdom, you may have additional rights under the GDPR or UK GDPR, including the right to access, correct, or erase your personal data, the right to restrict or object to processing, and the right to data portability. String is an informal student project and does not have a designated Data Protection Officer. For data requests or questions, contact us at support@thestringapp.com. We will make reasonable efforts to respond.

Changes to this policy

String may update this Privacy Policy from time to time. Updates will be posted to this page. Continued use of the app after an updated policy is posted constitutes your acceptance of the changes.

Contact

For privacy questions or data requests, contact us at support@thestringapp.com.