Bromo

Privacy Policy

Last updated: May 9, 2026

1. Introduction

Bromo ("we," "our," or "us") operates the Bromo mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this policy carefully. By using Bromo, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following types of information:

Personal Information

  • Email address and password (for account creation)
  • Display name, bio, and profile information
  • Date of birth / age
  • Photos you upload to your profile or albums
  • Sexual orientation and preferences you choose to share
  • Physical characteristics you choose to share (height, weight, body type)
  • Social media handles you choose to link

Location Data

  • Your approximate location (used to show nearby users and events)
  • Location is only collected when you grant permission and the app is in use

Usage Data

  • How you interact with the App (screens visited, features used, taps and matches)
  • Device information (device type, operating system, app version, locale)
  • Log data (access times, error reports, crash diagnostics)
  • Country detected from your IP address (used to apply region-specific privacy protections)

Analytics and Session Recordings

We use product analytics tools (Firebase Analytics from Google and PostHog) to understand how the App is used and to improve it. These tools record events such as which screens you visit, when you open paywalls or send messages, and when errors occur. Each event is tied to your account identifier so we can analyze user journeys.

A small percentage of sessions (currently 5%) are recorded by PostHog as "session replays" — anonymized recordings of how the App is navigated. These recordings help us identify usability issues and bugs. To protect your privacy:

  • All text input fields are masked at the SDK level before any data leaves your device. This includes passwords, your profile name, date of birth, chat messages, search terms, and any free-text input you type.
  • The recordings capture interaction patterns (taps, scrolls, screen transitions) and visible app content, but NOT the contents of the masked fields.
  • PostHog stores this data on EU-based infrastructure.
  • You can request deletion of your recordings along with your account data at any time (Settings > Delete Account).

Verification Data

When you choose to verify your profile, we collect a selfie photograph that you voluntarily provide. This photo is used solely to confirm your identity by our review team. We do not extract, store, or process any biometric identifiers or facial geometry from your selfie. Verification photos are stored securely and are not shared with third parties.

The verification process requires you to perform a randomly assigned gesture (such as a peace sign, thumbs up, wave, or pointing) to confirm you are a real person. A human reviewer compares the selfie against your profile photos. No facial recognition technology, facial geometry analysis, or automated biometric processing is performed.

3. How We Use Your Information

  • To create and manage your account
  • To show you other users near your location
  • To enable messaging between users
  • To facilitate group events ("Chills")
  • To process profile verification
  • To send push notifications (with your consent)
  • To improve and optimize the App
  • To detect and prevent fraud, abuse, and safety violations
  • To comply with legal obligations

4. Sharing Your Information

We do not sell your personal data. We may share your information with:

  • Other users: Your profile information, photos, and approximate distance are visible to other users of the App
  • Service providers: Named third-party services that help us operate the App. We share only the data each provider needs:
    • Amazon Web Services (AWS): hosting infrastructure (databases, file storage, push delivery). Data stored on EU-based servers.
    • PostHog (eu.posthog.com): product analytics, feature flags, and a small percentage of anonymized session replays (with text inputs masked). EU-hosted.
    • Firebase (Google): analytics events, push notifications, and remote configuration.
    • RevenueCat: subscription management and purchase processing for Bromo Pro.
    • Apple App Store / Google Play: billing for in-app purchases, in accordance with their respective privacy policies.
  • Legal requirements: When required by law, regulation, or legal process
  • Safety: To protect the rights, property, or safety of our users or the public

5. Data Storage and Security

Your data is stored on Amazon Web Services (AWS) infrastructure in the EU region (Ireland). The database is encrypted at rest, all connections to it use TLS, and authentication is handled by AWS Cognito. Photos and other media are stored in encrypted S3 buckets and served via CloudFront with signed URLs. While no method of electronic storage is 100% secure, we take reasonable measures to protect your personal information.

6. Your Rights

You have the right to:

  • Access, update, or delete your personal information through the App
  • Request a copy of your data
  • Withdraw consent for data processing
  • Delete your account at any time
  • Opt out of push notifications through your device settings
  • Object to analytics processing or session-replay collection by emailing support@bromo-app.com; we will exclude your account from these flows on request and delete any prior recordings tied to your account

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).

Verification photos are retained for the duration of the review process and for dispute resolution purposes. You can delete your entire account, including all verification data, at any time through the in-app account deletion feature (Settings > Delete Account).

8. Account Deletion

You can delete your account at any time from within the app by navigating to Settings > Delete Account. When you delete your account, all of your data is permanently removed, including:

  • Your profile information and photos
  • All messages sent and received
  • Your matches, taps, and bros
  • Your chills and event participation
  • Your verification photos
  • Your albums and shared media
  • Your preferences and settings

Account deletion is permanent and cannot be undone. Your data is removed from our servers and storage systems.

9. Children's Privacy

Bromo is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected data from someone under 18, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy in the App and updating the "Last updated" date. Your continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@bromo-app.com