Privacy Policy

This Privacy Policy explains how FindXI ("FindXI", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use the FindXI mobile application, the websites at findxi.com and app.findxi.com, and related services (together, the "Service").

By using the Service you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Who We Are

FindXI is a location-based community platform operated by [LEGAL ENTITY — TBD], based in Malaysia. For any privacy question, you can reach us at hello@findxi.com.

2. Information We Collect

We collect the following categories of information:

• Account information: when you sign in with Apple or Google, we receive your name and email address from those providers. You may add a display name and profile photo.
• Identity verification: if you choose to verify your identity using your passport via NFC, the verification result (verified or not), your country of nationality, and a verification timestamp are stored. We also store a one-way cryptographic hash derived from your passport identity, used solely to prevent the same passport from being registered to multiple accounts. This hash cannot be reversed to recover your passport details. The contents of your passport chip — including your name, passport number, date of birth, and biometric data — are processed on your device only and are never transmitted to or stored by FindXI.
• Location information: with your permission, we collect your device location to show nearby posts, requests, meetups, and chat rooms. Precise location is processed in real time. We store location only when you publish a location-pinned post, request, or meetup, in which case the pin coordinates are saved with that post.
• User-generated content: posts, replies, chat messages, photos, profile information, and reviews you submit are stored on our servers so that other users can see them as intended.
• Camera, photos, and microphone: with your permission, the app accesses your camera and photo library to attach images to posts and your profile, and may access your microphone for chat or media features. These are accessed only when you initiate the corresponding action.
• Device and technical information: device model, operating system, app version, language, time zone, push notification token, IP address, and basic diagnostic data such as crash logs.
• Activity information: your FXI ledger entries (earned, spent, locked, forfeited), quest progress, items in your collection, and timestamps for actions you take in the Service.

3. How We Use Information

We use your information to:

• operate, maintain, and improve the Service;
• show you nearby posts, requests, and chat rooms based on your location;
• authenticate you, secure your account, and prevent fraud or abuse;
• manage FXI points, including locking, unlocking, forfeiting, and crediting balances tied to platform activity;
• deliver push notifications about activity that involves you (replies, selections, scheduled meetups, and similar);
• respond to support requests, abuse reports, and legal requests;
• comply with applicable law and enforce our Terms of Service.

We do not sell your personal information, and we do not use it for advertising profiling.

4. Legal Bases (for users in the EEA / UK)

Where the EU General Data Protection Regulation or UK GDPR applies, we rely on the following legal bases: performance of our contract with you to provide the Service; your consent for location, camera, microphone, photo library, and push notifications; our legitimate interests in keeping the Service safe, preventing abuse, and improving the product; and compliance with legal obligations.

5. How We Share Information

We share information in these limited cases:

• With other users: your display name, profile photo, posts, replies, chat messages, reviews, verification badge, and approximate location of pinned content are visible to other users as part of the Service.
• With service providers: we use trusted vendors to operate the Service, including Cloudflare (hosting, content delivery, image storage) and Apple and Google (authentication and push notifications). Our application servers are located in Malaysia. These providers process information only on our instructions.
• For legal reasons: we may disclose information when required by law, court order, or to protect the rights, safety, or property of FindXI, our users, or the public.
• Business transfers: if FindXI is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction, subject to this policy.

We do not sell or rent your personal information to third parties, and we do not share it with advertisers.

6. Data Retention

We keep your information only for as long as necessary for the purposes described in this policy:

• Account information: until you delete your account, then up to 30 days in backups before permanent deletion.
• Posts, requests, and other content you publish: until you delete them or your account.
• Chat messages: stored on our servers so other participants can read them; deleted with your account, except that messages you sent may remain visible to recipients who saved or quoted them.
• Activity records, including FXI ledger entries and verification timestamps: retained while your account is active and, after deletion, in anonymized form for up to twelve (12) months to help us detect abuse and protect the integrity of the platform, after which they are deleted.
• Server logs and diagnostic data: retained up to 90 days.
• Information we are legally required to keep: retained only for the period required by applicable law.

7. Your Rights and Choices

Subject to applicable law (including the Malaysian Personal Data Protection Act 2010, the EU and UK GDPR, and the California Consumer Privacy Act), you may have the right to access, correct, delete, restrict, or object to processing of your personal information, to withdraw consent, and to request a portable copy of your data. To exercise these rights, contact hello@findxi.com. We will respond within the timeframe required by applicable law. You may also lodge a complaint with your local data protection authority.

8. Account Deletion

You can permanently delete your FindXI account from inside the app, under Profile → Edit profile → Delete Account. Deletion removes your account, profile, posts, replies, chat history, FXI balance, and collection, subject to the retention exceptions described above. Deletion is irreversible.

9. Children's Privacy

FindXI is not directed to children under the age of 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has provided us with personal information, contact hello@findxi.com and we will take steps to delete that information.

10. Push Notifications

With your permission, we send push notifications about activity relevant to you, such as replies to your posts, selections for meetups, scheduled reminders, chat messages, and FXI activity. You can turn push notifications off at any time in your device settings.

11. Cookies, Local Storage, and Analytics

On our websites and inside the app, we use cookies, local storage, and similar technologies that are strictly necessary to operate the Service — for example, to keep you signed in and to remember your preferences. We do not use third-party advertising cookies. If we add product analytics in the future, we will update this policy and, where required, ask for your consent.

12. International Data Transfers

FindXI operates from Malaysia, and our servers are located in Malaysia. If you use the Service from another country, your information will be transferred to and processed in Malaysia. Where required by law, we use appropriate safeguards for cross-border transfers.

13. Security

We use reasonable technical and organizational measures to protect your information, including HTTPS-encrypted connections to our servers, hashed authentication tokens, server-side access controls, and limited employee access. No system is completely secure, and we cannot guarantee absolute security.

14. Apple Devices

On Apple devices we follow Apple's privacy requirements. Permissions for location, camera, photo library, microphone, push notifications, and NFC are requested through the system prompt, and you can change them at any time in iOS Settings. The data collection and tracking practices we declare on the App Store match the practices in this policy.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top and, where appropriate, notify you in the app or by email. Continued use of the Service after an update means you accept the revised policy.

16. Contact

For questions, requests, or complaints about this policy or how we handle your information, please contact hello@findxi.com.