Privacy Policy

Pynclo (“Pynclo,” “we,” “our,” or “us”) operates the Pynclo platform accessible at pynclo.club and through our mobile applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

If you have questions, contact us at support@pynclo.club.

2.1 Information you provide directly

• Account information: Your display name, email address, username, and password (stored as a secure hash — we never store your plain-text password).
• Profile information: Optional profile photo, bio, and phone number. Your phone number is only visible to members who share a circle with you.
• Content you create: Messages, files, images, voice notes, polls, events, and announcements you send or create within circles. Messages between users are end-to-end encrypted and cannot be read by Pynclo.
• Communications with us: Emails or messages you send to our support team.

2.2 Information collected automatically

• Usage data: Log files including IP address, browser type, device type, pages visited, and timestamps.
• Device information: Device model, operating system version, unique device identifiers, and push notification tokens (for sending push notifications).
• Connection data: When you connect to Pynclo, we record connection events to maintain your online status and deliver real-time messages.

2.3 Information from your device (with permission)

• Contacts (optional):If you grant permission, we match your device contacts' email addresses against registered Pynclo accounts to help you find people already on the platform. Contacts are processed on your device and are never stored on our servers.
• Camera and microphone: Accessed only when you use video calls, voice calls, or record voice notes.
• Photo library: Accessed only when you choose to share images or files.

We use the information we collect to:

• Create and manage your account
• Operate and deliver the Pynclo service
• Send you email invitations, verification emails, and password reset links
• Deliver push notifications you have opted into
• Process circle invitations and manage memberships
• Provide customer support
• Detect, prevent, and respond to fraud, abuse, and security incidents
• Comply with legal obligations
• Improve and develop our platform (using aggregated, anonymized data)

We do not use your personal data for advertising. Pynclo does not display ads and does not sell your data to advertising networks.

Messages sent in direct conversations and group circles are end-to-end encrypted using the NaCl (libsodium) cryptographic library. Specifically:

• Direct messages: Encrypted using X25519 key exchange (Curve25519 elliptic curve Diffie-Hellman). Only the sender and recipient can decrypt the message.
• Group messages: Encrypted using a random symmetric key (XSalsa20-Poly1305), itself encrypted for each member using their public key.
• Private keys:Generated on your device and stored in your device's secure keystore (iOS Keychain / Android Keystore). Private keys are never transmitted to or stored by Pynclo's servers.

This means that Pynclo's servers store only ciphertext — we are technically unable to read your private messages.

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

• With circle members: Your display name, username, avatar, and optional bio are visible to members of circles you belong to. Your phone number is only visible to people in a shared circle if you choose to add it.
• Service providers: We use third-party service providers to operate our infrastructure (cloud hosting, transactional email, push notification services). These providers process data on our behalf and are bound by confidentiality obligations.
• Legal requirements: We may disclose your information if required by applicable law, court order, or governmental authority, or if necessary to protect the rights, property, or safety of Pynclo, our users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

We retain your personal data for as long as your account is active or as needed to provide you services. Specifically:

• Account data: Retained until you delete your account. After deletion, we initiate hard deletion within 30 days.
• Messages and content: Retained as long as the circle exists. When you delete a message, it is removed from our servers. When a circle is deleted by its owner, all content within it is permanently deleted.
• Log data: Retained for up to 90 days for security and debugging purposes.
• Invitation tokens: Automatically expired after 14 days if unused, and deleted after acceptance.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate personal data through your profile settings.
• Deletion: Request deletion of your account and associated personal data. You can initiate account deletion from the app settings.
• Data portability: Request an export of your data in a machine-readable format (where applicable).
• Withdraw consent: Where we rely on consent to process your data (e.g., push notifications), you may withdraw consent at any time through your device or app settings.

To exercise any of these rights, contact us at support@pynclo.club.

We implement industry-standard security measures to protect your information:

• All data transmitted between your device and our servers is encrypted using TLS/HTTPS
• Passwords are hashed using bcrypt with a salt factor of 12
• Access tokens are short-lived (15 minutes) with secure refresh token rotation
• Invitation tokens are stored as SHA-256 hashes — only the raw token is emailed
• File uploads are served via authenticated, time-limited presigned URLs
• Database access is restricted to authorized internal systems only

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to notifying affected users in the event of a data breach as required by applicable law.

Pynclo is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at support@pynclo.club and we will promptly delete the account and associated data.

Our web platform may use essential cookies to maintain your session and preferences. We do not use tracking cookies, advertising cookies, or third-party analytics that profile you across sites.

You can control or disable cookies through your browser settings. Disabling essential cookies may affect your ability to use certain features of the Pynclo web platform.

Pynclo operates primarily in India. If you access our services from outside India, your data may be transferred to and processed in India or other countries where our infrastructure partners operate. By using Pynclo, you consent to such transfer in accordance with this Privacy Policy.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and/or by posting a prominent notice on our platform at least 14 days before the changes take effect.

Your continued use of Pynclo after the effective date of the revised policy constitutes your acceptance of the changes.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: