Privacy Policy

Nasib ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

Information We Collect

Information You Provide

• Account Information: Phone number, name, date of birth, gender, email address
• Profile Information: Photos, bio, interests, prompts, education, occupation, location preferences
• Verification Data: Selfie photos for verification, optional government ID
• Communication Data: Messages, voice notes, and call logs with other users
• Payment Information: Processed through Apple App Store or Google Play (we do not store payment card details)
• Support Communications: Messages sent to our support team

Information Collected Automatically

• Device Information: Device model, operating system, unique device identifiers
• Usage Data: Features used, session duration, interaction data
• Location Data: GPS coordinates (only when the app is in use and you have granted permission)
• Log Data: IP address, access times, app crashes

How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Create and manage your account
• Match you with other users based on your preferences and compatibility
• Send you notifications about matches, messages, and features
• Verify your identity and prevent fraud
• Respond to your support requests
• Provide in-app AI assistance (Dalil) for product, account, and safety questions
• Analyze usage patterns to improve the Service (anonymized)
• Comply with legal obligations

How We Share Your Information

We do not sell your personal information. We share data only in the following circumstances:

With Other Users

Your profile information (name, photos, bio, age, interests) is visible to other users as part of the community experience.

With Service Providers

We work with trusted service providers for analytics, payments, security, and infrastructure. These providers only access data necessary to perform their functions and are contractually obligated to protect your information.

• Google Ireland Limited (Firebase Crashlytics) — receives anonymized crash reports and diagnostic data so we can identify and fix bugs. No personal identifiers, message content, or location data are sent.
• Google Ireland Limited (Firebase Cloud Messaging + Firebase Analytics + Firebase App Check) — receives push delivery tokens, anonymised usage events, and (where consent is granted on iOS via the App Tracking Transparency prompt, or by default on Android) advertising ID. Used for push-notification routing, feature analytics, and app-integrity verification.
• OneSignal Inc. — receives push device tokens, advertising ID (where consent is granted), and basic device info. Used to deliver push notifications and measure delivery / engagement.
• RevenueCat Inc. — receives anonymised user ID, store receipts, and subscription status. Used to process App Store and Google Play in-app purchases and subscriptions.
• Agora.io — receives encrypted call signaling. Used for voice and video calls. Audio and video streams are end-to-end encrypted in transit and not stored on Nasib infrastructure.
• Amazon Web Services (eu-south-1) — primary cloud infrastructure for application servers, databases, and media storage.
• Cloudflare — DNS, edge caching, and Turnstile bot-protection for the public website.
• AB180 Inc. (Airbridge) — receives anonymised device identifiers (advertising ID where consent is granted, install referrer data) and click metadata when you tap a Nasib share link or open the app from one. Used for deferred deep linking (so a tapped profile link routes to the correct screen after install) and aggregated install-attribution analytics. No conversation content, exact location, or contact information is shared.

Analytics and error tracking can be managed in Settings > Privacy > Tracking & Analytics.

Profile Sharing & Match Celebration

Nasib lets you share two kinds of links from inside the app:

• Profile share links (https://nasib-group.com/profile/<id>) — open another user's profile in the app. The recipient sees a public-display version of the profile (display name, age, primary photo) on the website if they don't have Nasib installed.
• Match celebration links (https://nasib-group.com/met/<token>) — celebrate that you and another user matched. The recipient sees both display names and primary photos on a celebration page.

Match celebration links are minted only when both matched users are still active and the link owner is one of the two users in the match. Tokens expire after 30 days and are revocable from Settings → Shared Links in the app — revoking takes the public page down immediately.

Public preview pages never expose phone numbers, email addresses, exact location, full-resolution photos, or any data you have hidden via privacy settings. We log aggregated click counts (no IP-level detail) so link owners can see whether a link is getting taps.

With AI Sub-Processors (Dalil Assistant)

Nasib offers an in-app AI support assistant called Dalil. When you send a message to Dalil, the text of your message is forwarded to the following sub-processors so the assistant can generate a reply:

• Anthropic, PBC — operator of the Claude language model that powers Dalil's responses. Anthropic does not retain API messages for training and processes data under its commercial terms.
• n8n GmbH (n8n Cloud) — orchestration layer that routes messages between Nasib's backend and Anthropic.

Dalil is never used to look up other users, reveal account data, or process credentials. It is intended only for product, billing, safety, and community questions. You should not share sensitive personal information (passwords, ID numbers, financial data) with Dalil. Conversations with Dalil are stored in our database for support and audit purposes and are deleted when you delete your account.

Your Rights

GDPR Rights (EU/EEA Residents and Lebanese Citizens)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Restriction: Restrict processing of your personal data
• Portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for optional data processing at any time

To exercise these rights, go to Settings > Privacy > Data Rights in the app, or reach out through our contact page under the "Privacy & Data Rights" category.

Data Retention

• Active Accounts: Data is retained while your account is active
• Deleted Accounts: Your profile is immediately hidden from other users upon deletion; all data permanently deleted after a 30-day grace period
• Grace Period: You may reactivate your account within 30 days by logging back in
• Legal Requirements: Some data may be retained longer as required by law
• Anonymized Data: Aggregated, anonymized data may be retained indefinitely for analytics

Data Security

We implement industry-standard security measures to protect your personal information:

• All data encrypted in transit and at rest using industry-standard encryption
• Secure cloud storage within data centers in the European Union
• Regular security audits and penetration testing
• Access controls and employee data handling training

Tracking and Cookies

The Nasib mobile app uses:

• Essential Tracking: Required for app functionality (authentication tokens, session data)
• Analytics Tracking (Opt-in): Anonymous usage patterns
• Error Tracking (Default on, opt-out): Anonymous crash and error reporting via Firebase Crashlytics. Enabled by default to help us identify and fix bugs. You can disable this in Settings > Privacy > Tracking & Analytics.

Advertising ID (AAID / IDFA). Nasib does not show advertisements. We collect the Android Advertising ID and (with your explicit consent via the iOS App Tracking Transparency prompt) the Apple Identifier for Advertisers — solely for analytics purposes. Specifically, these identifiers are used to deduplicate users across sessions in Firebase Analytics and to attribute push-notification engagement in OneSignal. They are not used for cross-app tracking or shared with data brokers. You can reset or disable these identifiers at any time in:

• Android: Settings → Privacy → Ads
• iOS: Settings → Privacy & Security → Tracking

You can manage tracking preferences in Settings > Privacy > Tracking & Analytics.

For full details, see our Cookie Policy.

Children's Privacy

Nasib is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a user is under 18, we will promptly delete their account and data.

CSAE (Child Sexual Abuse and Exploitation) Prevention

Nasib has zero tolerance for child sexual abuse and exploitation material, child grooming, or any conduct that endangers minors. For our full policy on age restriction, content moderation, reporting, and cooperation with authorities, see our dedicated Child Safety & CSAE Prevention Policy.

To report suspected CSAE content, email safety@nasib-group.com or use the in-app Report → Underage / CSAE flow.

International Data Transfers

Your data may be transferred to and processed in secure data centers within the European Union. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable regulations.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or via email. The "Last Updated" date at the top indicates when the policy was last revised.

Contact Us

For privacy-related inquiries, including requests to our Data Protection Officer:

• Privacy & Data Rights: privacy@nasib-group.com
• Child Safety / CSAE: safety@nasib-group.com
• General Support: support@nasib-group.com
• Postal Address: Beirut, Lebanon

You can also use our contact page and select the "Privacy & Data Rights" category.

If you are not satisfied with our response, you may lodge a complaint with your local data protection authority.