Privacy Policy

Last Updated: January 3, 2026
Effective Date: January 3, 2026

Introduction

Welcome to Rebel ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our community platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

By using Rebel, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information You Provide to Us

Account Information:

Display name
Email address
Date of birth (to verify you are 18+)
Password (encrypted and never stored in plaintext)
Optional profile photo

User-Generated Content:

Messages in direct conversations (end-to-end encrypted)
Posts and messages in communities (encrypted)
Photos and media you choose to share
Profile information you add

Location Data:

Approximate location for finding nearby users and communities (with your permission)
Location data is fuzzed/approximated for privacy
We do not store precise GPS coordinates

1.2 Automatically Collected Information

Usage Data:

Device type and operating system
App version
Session duration and frequency
Feature usage patterns
Crash reports and error logs

Device Information:

Unique device identifiers
IP address (anonymized)
Network connection type

1.3 Information We DO NOT Collect

We are privacy-first and do NOT collect:

Your real name (unless you choose to use it as your display name)
Social Security Number or government IDs
Financial information (handled by secure payment processors)
Contact lists or address books
Precise GPS coordinates (only approximate location)
Message content (we cannot read your encrypted messages)

2. How We Use Your Information

2.1 Core Platform Functions

Creating and managing your account
Enabling you to connect with other users
Displaying users and communities near you
Facilitating end-to-end encrypted messaging
Providing anonymous community participation

2.2 Platform Improvement

Analyzing usage patterns to improve features
Identifying and fixing bugs
Testing new features
Enhancing user experience

2.3 Safety and Security

Detecting and preventing fraud and abuse
Enforcing our Terms of Service
Moderating content for violations
Responding to legal requests and preventing harm

2.4 Communications

Sending important updates about our services
Responding to your inquiries and support requests
Notifying you of new features (you can opt-out)

We do NOT sell your personal information to third parties.

3. End-to-End Encryption

3.1 Your Privacy is Protected

Direct Messages:

All direct messages are end-to-end encrypted
We cannot read your messages
Messages are encrypted on your device before sending
Only you and your conversation partner can decrypt them

Community Messages:

Community messages use shared encryption
Content is encrypted before storage
We store only encrypted data

Key Storage:

Encryption keys are stored securely on your device
Keys are never transmitted to our servers
We use iOS Keychain and Android Keystore

3.2 What This Means

Even if our servers are compromised, your messages remain secure
We cannot provide message content to third parties
Users are responsible for taking screenshots if they need to report abuse

4. Anonymous Community Participation

4.1 Anonymous Identities

Each community/server assigns you a random anonymous identity
We do not link your anonymous IDs to your real identity
You cannot be tracked across different communities
Anonymous IDs can be regenerated

4.2 What We Know

We know you're a member of a community
We do NOT know which messages you sent (stored anonymously)
We cannot track your activity across communities

5. Data Sharing and Disclosure

5.1 We Share Data With:

Service Providers:

Cloud hosting (Cloudflare Workers, R2 Storage)
Authentication services
Payment processors (for subscriptions)
Analytics providers (anonymized data only)

Legal Requirements:

We may disclose your information if required to:

Comply with legal obligations
Respond to lawful requests from authorities
Protect our rights and safety
Prevent fraud or security issues

Business Transfers:

If Rebel is acquired or merged, your data may be transferred to the new entity.

5.2 We Do NOT Share:

Your encrypted messages (we can't access them)
Your data with advertisers
Your information for marketing purposes
Data across communities (anonymous isolation)

6. Data Retention

Active Accounts:

We retain your account data while your account is active
Encrypted messages are stored until deleted by you

Deleted Accounts:

When you delete your account, we remove personal data within 30 days
Some anonymized data may be retained for analytics
Encrypted messages are deleted permanently

Legal Holds:

Data may be retained longer if required by law or for legal proceedings

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

Access your personal data
Correct inaccurate information
Delete your account and data
Export your data (where applicable)
Opt-out of non-essential communications

7.2 Location Permissions

You can enable/disable location access in device settings
Rebel works without location but with limited features

7.3 Cookie and Tracking

We use minimal tracking for essential functions
You can disable analytics in app settings

7.4 California Residents (CCPA)

California users have additional rights:

Right to know what personal data is collected
Right to delete personal data
Right to opt-out of sale (we don't sell data)
Right to non-discrimination

7.5 European Users (GDPR)

EU/EEA users have rights including:

Right to access, rectify, and erase data
Right to data portability
Right to restrict processing
Right to object to processing
Right to withdraw consent

8. Children's Privacy (COPPA Compliance)

Age Requirement:

Rebel is for users 18 years and older
We do not knowingly collect data from anyone under 18
If we discover a user is under 18, we will delete their account immediately

Parental Notice:

If you believe your child under 18 has created an account, please contact us immediately at privacy@rebel.app

9. Security Measures

We implement industry-standard security measures:

Encryption:

End-to-end encryption for messages
TLS/SSL for data in transit
Encrypted data storage

Access Controls:

Limited employee access to data
Multi-factor authentication for systems
Regular security audits

Device Security:

Secure key storage (iOS Keychain/Android Keystore)
Biometric authentication support
Automatic session timeout

Important: No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Our servers are primarily located in the United States
Data may be transferred to and processed in countries other than your own
We ensure appropriate safeguards are in place for international transfers
By using Rebel, you consent to data transfer and processing globally

11. Third-Party Links and Services

Rebel may contain links to third-party websites or services
We are not responsible for the privacy practices of third parties
We encourage you to read their privacy policies

Third-Party Services We Use:

Cloudflare (hosting and CDN)
Stripe (payment processing - they have their own privacy policy)
Apple/Google (in-app purchases - subject to their policies)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will:

Notify you of significant changes via app notification or email
Post the updated policy with a new "Last Updated" date
Continued use after changes constitutes acceptance

Material changes will require your explicit consent.

13. Contact Us

If you have questions about this Privacy Policy or your data:

Email: privacy@rebel.app
Support: https://rebel.app/support
Mail: Rebel Privacy Team, 3400 S Clark St Apt 827, Arlington, VA 22202
Data Protection Officer: dpo@rebel.app

14. State-Specific Rights

California (CCPA/CPRA)

Right to know, delete, and opt-out
Contact: privacy@rebel.app
Toll-Free: Available upon request

Virginia (VCDPA)

Right to access, correct, delete, and data portability
Right to opt-out of targeted advertising

Colorado (CPA)

Similar rights to Virginia residents

Other States

Check your state's privacy laws for additional rights.

15. App Store Compliance

Apple App Store:

This app complies with Apple's App Store Review Guidelines including:

Privacy nutrition labels
Transparent data collection practices
User consent for tracking

Google Play Store:

This app complies with Google Play's policies including:

Data safety section disclosures
Prominent privacy policy disclosure
User data handling requirements

Summary

What We Collect: Display name, email, DOB, encrypted messages, approximate location

Why We Collect: To provide community and messaging features

How We Protect: End-to-end encryption, secure storage, minimal data collection

Your Rights: Access, delete, export, opt-out

Our Commitment: Privacy-first, no selling data, transparent practices

By using Rebel, you acknowledge that you have read and understood this Privacy Policy.

Last Updated: January 3, 2026 | Version: 1.0