Privacy Policy

Effective date: 5 March 2026

Nearish is built on a simple belief: your location data, your relationships, and your attention are yours. This isn't just a policy — it's baked into the architecture. We've designed the system so that many forms of misuse are technically impossible, not just prohibited.

Who we are

Nearish is operated by Nearish (Pty) Ltd, based in Cape Town, South Africa. When this policy says "we," "us," or "our," it refers to Nearish (Pty) Ltd.

What we collect

We collect only what's necessary to make the app work:

Phone number — used for authentication via one-time SMS codes. We don't use passwords.
Name — displayed to people in your network so they know who you are.
Email address — optional. Used only if you choose to add it to your profile.
Profile photo — optional. Stored in our secure cloud storage and visible only to people in your network.
Home suburb and city — used to determine whether you or a connection are away from home. This is what makes pings meaningful rather than noisy.
Approximate location — when you toggle "Open to meet-ups," your device's GPS coordinates are converted into a geohash representing a roughly 5km area. We never store your precise coordinates.
Push notification token — used to deliver proximity pings to your device.

How location works

We never store your precise GPS coordinates. Not in our database, not in logs, not anywhere.

When you toggle "Open to meet-ups," your device converts your GPS position into a geohash — a short code representing a roughly 5km area. This geohash is sent to our servers along with a reverse-geocoded city name.

Your location check-in automatically expires after one hour and is permanently deleted. A background process purges expired check-ins every 15 minutes. When you toggle off, your check-in is deleted immediately.

The system is designed so that even if our entire database were compromised, an attacker could not reconstruct your movement history. There is no history to reconstruct.

How proximity pings work

When you and someone in your network are both set to "open" and within approximately 50km of each other, and at least one of you is away from your home city, you both receive a notification. The ping includes the other person's name and a contextual message — for example, "James is visiting your area."

We do not ping you when you and a connection are both in your usual city. That's just a normal day, not serendipity.

To prevent repeated notifications, the same pair of people will not be pinged more than once in a 24-hour period.

Your network

Your network is private and curated by you. Only people you explicitly invite (or who invite you) can see that you're nearby. There is no public profile, no discoverability, no friend suggestions, and no way for strangers to find you.

You can remove anyone from your network at any time, which immediately and permanently severs the proximity relationship.

Messaging

Nearish includes a simple messaging feature for coordinating meet-ups after a proximity ping. Messages are stored in our database and are accessible only to the sender and recipient. We do not read, analyse, or use message content for any purpose other than delivery.

What we don't do

These aren't features we haven't built yet. They're architectural decisions that make certain abuses impossible by design.

We don't sell your data. Not to advertisers, not to data brokers, not to anyone. There is no data monetisation pathway in our architecture.
We don't serve ads. There are no ad network SDKs in the app. No tracking pixels, no third-party analytics that phone home.
We don't track your movements. Location data is ephemeral and imprecise by design. We physically cannot build a profile of where you've been.
We don't share your network graph. Who you're connected to is not queryable in aggregate, not shared with third parties, and not used for recommendations.
We don't use third-party analytics SDKs like Mixpanel, Amplitude, or Facebook SDK.

Data storage and security

Your data is stored on Supabase infrastructure, which encrypts all data at rest using AES-256 and enforces TLS 1.3 for all data in transit. Access to your data is controlled by row-level security policies — database rules that ensure you can only access your own data and your own connections.

Authentication tokens are stored in your device's secure hardware-backed storage, not in regular app storage.

Data retention

Location check-ins: Automatically deleted after 1 hour
Ping history: Retained to enforce the 24-hour cooldown, then purged
Messages: Retained until you delete your account
Profile data: Retained until you delete your account
Account deletion: Permanently removes all your data, connections, messages, and any unexpired check-ins

Your rights

You can:

View and edit all your profile information at any time within the app
Toggle your availability on or off — when off, no location data is collected or shared
Remove any connection from your network at any time
Delete your account and all associated data
Request a copy of your data by contacting us

If you are a resident of South Africa, you have rights under the Protection of Personal Information Act (POPIA). If you are a resident of the European Economic Area, you have rights under the General Data Protection Regulation (GDPR). We honour these rights regardless of where you live.

Children

Nearish is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

Changes to this policy

If we make material changes to this policy, we will notify you through the app before the changes take effect. We will never retroactively weaken your privacy protections.

Contact us

If you have questions about this privacy policy or your data, contact us at privacy@getnearish.com.