Thumpr Privacy Policy
Effective Date: April 1, 2026
Last Updated: April 9, 2026
Thumpr ("we," "us," or "our") operates the Thumpr mobile application and website (collectively, the "Platform"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.
We built Thumpr for the LGBTQ+ community, and we take your privacy seriously. We've written this policy in plain language so you can actually understand it.
1. Information We Collect
1.1 Information You Provide Directly
Account & Profile Information
- Email address (required for account creation)
- Full name
- Date of birth (to verify you are 18 or older)
- Profile photos (one or more)
- Bio text
- Pronouns
- Sexual position preference
- "Looking for" preferences
- Hashtag/interest tags you select
Waitlist Information (before account creation)
- Name
- Email address
- Phone number
- Selected city
Messages
- Message content you send through the Platform (encrypted — see Section 6)
- Message attachments (photos, media)
- Message reactions
Other Content You Provide
- Photo albums ("Bundles") you create and share
- Bug reports or feedback you submit, including optional screenshots
- Invite codes you generate or use
1.2 Information Collected Automatically
Location Data
- GPS coordinates when you sign up (to verify you are within a supported city)
- Location updates used for nearby user discovery on the grid
Device Information
- Device type (iOS, Android, or web browser)
- Push notification tokens (if you enable notifications)
Usage Data
- Account creation and registration events
- Message and nudge activity (metadata only — not message content)
- Last active timestamp (used to show activity status to other users)
Cookies & Local Storage
- Authentication tokens and session state (required for the app to function)
- A returning-user flag (to personalize your experience)
- Affiliate referral identifier — if you arrive via a referral or affiliate link, a first-party cookie stores a referral code (not personal information) for up to 60 days so the referring affiliate can receive credit. You can clear this cookie at any time through your browser settings.
Analytics
- We use analytics tools to understand how people use the website. This is optional and can be disabled. We collect page views and feature usage events. When you are logged in, your internal user ID (not your email or name) may be associated with analytics events.
1.3 Information from Third Parties
- Our identity provider supplies us with your verified email address and authentication identifiers when you log in.
2. How We Use Your Information
We use your information only for the following purposes:
| Purpose | Data Used |
|---|---|
| Create and manage your account | Email, name, date of birth |
| Display your profile to other users | Name, photos, bio, pronouns, preferences, tags, activity status |
| Enable nearby user discovery | Location data, last active timestamp |
| Deliver messages between users | Encrypted message content, sender/recipient IDs |
| Send push notifications | Device tokens, notification preferences |
| Moderate content and enforce community guidelines | Profile photos (automated screening), user reports |
| Process waitlist signups | Name, email, phone, city, location |
| Send transactional emails (e.g., verification, notifications) | Email address |
| Send email digests of activity | Email address, notification preferences |
| Manage invite codes | Code usage, inviter/invitee relationship |
| Improve the Platform | Aggregated usage data, analytics |
| Prevent fraud and abuse | Account activity patterns, device data |
We do not use your data for advertising. We do not sell your data. Ever.
3. How We Share Your Information
We share your information only in these limited circumstances:
3.1 Other Thumpr Users
- Your profile information (name, photos, bio, pronouns, preferences, tags, activity status) is visible to other users based on your visibility settings.
- Message content is shared only with the specific recipient.
- Your presence on the grid is visible to nearby users.
3.2 Service Providers
We use trusted third-party service providers to help operate the Platform. These providers process data on our behalf and are contractually required to protect it. The categories of providers we use include:
- Cloud infrastructure — hosting, storage, databases, and compute
- Authentication — identity verification and secure login
- Push notification delivery — delivering notifications to your device (iOS and Android)
- Email services — transactional emails and email digests
- Analytics — website usage analytics (optional, anonymized)
- Mobile app delivery — app updates and builds
- Affiliate tracking — referral attribution and affiliate payout processing
3.3 Legal Requirements
We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to protect the safety of any person or to prevent illegal activity.
3.4 Business Transfers
If Thumpr is acquired, merges with another company, or sells substantially all of its assets, your information may be transferred as part of that transaction.
4. Your Choices & Rights
4.1 Access & Update
You can view and update your profile information, photos, preferences, and tags at any time through the app.
4.2 Delete Your Account
You can delete your account through the app. When you do:
- Your profile is removed from the Platform
- Your authentication account is blocked
- Your messages remain encrypted and are not retroactively decrypted
Note: Some data may be retained in backups for a limited period or as required by law.
4.3 Push Notifications
You can enable or disable push notifications through your device settings at any time.
4.4 Email Communications
You can opt out of marketing emails by using the unsubscribe link in any email or by updating your notification preferences in the app. Transactional emails (like security alerts) cannot be opted out of.
4.5 SMS Communications
If you provided a phone number, you may receive transactional messages. Reply STOP to opt out of promotional messages at any time. Standard carrier rates apply.
4.6 Location
You can revoke location permissions through your device settings. Note that location is required for core features like nearby user discovery; disabling it may limit functionality.
4.7 Analytics
Web analytics can be disabled through your browser settings or by using a browser extension that blocks tracking scripts.
4.8 Additional Privacy Rights
Depending on where you live, you may have additional rights under applicable privacy laws, including the right to access, correct, or delete your personal information. To exercise any privacy rights, contact us at privacy@thumpr.us.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Profile data | Until you delete your account |
| Messages | Stored indefinitely (encrypted) until you or the recipient deletes them |
| Nudges | Retained until you delete your account |
| Waitlist data | Retained until your city launches and you create an account, or upon request |
| Invite codes | Retained for the life of the Platform |
| Real-time connection data | Automatically deleted after 24 hours |
| Push notification tokens | Retained while active; stale tokens are automatically cleaned up |
| Admin audit logs | Retained indefinitely for safety and compliance |
| Feedback/reports | Retained until resolved, then archived |
6. Data Security
We implement multiple layers of security to protect your data:
- End-to-end encryption for messages: Messages sent on Thumpr are encrypted on your device before they leave it. We cannot read them. This uses AES-256-GCM encryption with X25519 key agreement.
- Encryption at rest: All data stored in our databases is encrypted at rest.
- Encryption in transit: All data transmitted between your device and our servers uses TLS (HTTPS).
- Profile photo moderation: Profile photos are automatically screened using automated image moderation for prohibited content before being shown to other users. We do not scan other photos or media you share (e.g., in messages or bundles).
- Token-based authentication: We use industry-standard JWT authentication with a dedicated identity provider.
- Access controls: Internal access to user data is restricted and logged through an audit system.
- Passcode protection: Message encryption keys can be protected with a user-set passcode, derived using PBKDF2 with 600,000 iterations.
No system is 100% secure. If you believe your account has been compromised, contact us immediately at security@thumpr.us.
7. Children's Privacy
Thumpr is strictly for users aged 18 and older. We verify age during account creation. We do not knowingly collect information from anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly.
8. International Data Transfers
Thumpr is based in the United States. All data is stored and processed in the U.S. If you access the Platform from outside the U.S., your data will be transferred to and processed in the United States.
9. Third-Party Links
The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top
Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your privacy rights:
- Email: privacy@thumpr.us
- Security concerns: security@thumpr.us
This Privacy Policy applies to all users of the Thumpr Platform, including the mobile app (iOS and Android) and the website at thumpr.us.