Last updated: 18 April 2026 — Version 2.2 (applies to app version 2.2.0+)
Looking for the earliest version of this policy (app versions prior to 2.1.0)?
friendkeeper ("we", "our", or "the app") is operated by Left Join Labs Ltd (registered in England and Wales), the data controller responsible for your personal data. For contact details, see the "Contact" section at the bottom of this page. This policy explains what data we collect, how we use it, and your rights.
friendkeeper requires you to verify your phone number via SMS to create an account. Your phone number is used to identify your account and to allow other friendkeeper users to find you (see "Contact Discovery" below). We store your phone number in our authentication system, hosted by Supabase. Your user profile record itself stores only an irreversible hash of your phone number (the raw number lives only in the authentication system, which is what we use to sign you in).
When you sign out of the app, we do three things: (1) we revoke your session tokens on our servers, so any token stored on the device can no longer be used — this also signs you out of friendkeeper on any other devices you've signed in from; (2) we best-effort flush any pending changes you made while offline; and (3) we erase all locally-stored data on the device, including friends, borrowings, catch-ups, reminders, notifications, cached profile photos, and your auth tokens. Nothing from your account remains on the device after sign-out. The next time you sign in, your data is re-downloaded from our servers.
We process your personal data on the following legal bases:
Your personal data — including friends, reminders, catch-up history, and borrowing records — is stored both locally on your device and synced to our servers so you can access it across devices. Server-side data is stored in a Supabase-hosted PostgreSQL database with row-level security, meaning only you can access your own data. Your profile photo may also be stored on our servers if you choose to share it (see "Photos" below).
Our servers are hosted by Supabase in the EU (eu-west-1, Ireland). Analytics data is processed by PostHog (EU hosting).
Push notifications are delivered via the Expo push notification service, which is based in the United States. When a push notification is sent, the notification payload — which may include friend names, borrowing details, or love send content — and your device push token are transmitted to Expo's US-based servers for delivery to your device. This means that some personal data (specifically, the names and details included in notification text) may briefly transit through or be processed in the United States as part of notification delivery. This transfer is covered by Expo's participation in the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs). Expo does not store notification content long-term. All other data processing occurs within the EU.
You may optionally provide profile information including your name, email address, physical address, date of birth, and a profile photo. Your profile information is only ever visible to other friendkeeper users who you have saved in your device's contacts — it is never shared publicly or with users you don't know.
A single "Share with saved contacts" toggle (in Settings > Privacy) controls whether your profile info is shared. When it's on, friendkeeper users who already have you saved in their phonebook can see your name, email, address, birthday, and profile photo. When it's off, none of these are shared — the other user still sees whatever name they have saved you under in their own phonebook, but nothing else. The toggle is on by default. When you turn it off, your profile photo is also deleted from our servers.
When you log a borrowing (items or money) with a friend who also uses friendkeeper, the borrowing record is shared between both users so that both parties can see and update its status. This includes the item name, amount, currency, dates, notes, and return/repayment status. A history of changes to shared borrowings (e.g. name changes, amount changes, return status) is stored on our servers and visible to both participants. You can choose not to share a borrowing when creating it.
friendkeeper allows you to send short, predefined "thinking of you" messages ("love sends") to friends who also use the app and are linked to your account. You may optionally include a personal note of up to 200 characters. Love sends are delivered as push notifications and stored on our servers so the recipient can view them. The recipient sees your name, the type of love send, and any personal note you included.
Love sends are limited to two per day. Both the sender and recipient can delete their own love send records. If you receive an unwanted love send, you can report the sender (which flags the content for our review) or block & report the sender (which also prevents them from sending you love in the future). Reports are stored on our servers and include the reporter's and reported user's identifiers, the reason, and the timestamp. Blocked users are managed via the existing phone-hash-based block list in Settings > Blocked Users.
friendkeeper lets you share and request songs, books, and films with friends who also use the app and are linked to your account. Shared recommendations (title, author/artist, thumbnail URL, link to the source page, and any personal note you attach) are stored on our servers so the recipient can view them and so both parties can see the exchange history.
To help you pick a title, the app looks up metadata from several third-party services. These lookups are made directly from your device to the third party — friendkeeper's servers don't proxy or see them. The third parties will see your IP address and the search query you type, but nothing about your friendkeeper account or your friends:
If you've lent something to a linked friend and it's overdue, you can send a short "nudge" asking for it back (or offering an update). Nudges are delivered as push notifications and stored on our servers so the recipient can reply to them. A nudge includes your name and, optionally, a short personal note.
Two friendkeeper accounts can become "linked" in two ways: either (a) both users have each other's phone number saved in their contacts and both have contact discovery enabled, or (b) one user sends the other a connection request and it is accepted. Connection requests create a stored record on our servers containing the sender, recipient, status (pending/accepted/declined/cancelled), and timestamps. Once linked, both users can see each other's shared profile info and exchange shared borrowings, love sends, nudges, and recommendations.
You can disconnect from a linked friend at any time from their friend page. Disconnecting revokes the link on both sides, prevents further shared actions, and overrides the mutual-contact link even if both contacts are still saved. Existing shared borrowings remain visible as a historical record unless you delete them.
friendkeeper may request access to your device's contacts to help you find friends who also use the app. When you use this feature, phone numbers from your contacts are hashed (converted to an irreversible code using SHA-256) on your device before being sent to our server for matching. We never store or see raw contact phone numbers. We do store hashed versions of your contacts on our server to enable mutual-contact verification — your shared profile information is only visible to other users who also have you saved in their contacts. You can block specific users from finding you in the app's settings.
Discoverability setting. In addition to the share toggle described under "Profile Information", you can separately control who can see that you've joined friendkeeper. Settings > Privacy > Discoverability lets you choose between "Everyone who has my number" (the default — anyone with you in their contacts sees that you're on friendkeeper) and "Only people I also have in my contacts" (you only appear in another user's discovery results if you have them saved too).
Rate limits. To discourage bulk enumeration of phone numbers, contact-discovery requests are rate-limited server-side on a per-account basis. Normal use is well within the limit; abusive patterns are rejected.
We use PostHog to collect pseudonymous usage analytics. This helps us understand how the app is used so we can improve it. Analytics data includes:
No personal content (friend names, notes, photos, etc.) is ever sent to our analytics service. The pseudonymous identifier is reset when you delete your account.
The app may request permission to send notifications. friendkeeper uses two types of notifications:
You can disable push notifications or specific notification categories (birthday reminders, contact joined alerts, etc.) in the app's settings at any time.
friendkeeper may request access to your camera or photo library to let you add profile pictures, friend photos, or images for catch-ups and borrowed items.
Your profile photo is permanently deleted from our servers when you delete your account or disable profile photo sharing.
We use the following third-party services to operate the app. These are our data sub-processors:
We do not sell, rent, or trade your personal data to any third party.
During setup, you must provide your date of birth (including birth year). This information is used for personalisation features such as zodiac insights. If you choose to share your birthday with contacts, the level of detail shared (month/day only, with year, or with birth time) is controlled by your privacy settings. You may also optionally store a birth year for friends you add to the app.
friendkeeper can open third-party payment apps (such as Revolut, Monzo, PayPal, and others) to help you settle borrowings. We do not access your payment accounts, process any financial transactions, or receive any data from these apps. These are simple deep links (URL schemes) that open the other app on your device — no personal data, account credentials, or financial information is transmitted between friendkeeper and the payment app. The payment app may pre-fill an amount based on the URL, but friendkeeper has no visibility into your payment activity.
You can permanently delete your account and all associated data at any time from within the app by going to Settings > Delete Account. This will:
This action is permanent and cannot be undone.
If you cannot access the app, you can also request account deletion by emailing support@leftjoinlabs.org from the phone number associated with your account, or by visiting friendkeeper.com/delete-account.
We retain your data for as long as your account is active. When you delete your account, all server-side data is permanently deleted immediately. Local data on your device is also erased at the time of deletion. Pseudonymous analytics data is retained separately and cannot be linked back to you after account deletion. We do not retain any personal data after account deletion for legal, fraud prevention, or any other purpose.
If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell, rent, or share your personal information for monetary or other valuable consideration. To exercise your rights, contact us at support@leftjoinlabs.org or use the in-app Delete Account feature.
Under the General Data Protection Regulation (GDPR) and similar data protection laws, you have the right to:
To exercise any of these rights, contact us at support@leftjoinlabs.org. We will respond within 30 days.
friendkeeper is not for children under 13. We do not knowingly collect personal information from children. During setup, the app asks for your date of birth and will prevent users under 13 from proceeding. If we learn that we have inadvertently collected information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 is using the app, please contact us at support@leftjoinlabs.org.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to you, we will also notify affected users directly without undue delay via email (if provided) or an in-app notification, as required by GDPR Article 34.
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date. Significant changes will be communicated through the app.
If you have questions about this privacy policy, please contact us at support@leftjoinlabs.org.