Legal

Privacy Policy

Last updated: 11 May 2026 · Effective date: 11 May 2026

1. Introduction

CampSpark (the “App”) is operated by Pyqlexity, a sole proprietorship registered in India (the “Operator”, “we”, “us”, or “our”). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the CampSpark mobile application and the marketing website at campspark.online (the “Website”).

By creating an account or using the App, you consent to the data practices described in this policy.

2. Information You Provide

Data	Required	Purpose
Email address	Yes	Account creation and authentication via AWS Cognito and Google Sign-In
Display name (nickname)	Yes	Shown to nearby users on your bubble and in chats
Gender (Male / Female)	Yes	The App matches you only with opposite-gender users. This choice is permanent and cannot be changed after first login.
Date of birth confirmation (18+)	Yes	A one-time checkbox confirming you are 18 years or older
Bio (free-form text)	Optional	Shown on your profile when another user views it
Profile avatar	Optional	You choose from a set of bundled illustrated avatars, or one is assigned for you. Custom photo uploads are not enabled in the current release, so no real photographs are collected or stored.

3. Information Collected Automatically

Data	Purpose
Bluetooth Low Energy (BLE) proximity detections	Detecting other CampSpark users physically nearby. The App broadcasts a 9-byte signal containing only an opaque hash of your user ID (8 bytes) and a gender byte. No location coordinates are derived, stored, or transmitted at any point.
Firebase Cloud Messaging (FCM) token	Delivering push notifications to your device. Only the token is collected; we do not receive your contact list, device contents, or device location through FCM.
Approximate IP-derived region	Logged in AWS CloudWatch for security audit purposes only. Not used for matching or recommendations.
Device platform (Android version, model)	Compatibility and crash diagnostics
App usage events	Crash reports, error logs, anonymous diagnostics

4. Information We Do NOT Collect

CampSpark does not collect:

GPS coordinates, latitude/longitude, or any precise or approximate location based on satellite or Wi-Fi positioning
Your contacts, address book, or phone number
Microphone, camera, or photo-gallery input — the App never accesses your camera, microphone, or photo library
Browsing history outside the App
Advertising IDs, cross-app behavioural identifiers, or marketing tracking data
SMS, calendar, or any data outside the App's scope

The App does not request the Location permission on Android or iOS. The BLUETOOTH_SCAN permission on Android is declared with the neverForLocation attribute.

5. How We Use Your Information

Authentication. AWS Cognito and Google Sign-In are used to verify your identity at login.
Proximity discovery. Your BLE hash is detected by nearby phones running CampSpark. Their phones resolve the hash to your profile via an authenticated AWS AppSync GraphQL query.
Profile display.Your nickname, avatar, and bio are shown to opposite-gender users in your immediate proximity. Your bio is hidden until the other user explicitly taps “View Profile.”
Matching and messaging. When mutual interest is confirmed (one user pings, the other accepts), a conversation is created and you can send real-time chat messages.
Push notifications. Sent through Firebase Cloud Messaging when you receive a ping, when someone accepts your ping, or when you cross paths with another user.
Subscriptions. If you choose to subscribe to Gold or Platinum tier, your payment is processed by Razorpay (see Section 9). We retain your subscription status, tier, and renewal date but never receive your card number, UPI ID, or bank credentials.

6. Where We Store Your Data

All user data is stored on Amazon Web Services (AWS) infrastructure in the Asia Pacific (Mumbai) region (ap-south-1):

AWS Cognito — account credentials, encrypted at rest
AWS DynamoDB — profile, pings, conversations, messages, encrypted at rest with AWS-managed keys
AWS AppSync — real-time GraphQL API for chat and discovery

All data in transit between your device and our infrastructure is encrypted using TLS 1.2 or higher.

7. Third-Party Services

We use the following third-party processors strictly to operate the App:

Service	Operator	Purpose
AWS (Cognito, DynamoDB, AppSync, Lambda)	Amazon Web Services	Authentication, storage, real-time sync
Firebase Cloud Messaging	Google LLC	Push-notification delivery only (token-based)
Google Sign-In	Google LLC	Optional authentication method
Razorpay	Razorpay Software Pvt. Ltd. (RBI-licensed Payment Aggregator)	Subscription payment processing (India only)

We do not sell, rent, or share your personal data with advertisers or marketing platforms. No third-party analytics SDK is embedded in the App.

8. Data Retention and Deletion

Data type	Retention
BLE proximity detection records	Automatically deleted within 40 minutes via DynamoDB TTL
Crossed Path / Encounter records	Self-destruct 20 minutes after becoming visible to you
Pending pings	Auto-deleted after 30 days via DynamoDB TTL
Accepted conversations	Auto-deleted 30 days after creation (longer with active subscription)
Account data (profile, messages, all linked records)	Permanently and irreversibly deleted within seconds of you tapping Settings → Delete Account → DELETE
Webhook records, payment audit logs (subscription transactions)	Retained for 7 years to comply with Indian tax and consumer-protection law

Account Deletion

You can delete your account in two ways:

In-app:Settings → Delete Account → type “DELETE” to confirm. The deletion cascade runs immediately and removes: active Razorpay subscription (auto-cancelled), all sent and received pings, all conversations and messages (for both sides), DynamoDB user record, AWS Cognito identity, and all locally cached data on your device.
By email: Email privacy@campspark.onlinewith the subject “Delete My Account.” Provide the email address used at signup. We complete deletion within 7 calendar days and confirm by reply.

A public account-deletion request page is also available at campspark.online/delete-account.

9. Payments and Subscriptions

CampSpark offers optional subscription tiers (Gold ₹299/month, Platinum ₹499/month) processed through Razorpay, an RBI-licensed Payment Aggregator. CampSpark is an Indian developer serving Indian users with INR-denominated subscriptions in compliance with the Competition Commission of India's Order dated 25 October 2022 in Case No. 39 of 2018, which directs that Indian developers may not be restricted from using third-party billing systems for in-app purchases.

When you subscribe:

Razorpay collects and processes your payment details (UPI ID, card number, or wallet). We do not receive these.
We receive a Razorpay subscription ID, your subscription status (active / cancelled / expired), tier, and renewal date.
Subscriptions are recurring and auto-renew at the end of each billing cycle until you cancel.
You can cancel anytime from Settings → Manage Subscription. Cancellation takes effect at the end of the current billing cycle; you retain access until then.
For refunds, see Section 9.4 of our Terms of Service.

10. Your Rights

You have the right to:

Access your data through the in-app Profile and Settings screens.
Update your nickname, bio, and avatar at any time.
Delete your account permanently and irreversibly (see Section 8).
Block other users.
Report abusive content or behaviour.

For users in the European Union or the United Kingdom, you additionally have rights under GDPR / UK GDPR, including data portability, restriction of processing, and the right to lodge a complaint with a supervisory authority. To exercise these rights or request a data export, email privacy@campspark.online.

For users in India, you have the right to access, correct, or delete your data under the Digital Personal Data Protection Act, 2023.

For users in California, you have the right to know, delete, and opt-out of sale (we do not sell data) under the CCPA.

10a. Permissions and How to Revoke Them

The CampSpark mobile app requests these device permissions. Each can be revoked at any time from your device settings without losing your account:

Bluetooth — required. Used to advertise and detect a 16-character hash that lets nearby CampSpark users find you. Without this, the app cannot function.
Notifications — optional. Used to alert you to new pings and messages.
Battery optimization exemption — optional. Lets the app keep BLE detection active when your phone is idle. Revoking it disables background discovery but does not affect foreground use.

10b. Controlling Your Visibility (Privacy Mode)

You control whether and how other users can detect you through Privacy Mode, available from the Discover screen. It has two levels:

Invisible on Discover.You stop appearing as a bubble on nearby users' Discover screens. Your phone keeps broadcasting its Bluetooth hash, so you may still appear in another user's Crossed Paths or Encounter+ after the usual delay. Choose this when you want to browse quietly while still leaving a trace of having crossed paths.
Full Stealth.Your phone stops broadcasting and scanning over Bluetooth entirely. You become undetectable everywhere — Discover, Crossed Paths, and Encounter+ — and no presence signal leaves your device. This setting persists across app restarts, device reboots, and Bluetooth toggles until you turn it off.

Either level can be set for a fixed duration or kept on indefinitely, and can be switched off at any time.

11. Children's Privacy

CampSpark is strictly 18+. We do not knowingly collect data from anyone under 18. The age check is enforced at the Welcome screen via mandatory checkbox before authentication. If we discover an account belongs to a person under 18, we immediately delete it. To report a suspected underage account, email report@campspark.online.

11a. Push Notification Token Registration

When you enable notifications, your device's Firebase Cloud Messaging token is sent to our servers and stored in your user record so we can deliver pings and chat alerts. Disabling notifications, signing out, or deleting your account immediately removes this token from our servers.

12. Security

We use industry-standard practices including encryption at rest and in transit, principle-of-least-privilege IAM access controls, server-side enforcement of block-list rules, and per-user JWT-based authentication on every API call. No system is perfectly secure; we do not represent that our security measures are immune to all attacks. If you suspect your account is compromised, email support@campspark.online immediately.

13. International Data Transfer

All data is stored in AWS Asia Pacific (Mumbai), India. If you access the App from outside India, your data is transferred to and stored in India for processing.

14. Changes to This Policy

We may update this Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be notified through the App. Continued use of the App after changes constitutes acceptance.

15. Contact

Purpose	Email
Privacy and data requests	privacy@campspark.online
Reporting abuse or underage users	report@campspark.online
General support	support@campspark.online

Operator: Pyqlexity
GSTN: 07BRQPA6643B1ZY
Jurisdiction: India
Website: https://campspark.online

Version History

11 May 2026 — comprehensive rewrite for Play Store and App Store compliance
7 May 2026 — added account deletion cascade, permissions, subprocessors
18 April 2026 — initial publication