Privacy Policy

1. Who We Are

pike; is a messaging application operated from the Kingdom of Bahrain. For the purposes of the Personal Data Protection Law (Law No. 30 of 2018, "PDPL"), we are the data controller responsible for your personal data. You can reach us at support@getpike.chat.

2. What Data We Collect

2.1 Account Information

When you create an account, we collect your phone number or email address (for authentication only), your chosen display name and name colours, your user code (@handle), and your profile photo (if you upload one). Your phone number or email is used solely to send you a one-time verification code. It is never shared with other users or third parties.

2.2 Messages and Content

We store the messages you send and receive so they are available across your devices and after reinstallation. This includes text messages, photos and media you share, reactions, replies, and read receipts. When you enable disappearing messages, content is automatically deleted according to your chosen timeframe. View-once media is permanently removed after it has been opened.

2.3 Usage Data

We collect minimal technical data to keep the service running: your device type and operating system (for compatibility), your IP address (for security and abuse prevention), crash reports and error logs (only when you submit a bug report), and app version information.

2.4 Presence and Status

Your online status (Online, Away, Busy, Offline) is visible to your contacts. If you set a mood, connect a music service, or connect a gaming account, this information is displayed to your contacts according to your privacy settings. You can hide specific activity from specific contacts.

2.5 What We Do Not Collect

We do not collect your location data, your contacts or address book, your browsing history, biometric data, or any data for advertising purposes. We do not use cookies or tracking technologies for marketing.

3. Legal Basis for Processing

Under the PDPL, we process your personal data on the following legal bases:

Consent: You provide explicit consent when you create your account and agree to this policy. You may withdraw consent at any time by deleting your account.

Contract necessity: Processing is necessary to provide you with the messaging service you signed up for — delivering messages, maintaining your contact list, and syncing across devices.

Legitimate interest: We process limited technical data to prevent abuse, detect fraud, and maintain the security and stability of the service, provided this does not override your fundamental rights.

4. How We Use Your Data

We use your data exclusively to deliver and maintain the messaging service, authenticate your identity when you sign in, display your profile and status to your contacts, deliver messages and media between users, send you service notifications (like OTP codes), improve app stability through anonymised crash analytics, and respond to bug reports and support requests you submit.

We never use your data for advertising, profiling, or automated decision-making. We never sell, rent, or trade your personal data.

5. Data Sharing

We share your data only in the following limited circumstances:

With your contacts: Your display name, profile photo, mood, status, and messages are visible to people in your circle. You control who sees what through your privacy settings.

Service providers: We use Supabase (database and authentication), Twilio (SMS delivery for phone verification), and Resend (email delivery for OTP codes). These providers process data on our behalf under strict contractual obligations and do not use your data for their own purposes.

Legal requirements: We may disclose data if required by a valid court order, legal obligation, or lawful request from Bahraini authorities in accordance with the PDPL and applicable law.

6. Cross-Border Data Transfers

Your data is stored on servers operated by Supabase, which uses cloud infrastructure that may be located outside the Kingdom of Bahrain. In accordance with Article 12 of the PDPL and Ministerial Resolution No. 42 of 2022, we ensure that any cross-border transfer of personal data is made only to countries included on the approved list maintained by the Personal Data Protection Authority, or with your explicit consent as provided when you accept this policy.

We implement appropriate technical and organisational safeguards to ensure your data receives an equivalent level of protection regardless of where it is processed.

7. Data Retention

We retain your data for as long as your account is active. Messages are stored until you or the other participant clears the chat, or until disappearing message timers expire. View-once media is permanently deleted after opening. If you delete your account, all your personal data, messages, and media are permanently removed within 30 days.

8. Your Rights

Under the PDPL, you have the following rights:

Right to be informed: You have the right to know what personal data we hold about you and how we process it. This policy serves that purpose.

Right to access: You can request a copy of all personal data we hold about you by contacting support@getpike.chat.

Right to rectification: You can update your profile information at any time through the app's Settings screen.

Right to deletion: You can delete individual chats, clear your data, or delete your entire account. You can also contact us to request complete erasure.

Right to object: You can object to specific types of processing by adjusting your privacy settings (hiding activity, muting contacts, etc.).

Right to not be subject to automated decision-making: We do not make any automated decisions that produce legal or significant effects on you.

To exercise any of these rights, contact us at support@getpike.chat. We will respond within 30 days.

9. Data Security

We implement the following technical and organisational measures to protect your data: TLS 1.3 encryption for all data in transit, AES-256 encryption for data at rest, row-level security policies ensuring users can only access their own data, one active session per device with approval required for new device logins, screenshot blocking in disappearing message conversations, and regular security audits and access logging.

10. Children

pike; is not intended for children under the age of 13. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 13, we will delete it immediately. If you believe a child has provided us with personal data, please contact support@getpike.chat.

11. In-App Purchases

pike; Pro is a one-time purchase processed through Apple's App Store or Google Play. We do not process or store your payment information — it is handled entirely by Apple or Google. We only receive confirmation that a purchase was completed, which we use to activate Pro features on your account.

12. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. If we make material changes, we will notify you through the app or by email before they take effect. Your continued use of pike; after changes are posted constitutes your acceptance of the updated policy.

13. Complaints

If you believe your data has been mishandled, you have the right to file a complaint with the Personal Data Protection Authority of the Kingdom of Bahrain (pdp.gov.bh). You may also contact us directly at support@getpike.chat and we will work to resolve your concern.

14. Contact

For any questions about this policy or your personal data:

Email: support@getpike.chat
Website: getpike.chat
Governing Law: Kingdom of Bahrain