Legal

Privacy Policy

Last updated: March 11, 2026

Overview

Serendipity ("we," "our," or "us") operates the Serendipity platform available at serendipity.aureus.cx (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using our Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information you provide directly

  • Account information: name, email address, password (stored as a bcrypt hash — we never store your plaintext password), professional headline, and city.
  • Profile content: bio, profile photo, and connection mode preference.
  • Life events: places, dates, and categories you manually add to your timeline.
  • Posts: captions and photos you publish to the feed.
  • Messages: direct messages between you and your connections.

Information from data sources you connect

  • Google Maps Timeline: If you upload a JSON export, we extract place names, coordinates, and timestamps. We do not retain the raw file after processing.
  • Photo library: If you use the photo import feature, we extract only GPS coordinates and timestamps from EXIF metadata in your browser. Your actual photos are never transmitted to our servers unless you explicitly attach them to a post.

Information collected automatically

  • Log data: IP addresses, browser type, pages visited, and timestamps — retained for up to 90 days.
  • Device information: device type, operating system, and screen resolution.
  • Cookies: session cookies for authentication. We do not use third-party tracking cookies.

How We Use Your Information

We use the information we collect to:

  1. Provide and improve the Service.
  2. Compute overlap scores between users who have mutually connected.
  3. Send transactional emails (account verification, password reset).
  4. Detect and prevent fraud, abuse, or security incidents.
  5. Comply with legal obligations.

We do not sell your personal data. We do not share your information with advertising networks or data brokers.

Overlap Calculation

The core function of Serendipity is discovering shared life-path moments between users. This means:

  • Overlap detection only runs between users who have both connected with each other (mutually accepted connection or requested connection).
  • Strangers cannot discover your location history.
  • Overlap scores are computed server-side and never expose raw coordinate data to other users.

B2B API (The Serendipity Engine)

If you are a user whose data is queried via the Serendipity Engine API:

  • Only verified API clients with a valid token can make queries.
  • API clients can only retrieve data for users who have consented to API access (or who are registered Serendipity users).
  • We log all API requests with timestamps, query parameters, and the client identity.
  • You may request deletion of your data at any time (see Data Deletion below).

Data Retention

  • Active accounts: We retain your data as long as your account is active.
  • Deleted accounts: Upon account deletion, personal data is purged within 30 days. Aggregate overlap records (without personal identifiers) may be retained for statistical purposes.
  • Log data: Retained for 90 days.

Data Security

We protect your data using:

  • TLS (HTTPS) encryption in transit.
  • AES-256 encryption for sensitive tokens stored in the database.
  • Bcrypt hashing for passwords.
  • Access controls limiting database access to application processes only.

No system is 100% secure. If we discover a breach, we will notify affected users within 72 hours.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and all associated personal data.
  • Portability: Request an export of your data in machine-readable format.
  • Objection: Object to certain types of processing.

To exercise any of these rights, contact us at [email protected].

Cookies

We use only essential session cookies required for authentication. We do not use analytics cookies, advertising pixels, or any third-party tracking scripts.

Third-Party Services

We use the following third-party services, each governed by their own privacy policy:

Service Purpose
Google Maps JavaScript API Displaying maps in the application
Google Places API Normalizing location names
Amazon S3 Storing user-uploaded photos (when S3 is configured)
OpenAI Generating AI narratives for connection moments

We share only the minimum data necessary for each service to function.

Children's Privacy

Our Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If we learn we have collected data from a child under 16, we will delete it immediately.

Changes to This Policy

We may update this policy periodically. We will notify you of material changes by email or via a prominent notice in the application at least 14 days before the changes take effect.

Contact

Serendipity Inc.
Email: [email protected]

For urgent data requests, include "DATA REQUEST" in your subject line.