Connexa
AboutHow It WorksPricingLog InSign Up

Privacy Policy

Last updated: 20 March 2026

1. Who we are

Connexa (referred to in this Policy as "we", "us" and "our") are committed to protecting the privacy of our users and customers. This privacy policy ("Privacy Policy") is intended to inform you on how we gather, define, and utilise your Information (as defined below).

It applies to Information collected by us or provided by you over our Website (including the mobile optimised version of the website accessible from your portable hand-held device) or in any other way (such as over the telephone, email, or WhatsApp). It is also intended to assist you in making informed decisions when using our Website and our services.

All your personal Information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data. If you want to know what information we collect and hold about you, or to exercise any of your rights as set out in section 7 below, please contact us using the details in section 15.

As the controllers, we will treat your personal information as confidential and in accordance with applicable data protection legislation.

It is important that you read this Privacy Policy with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

2. What this policy covers

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, and your rights.

3. Personal data we collect

Depending on how you use the Platform, we may collect:

  • name or display name;
  • email address (if you sign in with Apple and choose to hide your email, we receive a private relay address provided by Apple);
  • telephone number;
  • WhatsApp number;
  • Instagram handle or other contact details (including other social media handles);
  • account login information;
  • profile and listing information;
  • photographs and uploaded content;
  • request history and acceptance/rejection history;
  • payment-related metadata and transaction records;
  • communications with support or reports made by or about you;
  • moderation, fraud-prevention, and safety records;
  • device, browser, log, and IP address information;
  • cookie and similar technology data.

We do not intentionally collect personal data from children under 18 through the Platform.

4. How we collect personal data

We collect personal data:

  • directly from you when you create an account, create a listing, submit a request, upload content, or contact us;
  • from third-party authentication providers (Google, Apple) when you choose to sign in using their services, including your name and email address;
  • automatically through cookies, logs, and similar technologies;
  • from payment providers, analytics providers, moderators, or anti-fraud tools;
  • from reports made by other users.

5. Why we use your personal data

We may use personal data to:

  • create and manage accounts;
  • create, publish, moderate, and remove listings;
  • process request submissions and approvals/rejections;
  • disclose contact details where a request is accepted and the relevant flow allows that disclosure;
  • process payments and credits;
  • provide customer support;
  • detect and prevent fraud, abuse, suspicious activity, and prohibited use;
  • enforce our Terms and policies;
  • keep records for disputes, complaints, chargebacks, moderation, and legal compliance;
  • improve and secure the Platform;
  • measure site usage and performance;
  • send service-related communications;
  • send marketing where permitted by law and, where required, with consent.

6. Lawful bases

We rely on one or more of the following lawful bases under UK data protection law:

Contract

We process personal data where necessary to provide the Platform and perform our contract with you, including:

  • creating your account;
  • enabling listings and requests;
  • processing payments and credits;
  • revealing contact details when a request is accepted in line with the selected flow.

Legitimate interests

We process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights. This may include:

  • fraud prevention and account security;
  • moderation and enforcement of our rules;
  • preventing prohibited or unlawful use;
  • platform analytics and service improvement;
  • keeping records of disputes, complaints, and enforcement actions.

Legal obligation

We may process or retain personal data where necessary to comply with legal obligations, court orders, law-enforcement requests, tax/accounting requirements, or regulatory duties.

Consent

Where required, we rely on consent for certain cookie, tracking, or marketing activities. You can withdraw consent at any time where consent is the basis used.

7. Disclosure of contact details

A core feature of the Platform is the disclosure of contact details following an accepted request.

If a request is accepted, we may disclose:

  • the requester's provided contact details to the listed person; and/or
  • the listed person's selected contact details to the requester,

in accordance with the selected request flow, the account settings involved, and our Terms.

This disclosure is part of the service you request or approve.

8. Who we share your data with

We may share personal data with the following categories of recipients:

  • Payment processing: Stripe (processes payments securely; we do not store your full card details);
  • Authentication: Google and Apple (when you choose to sign in via these providers, authentication data is exchanged to verify your identity; subject to their respective privacy policies);
  • Hosting and infrastructure: Vercel (website hosting and analytics), Supabase (database, authentication, and file storage), Upstash (rate limiting and abuse prevention);
  • Email and SMS: Resend (transactional emails such as connection notifications and account updates), Twilio (SMS verification and notifications);
  • moderation, fraud prevention, and security providers;
  • professional advisers;
  • courts, regulators, law enforcement, or other authorities where required or appropriate.

Each provider acts as a data processor under a Data Processing Agreement (or equivalent contractual terms) and may only process your data on our instructions for the purposes described above.

We do not sell your personal data as the term "sell" is commonly understood in UK privacy law.

9. International transfers

Some of our providers may process personal data outside the UK. Where we transfer personal data internationally, we will use appropriate safeguards where required by law.

10. Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, including for legal, accounting, fraud-prevention, dispute-resolution, moderation, and enforcement reasons.

Specific retention periods:

  • Account and profile data: retained while your account is active. Upon account deletion, your data is permanently removed after a 7-day grace period during which you may cancel the deletion.
  • Payment and transaction records: retained for 6 years after the transaction date, as required by UK tax and accounting law (HMRC requirements).
  • Connection request records: retained while both accounts are active. When either account is deleted, sent messages are anonymised (personal identifiers removed) and retained for fraud-prevention and dispute handling for up to 12 months.
  • Photos: deleted from storage when removed by you or when your account is deleted.
  • Reports and moderation evidence: retained for up to 3 years for safety, compliance, and enforcement purposes, or longer where required by law.
  • Server logs and IP addresses: retained for up to 90 days for security and debugging purposes.

Where possible, we anonymise data so it can no longer be associated with you rather than deleting it outright, particularly where we need to retain records for legal or safety reasons.

11. Your rights

Depending on applicable law, you may have the right to:

  • Access: request a copy of the personal data we hold about you. You can download your data at any time from your account settings using the "Download my data" feature, which provides a machine-readable JSON export;
  • Rectification: request correction of inaccurate or incomplete data. You can update most of your information directly from your profile and settings pages;
  • Erasure: request deletion of your data. You can schedule account deletion from your account settings, which takes effect after a 7-day grace period;
  • Objection: object to certain processing based on legitimate interests;
  • Restriction: request restriction of processing in certain circumstances;
  • Portability: receive the personal data you provided to us in a structured, commonly used, machine-readable format (JSON) via the download feature in your settings;
  • Withdraw consent: where consent is the legal basis, you can withdraw it at any time;
  • Complain: lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

You can exercise most of these rights directly through your account. For any requests you cannot complete yourself, contact us at the details in section 15 and we will respond within 30 days.

12. Security

We use appropriate technical and organisational measures intended to help protect personal data, including encrypted connections (TLS/HTTPS), secure authentication, role-based access controls, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.

13. Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR.

Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, informing you of the nature of the breach, the likely consequences, and the measures we have taken or propose to take to address it.

14. Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Notice. Where required by law, we ask for your consent before using non-essential cookies or similar technologies.

15. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be posted on the Platform.

16. Contact

Privacy questions or requests: hello@yourconnexa.com

We aim to respond to all data protection requests within 30 days.

Connexa

Meet interesting people near you.

Discover

  • About
  • Blog
  • How It Works
  • Sparks & Pricing
  • FAQ

Support

  • Contact Us
  • Safety / Report
  • Community Rules

Legal

  • Terms
  • Privacy Policy
  • Cookie Notice
  • Refund & Credits

© 2026 Connexa. All rights reserved.

hello@yourconnexa.com