Privacy Policy

Last updated: 14 April 2026 · Version 1.0

This Privacy Policy explains how not all women ("the app", "we", "us") collects, uses, and protects your personal data when you use our mobile application. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).

1. Who we are

The app is operated by:
Achintya Rawal
Quartiersweg 6, 10829 Berlin.
Contact: support@notallwomen.com

For GDPR purposes, Achintya Rawal is the data controller.

2. What data we collect

Account data: your name, email address, and profile information you provide (headline, industry, location, work experience, education, availability status).
Profile media: profile photo and banner image you upload.
Content: posts, comments, forum threads, and messages you write within the app.
Connections: who you follow, which spaces you join, invite codes you generate or redeem.
Usage data: in-app analytics events (e.g. screens viewed, features used). We never log message content or search text in analytics.
Device data: FCM device token for push notifications (if you grant permission).
Safety data: reports and blocks you submit or receive.

3. Legal basis for processing

Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the app service (account, messaging, feed).
Legitimate interests (Art. 6(1)(f) GDPR): analytics to improve the product, safety measures to protect members.
Consent (Art. 6(1)(a) GDPR): push notifications (you can withdraw at any time via device settings).
Legal obligation (Art. 6(1)(c) GDPR): compliance with applicable law.

4. Women-only access

This app is exclusively for women. We collect and process gender-related information solely for the purpose of maintaining the women-only nature of the community. This processing is justified under Art. 9(2)(d) GDPR (legitimate activities of a not-for-profit body with a political, philosophical, religious or trade union aim) and the EU Equal Treatment Directive 2004/113/EC, which permits sex-specific services where the aim is to advance equality.

5. How we use your data

To provide, operate, and improve the app
To connect you with other members via the invite and vouching system
To send in-app and push notifications about activity relevant to you
To enforce community safety (reports, blocks, moderation)
To analyse usage patterns and improve features (anonymised analytics)
To comply with legal obligations

6. Data sharing

We do not sell your data. We share data only with the following service providers, all acting as data processors under GDPR-compliant agreements:

Supabase (EU Ireland) — database and authentication hosting
Google Firebase — analytics and push notifications. Firebase is a Google service; Google's privacy policy applies to data processed by Firebase. We only send anonymised event data (no names, message content, or search text).
PostHog (EU region) — product analytics

7. Data retention

We retain your data for as long as your account is active. If you delete your account, your data is permanently deleted immediately. Content you posted (posts, comments) is deleted along with your account. Anonymised analytics data may be retained for up to 2 years.

8. Your rights under GDPR

Right of access (Art. 15): request a copy of your data via Settings → Privacy → Export my data.
Right to erasure (Art. 17): delete your account and all associated data via Settings → Privacy → Delete account. Deletion is immediate and permanent.
Right to rectification (Art. 16): edit your profile at any time via the Edit Profile screen.
Right to portability (Art. 20): data export available via Settings → Privacy → Export my data.
Right to object (Art. 21): contact us to object to any processing.
Right to withdraw consent: disable push notifications at any time via device Settings → Apps → not all women → Notifications.

To exercise any right, contact us via the app or at the address above. We will respond within 30 days.

9. Security

All data is transmitted over HTTPS (TLS encryption). Data is stored on Supabase servers in the EU (Ireland). Row-level security policies ensure users can only access data they are authorised to see. We do not store passwords — authentication is handled via Google Sign-In or Apple Sign-In (OAuth 2.0).

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay.

10. Children

This app is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it immediately.

11. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via in-app notification. The "Last updated" date at the top of this page reflects the current version. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact and complaints

For privacy questions, contact us via the app or at support@notallwomen.com. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Germany, the relevant authority is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).