Privacy Policy

DARE is an anonymous messaging platform. This policy explains what data we collect, how we use it, and your rights.

• Account data: username, email (optional)
• Usage data: messages sent and received (content is anonymous)
• Device data: normalized hashed IP address (/24 IPv4, /64 IPv6 — operator level, never the raw IP), major OS and browser version, primary language, platform (iOS / Android / Web)
• Analytics: anonymized in-app events

• To provide and improve the service
• To prevent abuse and enforce rate limits
• We do NOT sell your data to third parties
• We do NOT use your data for advertising

Messages sent on DARE are anonymous by design. No sender identity — no name, no email, no raw IP — is stored. We compute a one-way technical fingerprint (hashed, non-reversible) from normalized signals in order to protect the recipient and the community against harassment, spam and ban evasion. Details in the « Technical fingerprint » section below.

To moderate an anonymous messaging platform, we need to recognize when the same sender returns — without ever knowing their real identity. We use two complementary fingerprints, both SHA-256 hashed (non-reversible) and stored as 16-character strings.

Network fingerprint (Tier 1)

Computed server-side from: truncated IP address (/24 IPv4 = operator level, never the individual user; /64 IPv6), major OS version (e.g. « iOS 17 », without patch detail), primary language (e.g. « en »), platform (iOS / Android / Web). Stable across patch updates and device restarts.

Device fingerprint (Tier 2)

Computed client-side (browser or mobile app) from about 6 to 9 deterministic technical signals: time zone, screen resolution, pixel ratio, color depth, maximum touch points, number of loaded fonts, CPU core count, memory (Chrome only), device model and major OS version (mobile). Detects the same device even when the carrier changes (4G ↔ Wi-Fi).

Explicitly excluded signals

• Canvas rendering, WebGL and audio fingerprinting (invasive techniques — excluded)
• Installed font list (we only count the number, never the names)
• Persistent device identifiers (iOS IDFV, ANDROID_ID, IMEI, MAC) — forbidden as potentially personal

Legal basis and purpose

Article 6(1)(f) of the GDPR — legitimate interest. Purpose strictly limited to: automated and manual moderation (detecting harassment, spam, hate speech), enforcing bans, preventing bypass via VPN or IP rotation, platform security. No advertising use, no sale, no third-party sharing.

Fingerprints are retained as long as the associated session (typically the lifetime of the linked message, i.e. 12 months — see Retention section). When an account or message is deleted, the associated fingerprint is purged in the same cycle.

• Account data: retained while your account is active
• Messages: retained for 12 months
• Deleted accounts: purged within 30 days

• Right to access your data
• Right to deletion
• Right to data portability

To exercise your rights, contact: privacy@dev.trydare.app

• Right to know what data we collect
• Right to delete your data
• Right to opt-out of sale — we do not sell data

• Session cookie: used for authentication
• Locale cookie: remembers your language preference
• No tracking cookies. No advertising cookies.

DARE is not directed to users under 13. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us at privacy@dev.trydare.app.

We will notify users of material changes to this policy via in-app notification or email.

Questions about this policy? Contact us at privacy@dev.trydare.app.