Last updated: May 23, 2026
Effective date: May 23, 2026
This Privacy Policy describes how Circl ("Circl", "we", "us", "our") collects, uses, shares and protects your personal data when you use our mobile application, website (app-circl.com) and related services (collectively, the "Service"). This Policy is designed to comply with the EU General Data Protection Regulation (Regulation 2016/679 — "GDPR"), the California Consumer Privacy Act and California Privacy Rights Act ("CCPA/CPRA"), the French Data Protection Act (Loi Informatique et Libertés) and other applicable laws.
The data controller responsible for the processing of your personal data is:
Circl
Postal address: Paris, France
Email: privacy@app-circl.com
For all questions regarding your personal data and the exercise of your rights, you may contact our Data Protection point of contact at privacy@app-circl.com.
We collect the following categories of personal data:
Circl is built for and by the global Afro community. By voluntarily creating a profile and sharing content on Circl, you may reveal information that could be considered "sensitive data" or "special category data" under the GDPR (Article 9), such as your racial or ethnic origin, religious beliefs, political opinions or sexual orientation.
Circl processes such data only on the basis of your explicit consent (GDPR Article 9(2)(a)), given through your free decision to share this information publicly or with selected users on the Platform. You may withdraw this consent at any time by editing or deleting the relevant content, or by deleting your account.
We apply enhanced security measures to sensitive data and never share or sell such data to third parties.
We process your personal data for the following purposes, each justified by a specific legal basis under the GDPR:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Creating and managing your account; providing the core Service (connecting users, messaging, content sharing) | Performance of a contract (Art. 6(1)(b)) |
| Sending service-related communications, transactional emails, account notifications | Performance of a contract (Art. 6(1)(b)) |
| Personalizing content recommendations and discovery | Legitimate interest (Art. 6(1)(f)) — providing relevant experience |
| Sending marketing communications, newsletters, promotional offers | Consent (Art. 6(1)(a)) — you can withdraw at any time |
| Analyzing usage to improve the Service (analytics) | Consent for non-essential cookies (Art. 6(1)(a)); legitimate interest for essential analytics (Art. 6(1)(f)) |
| Ensuring safety, preventing fraud, scams, harassment, CSAE | Legal obligation (Art. 6(1)(c)); legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations, responding to lawful requests from authorities | Legal obligation (Art. 6(1)(c)) |
| Reporting CSAE/CSAM content to NCMEC and law enforcement | Legal obligation (Art. 6(1)(c)); vital interests (Art. 6(1)(d)) |
| Processing data revealing racial or ethnic origin (community profile) | Explicit consent (Art. 9(2)(a)) |
Circl uses recommendation and discovery algorithms to suggest content, profiles and communities you may find relevant. This involves limited profiling based on your activity, declared interests and interactions with other users.
These algorithmic suggestions do not produce legal effects on you or significantly affect you in a similar way. You retain full control over which content you consume and which connections you accept. You may also adjust your discovery preferences in the app settings.
If you wish to object to profiling-based recommendations, you may do so by contacting privacy@app-circl.com.
We do not sell your personal data. We share data only in the limited circumstances described below.
Information visible to other users on Circl includes your username, profile photo, biography, posts, public stories and other content you choose to share publicly or with selected users. Your privacy settings control this visibility.
We use trusted third-party service providers ("data processors") to operate the Service. These providers process your data on our instructions, under contractual obligations consistent with GDPR Article 28:
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, storage, backend infrastructure | United States / EU |
| Google Cloud Platform | Cloud services, infrastructure | United States / EU |
| Google Analytics (Google LLC) | Website analytics | United States |
| Apple App Store / Google Play Store | App distribution, payment processing, subscription billing | United States / Global |
| Email service providers (e.g. transactional email) | Sending account notifications and support communications | EU / United States |
We may update this list as our infrastructure evolves. The current list is maintained on this page.
We may disclose personal data when required by law, court order or other legal process, including in response to lawful requests from public authorities for national security or law enforcement purposes. In matters involving child safety, we proactively report to the National Center for Missing & Exploited Children (NCMEC) as required by US federal law (18 U.S.C. § 2258A) and to relevant national authorities.
In the event of a merger, acquisition, reorganization, sale of assets or bankruptcy, your personal data may be transferred to a successor entity, subject to equivalent protections.
Circl is based in France (European Union) and operates a global Service. As a result, your personal data may be transferred to, stored or processed in countries outside the European Economic Area (EEA), including the United States, where our cloud providers (AWS, Google Cloud) operate data centers.
When we transfer data outside the EEA, we ensure an adequate level of protection through one or more of the following mechanisms:
You may request a copy of the safeguards in place for international transfers by contacting privacy@app-circl.com.
We retain your personal data only for as long as necessary for the purposes described in this Policy and to comply with our legal obligations. Specific retention periods include:
| Type of data | Retention period |
|---|---|
| Active account data (profile, content, messages) | For the duration of your account |
| Data after account deletion (general) | Deleted within 30 days of deletion request, except where law requires longer retention |
| Server backups | Up to 90 days after deletion |
| Account billing records and transactions | 10 years (French Commercial Code obligation) |
| Moderation logs, IP addresses for security incidents | 1 year, extended if a legal investigation is ongoing |
| Data related to banned accounts (terms violations) | Up to 3 years for fraud prevention and to prevent re-registration |
| CSAE/CSAM-related evidence | As required by law, indefinitely if required for investigation |
| Analytics data (anonymized or pseudonymized) | Up to 26 months (Google Analytics default) |
| Marketing consent records | 3 years after last interaction |
If you are located in the European Union, the European Economic Area or the United Kingdom, you have the following rights under the GDPR:
To exercise these rights, contact us at privacy@app-circl.com. We will respond within 30 days of receiving your request (extendable to 60 days for complex requests, with notice). We may need to verify your identity before processing your request.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
Circl does not sell personal information in the conventional sense and does not engage in "sharing" for cross-context behavioral advertising as defined under the CPRA. We do not require a "Do Not Sell" link because the underlying activity does not occur. However, you may still exercise your CCPA/CPRA rights at any time by contacting privacy@app-circl.com.
Send a request to privacy@app-circl.com with the subject line "California Privacy Request" and indicate your name, residency, the right you wish to exercise, and any supporting information. We will respond within 45 days (extendable by 45 additional days with notice).
Circl uses cookies and similar technologies on the website to provide and improve the Service. The categories of cookies we use are:
| Category | Purpose | Examples | Consent required? |
|---|---|---|---|
| Strictly necessary | Essential for site operation, security, session management | Authentication, CSRF protection | No |
| Analytics | Understand how visitors use the site to improve performance | Google Analytics (_ga, _gid) | Yes |
| Functional | Remember preferences (language, region) | Language preference cookie | Yes (in EU) |
| Marketing / Advertising | Currently not used by Circl | — | Yes (if implemented) |
For EU and UK visitors, non-essential cookies (analytics, functional, marketing) are loaded only after you give explicit consent through our cookie banner, in accordance with the ePrivacy Directive and CNIL guidelines.
You can manage your cookie preferences at any time by clearing your browser cookies, adjusting your browser settings or contacting us. Disabling cookies may affect the functionality of the Service.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure or destruction, including:
No security measure is perfect. In the event of a data breach affecting your personal data, we will notify the relevant supervisory authority (CNIL) within 72 hours where required, and notify affected users without undue delay if there is a high risk to your rights and freedoms, in accordance with GDPR Articles 33 and 34.
Circl is strictly limited to users aged 18 years and older. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a minor, we will promptly delete it.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at childsafety@app-circl.com. See also our Child Safety Standards Policy.
Information you share on your profile, including posts, stories, photos, comments and bio, may be visible to other users depending on your privacy settings, the audience you select, and your interactions with communities.
Once you make content public, other users may share, screenshot or save it outside Circl. We cannot control such uses, and we encourage you to share thoughtfully.
The Service may contain links to third-party websites, apps or services. We are not responsible for the privacy practices of those third parties. We recommend reviewing their privacy policies before sharing your data with them.
We may update this Privacy Policy from time to time to reflect changes in our practices, in the Service or in applicable laws. When we make material changes, we will notify you through the application, by email, or by other reasonable means, at least 30 days before the changes take effect (or as soon as practicable for changes required by law or for security reasons).
The "Last updated" date at the top of this Policy indicates when it was most recently revised. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.
This Privacy Policy is part of our broader user agreement. Please also review:
For any question regarding this Privacy Policy or the exercise of your rights:
Circl – Data Protection Contact
Email: privacy@app-circl.com
General inquiries: contact@app-circl.com
Postal address: Circl, Paris, France
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In France, the competent authority is the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr.
This Privacy Policy is intended to provide transparency about Circl's data practices and to ensure compliance with applicable data protection laws. It does not constitute legal advice. We recommend reviewing this Policy with a qualified data protection counsel familiar with GDPR, CCPA/CPRA and applicable international frameworks prior to public release.