Privacy Policy

1. Information We Collect

When you use Metro Diaries, we collect the following information:

• Account information: Name, email address, and profile photo from your Google account when you sign in.
• Profile information: Date of birth, gender, career title, bio, about me, up to 5 gallery photos, phone number, and social handles (Instagram, Twitter) that you voluntarily provide. Your name, date of birth, and gender are locked after your initial onboarding and cannot be changed without contacting support.
• Verification data: If you choose to verify your identity, we process your Aadhaar number via a manual admin review. Your Aadhaar number is shared with our admin team by email for verification purposes and is not stored in our database after review — only your verification status is retained.
• Profile photo processing: When you upload a profile photo, we run on-device face detection (using browser APIs) to check that it contains a clear face. This processing happens entirely on your device — no biometric data is sent to our servers. We store only a boolean flag indicating whether a face was detected.
• Trip information: Route details (start and end stations), travel date and time, repeat schedule, and visibility preferences you set when posting a trip.
• Messages: Chat messages exchanged with other users, including message reactions, replies, and read receipts. Direct messages are between accepted connections. Trip chats are available for 2 hours after the scheduled trip time.
• Push notifications: If you opt in to browser push notifications, we store your notification subscription endpoint, encryption keys, and basic device information to deliver notifications.
• Presence data: We track when you were last active on the platform to display online status to your connections.
• Contact form submissions: If you contact us through our contact form, we store your name, email, message category, and message content.
• Local storage: We store some data locally on your device (not on our servers), including saved metro routes, notification preferences, and temporary chat data. This data never leaves your browser.
• Analytics: We use Ahrefs Analytics to collect anonymized usage data such as pages visited and general interaction patterns to understand how the service is used and improve it.

2. How We Use Your Information

• To provide and maintain the Metro Diaries service
• To match you with co-travelers on similar routes
• To verify user identities and display verified badges
• To enable in-app messaging between users
• To improve our service and develop new features
• To communicate important updates about the service
• To detect and prevent fraud, abuse, and safety issues

3. Information Sharing

We do not sell your personal information. We share data only in these cases:

• With other users: Your public profile, trip posts, and messages are visible to users you interact with, based on your privacy settings.
• Service providers: We use the following third-party services to operate Metro Diaries:
  • Supabase — authentication, database, and file storage
  • Google — sign-in via Google OAuth
  • Resend — transactional email delivery (receives your name and email address to send notifications)
  • Render — hosts our real-time messaging server that processes chat messages
  • Ahrefs — anonymized website analytics
• Legal requirements: When required by law, regulation, or legal process.

4. Your Privacy Controls

You have control over your data:

• Choose who can see your trip posts (everyone or connections only)
• Toggle phone number visibility on your profile
• Enable or disable browser push notifications
• Report other users for safety or policy violations
• Request deletion of your account and associated data by contacting us at support@metrodiaries.in

5. Communications

Email: We send transactional emails via Resend for the following purposes:

• Trip join requests from other users on your trips
• New trips posted by your accepted connections
• Connection request and acceptance notifications
• Identity verification status updates
• Responses to your contact form submissions

We do not send marketing emails. Transactional emails are a core part of the service and cannot be individually opted out.

Push notifications: You may optionally enable browser push notifications to receive alerts about new messages, connection requests, and trip updates. You can disable push notifications at any time from your browser settings. When enabled, your push subscription data is stored on our servers; disabling removes it.

6. Data Security

We use industry-standard security measures to protect your data, including encryption in transit (HTTPS), encryption at rest, and database-level Row Level Security policies that ensure users can only access data they are authorized to see. All data is stored on secure Supabase infrastructure with rate limiting applied to sensitive endpoints. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where we are legally required to retain it.

8. Children's Privacy

Metro Diaries is not intended for users under the age of 18. We do not knowingly collect information from children under 18.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes through the app or via email.

10. Contact Us

If you have questions about this Privacy Policy or your data, contact us at support@metrodiaries.in or through our contact form.