DURUHA PRIVACY POLICY Effective Date: May 19, 2026 Last Updated: May 19, 2026 This Privacy Policy explains what information Duruha collects from you when you use the Duruha mobile application ("App"), why we collect it, how we use and protect it, and what choices you have. By creating an account or using the App, you agree to the collection and use of information described in this policy. -------------------------------------------------------------------------------- 1. Information We Collect -------------------------------------------------------------------------------- 1.1 Information You Provide Directly When you create an account or use the App, we may collect: - Account information: Email address, password (stored as a hashed credential, never in plain text), and display name. - Profile information: Date of birth, persona labels, bio, and profile photo. - Location information: If you choose to provide it during onboarding, we collect your device's GPS coordinates to place you within our geographic community hierarchy. This is optional. See Section 5 for details. - User-generated content: Posts (text, images, video, audio), comments, reactions, votes, agenda items, and other content you create or share on the platform. - Feed preferences and muted topics: Your algorithm configuration choices, muted geographic areas, and muted communities. 1.2 Verification and Persona Information If you apply for a Verified Persona badge, we collect: - Government-issued identity document (unredacted): A photo or scan of a valid government ID (passport, driver's license, or national ID). Used only for internal identity verification by authorized Duruha compliance staff. Permanently deleted from our systems immediately upon verification approval or rejection. Never retained after your application is resolved. - Redacted verification document (public copy): A copy of the same credential with sensitive identifiers blurred or masked by you. Displayed on your public profile as evidence of your verified status. You may request its deletion at any time, which will remove your Verified Persona badge. - Persona credentials and links: Professional registry links, portfolio URLs, credential references, or travel records submitted to support a persona claim. These may be visible to other community members. We do not grant verification based on self-attestation alone. All personas require objective, verifiable, matching proof. 1.3 Automatically Collected Information The App does not integrate third-party analytics or crash reporting services. We do not collect device identifiers or advertising IDs. The only automatically collected information is: - App activity signals: Interactions such as votes, saves, shares, and views, used solely to calculate credibility and reputation signals within the platform. - Session authentication tokens: Managed securely by our backend authentication service. -------------------------------------------------------------------------------- 2. How We Use Your Information -------------------------------------------------------------------------------- We use the information we collect to: - Create and manage your account and verified persona - Authenticate your identity and secure your session - Populate and personalize your geographic and interest-based feeds - Display community and content relevant to your location or persona - Calculate and display credibility and reputation signals - Enable encrypted private messaging between users - Review and process verification applications - Enforce community safety, investigate reports, and take moderation action - Detect and prevent fraud, spam, impersonation, and misuse - Respond to support requests - Comply with applicable laws and legal obligations We do NOT use your information for targeted advertising. We do NOT use your information to build advertising profiles. We do NOT sell, rent, trade, lease, or license your personal data to any third party. -------------------------------------------------------------------------------- 3. Verification Documents and Proof -------------------------------------------------------------------------------- Unredacted Internal Copy: When you submit a verification application, we temporarily receive an unredacted copy of your government ID and supporting credentials. This copy is stored securely and encrypted during the review window. Access is restricted to a small number of authorized compliance staff under strict confidentiality obligations. This copy is permanently and securely deleted from all systems immediately upon the approval or rejection of your verification application. It is not retained for any other purpose. Redacted Public Copy: The redacted copy you submit is displayed on your public profile so other community members can independently assess your verified credentials. You are responsible for ensuring all sensitive personal identifiers are permanently blurred before submission. This includes: - National ID numbers, passport numbers, SSS/TIN/UMID numbers - Dates of birth - Home addresses, personal phone numbers, personal email addresses - Financial details, signatures, barcode and MRZ zones - For Travellers: visa serial numbers, PNR booking codes, barcode zones Duruha is not liable for any harm resulting from insufficient redaction. You may request deletion of your public copy at any time. Deletion will be completed within 30 days and will result in the suspension of your Verified Persona badge. To regain verification, you must submit a new application. Verification does not constitute endorsement. A verified badge means only that the submitted evidence was reviewed and matched the stated persona at the time of approval. It does not guarantee the accuracy of any future statements, advice, or opinions the user may post. -------------------------------------------------------------------------------- 4. Location Data -------------------------------------------------------------------------------- What we collect: If you choose to provide location during onboarding, we collect your device's GPS coordinates using your device's location services. Why: Location is used to place you within our geographic community hierarchy (barangay, city, province, region, country) and to show you geographically relevant content, communities, and posts. Precise location is required for barangay-level community matching. Background location: We do NOT request or use background location. Location is captured only during the one-time onboarding step, with your explicit permission. Public visibility: Your raw GPS coordinates are not displayed to other users. Community-level placement (e.g., city or barangay association) may be visible through your profile or content. Control: Location permission is optional at onboarding. You may deny location access and enter your location manually. You may update or remove your location in profile settings at any time. You can also revoke location permission through your device settings. -------------------------------------------------------------------------------- 5. User-Generated Content -------------------------------------------------------------------------------- Content you post on Duruha — including text posts, images, videos, audio recordings, comments, and linked credentials — may be visible to other users of the platform depending on the community context in which it is shared. You should not post sensitive personal information (government ID numbers, financial information, home addresses, phone numbers) in publicly visible posts or comments. You can delete your own posts and comments at any time through the in-app controls. If you believe content violates our Community Guidelines, you can report it through the in-app reporting tool. -------------------------------------------------------------------------------- 6. Encrypted Private Messaging -------------------------------------------------------------------------------- Private messages on Duruha are encrypted end-to-end using the Signal Protocol (X3DH key agreement and Double Ratchet algorithm). How it works: - Message content is encrypted on your device before transmission. - Only the intended recipient can decrypt and read messages. - Duruha's servers store only encrypted ciphertext — we cannot read your messages. - Your encryption keys are stored only on your device and are never transmitted to our servers. - A PIN-protected encrypted key backup allows you to recover your keys if you reinstall the app. This backup is only decryptable with your PIN. What is stored on our servers: - Chat room metadata: room type and timestamps. No message content. - Participant lists: which accounts are members of a chat. No content. - Message metadata: sender, timestamps, and read receipts. No plaintext. - Encrypted message content: ciphertext only. We cannot decrypt this. - Public encryption keys: used to establish secure sessions between users. One-time keys are deleted immediately after use. - Invite tokens: stored in hashed form only. Raw tokens are never saved. - Your encrypted key backup: protected by your PIN, never readable by us. Message expiry: Messages are ephemeral by design. Two expiry mechanisms exist: - Burn-after-read: If a chat is configured as burn-after-read, a message is permanently deleted the moment the recipient reads it. No copy is retained on our servers after that point. - Time-based expiry: Messages may also carry a time-to-live (TTL) that begins counting from when the message is first read. Once the TTL elapses, the message is permanently deleted. When all messages in a chat session have been deleted, the session itself is automatically closed and its associated data removed. Anonymity in chats: If you send a message while in stealth mode, your identity is masked for other participants. This is recorded at the time you send the message and cannot be changed retroactively. If you later disable stealth mode, messages you sent anonymously remain masked (subject to your anonymity persistence settings). Chat export: You may export a copy of your chat history as a PDF using the in-app export feature. Exports are generated entirely on your device and shared via your device's share sheet. No data is uploaded to Duruha servers during export. -------------------------------------------------------------------------------- 7. Sharing of Information -------------------------------------------------------------------------------- We do not sell your personal data. We share information only in the following limited circumstances: - Service providers: We use Supabase as our backend infrastructure provider (database, authentication, and file storage). Supabase processes data on our behalf under contractual data processing terms. See supabase.com/privacy. - Font delivery: The App uses Google Fonts, which may result in font file requests being sent to Google's servers. No personal data is transmitted in these requests. - Community visibility: Certain profile information, verified persona credentials (public copy), posts, and content you create are visible to other authenticated users of the platform. This is core platform functionality. - Legal obligations: We may disclose information if required by law, court order, or government authority, or to protect the rights, safety, or property of Duruha, our users, or the public. - Business transfers: If Duruha is involved in a merger, acquisition, or sale of assets, we will notify users before personal data is transferred and becomes subject to a different privacy policy. We do not share your personal data with advertisers, data brokers, or any third party for marketing purposes. -------------------------------------------------------------------------------- 8. Data Retention -------------------------------------------------------------------------------- Data Category | Retention Period ----------------------------------|-------------------------------------------- Account data (email, profile) | Until account deletion Verification copy (unredacted) | Deleted immediately upon approval/rejection Verification copy (public) | Until user requests deletion or account | deletion (completed within 30 days) User posts and media | Until deleted by user or account deletion Comments | Until deleted by user or account deletion Private message ciphertext | Ephemeral — deleted automatically after | session expiry or chat end Reputation and credibility data | Until account deletion Content reports | Retained for moderation record-keeping Authentication tokens | Session-scoped Encrypted key backup | Until account deletion or user rotation -------------------------------------------------------------------------------- 9. User Rights and Controls -------------------------------------------------------------------------------- You have the following rights regarding your data: - Access: View your profile, posts, and settings within the App. - Correction: Update your profile information at any time in settings. - Deletion: Delete your account through the in-app account deletion flow (Profile → Profile Settings → Delete / Backup Account). This permanently deletes your profile, roles, posts, and all associated data. - Post and comment deletion: Delete your own posts and comments at any time using the in-app controls. - Verification proof deletion: Request deletion of your public verification copy through the App or by contacting us. Completed within 30 days. - Location control: Location permission can be denied at onboarding or revoked at any time through your device settings. - Feed control: Mute geographic areas and communities through feed algorithm settings. - Block users: Block individual users through the in-app blocking feature. - Withdraw consent: Where processing is based on consent, you may withdraw it at any time. To exercise any of these rights, use the in-app controls or contact us at the address in Section 13. -------------------------------------------------------------------------------- 10. Security -------------------------------------------------------------------------------- We implement the following safeguards to protect your data: - TLS/HTTPS encryption for all data in transit - AES-256 encryption for data at rest on backend servers - Secure local key storage using Android Keystore - Signal Protocol end-to-end encryption for private messages - PIN-protected encrypted key backup (Argon2id + AES-GCM) - Strict access controls for unredacted verification documents - Automatic permanent deletion of unredacted identity documents after verification is resolved - Device backup exclusion for encryption session data No system is completely secure. If you believe your data has been compromised, contact us immediately using the details in Section 13. -------------------------------------------------------------------------------- 11. Children and Minors -------------------------------------------------------------------------------- Duruha is intended for users aged 18 and above. We collect government-issued identity documents as part of the verification process, which makes the platform unsuitable for minors. We do not knowingly collect personal information from users under 18. If we become aware that a user is under 18, we will suspend the account and delete associated data promptly. -------------------------------------------------------------------------------- 12. Philippines Context -------------------------------------------------------------------------------- Duruha is developed and operated in the Philippines. By using the App, you understand that your data may be processed and stored on servers operated by our infrastructure provider (Supabase), which may be located outside the Philippines. Filipino users have rights under the Data Privacy Act of 2012 (Republic Act No. 10173) and may contact the National Privacy Commission (privacy.gov.ph) for concerns not resolved by Duruha. At launch, Duruha is available to users in the Philippines. -------------------------------------------------------------------------------- 13. Contact -------------------------------------------------------------------------------- If you have questions about this Privacy Policy, want to exercise your rights, or need to report a privacy concern: Trust and Safety: trust@duruha.social ================================================================================ COMMUNITY GUIDELINES ================================================================================ Duruha is built on trust. These guidelines define the conduct expected of every user on the platform. 1. Be honest about who you are. Do not create fake profiles, impersonate other people, or submit false, forged, or altered verification documents. Misrepresentation of identity or credentials is grounds for permanent removal. 2. No harassment or hate speech. Do not target, threaten, or demean individuals or groups based on race, ethnicity, religion, gender, sexual orientation, disability, nationality, or any other characteristic. Repeated hostile contact with any user is prohibited. 3. No misinformation. Do not deliberately post false information, fabricated news, or misleading content — especially within your claimed area of expertise. Verified personas carry additional responsibility for accuracy. 4. No spam or manipulation. Do not use automated means, fake accounts, or coordinated behavior to artificially inflate votes, reputation scores, or content visibility. 5. No doxxing. Do not publish or solicit another person's private information — home address, phone number, government ID, financial information, or location — without their explicit consent. 6. No scams or fraudulent conduct. Do not use the platform to conduct fraud, phishing, deceptive solicitations, or any scheme that harms other users. 7. No illegal content. Do not post, share, or facilitate content that is illegal under Philippine law or the laws of your jurisdiction, including content that violates intellectual property rights. 8. No sexual exploitation. Do not post sexually explicit content involving minors. This is cause for immediate permanent ban and will be reported to relevant authorities. 9. No threats or incitement to violence. Do not make threats against individuals or groups or post content that incites others to commit violence or illegal acts. 10. Respect verification integrity. Do not attempt to bypass, undermine, or fraudulently obtain verified status. False verification undermines the platform's core trust system and will result in permanent account termination. Enforcement: Violations may result in content removal, temporary suspension, or permanent account termination, at Duruha's sole discretion. Severe violations may be referred to law enforcement. Report violations through the in-app reporting tool or at trust@duruha.social. ================================================================================ VERIFICATION AND PERMISSIONS POLICY ================================================================================ -------------------------------------------------------------------------------- 1. Verified Personas -------------------------------------------------------------------------------- Duruha recognizes specific academic, technical, medical, and lifestyle personas, including but not limited to: - Medical Technologists, Doctors, and Healthcare Practitioners - Research Scientists, Academics, and Doctoral Candidates - Certified Technical Specialists, Engineers, and Legal Professionals - Verified Travellers, Travel Bloggers, and Digital Nomads - Any other platform-approved specialist classification -------------------------------------------------------------------------------- 2. Submission Standards -------------------------------------------------------------------------------- To earn a Verified Persona badge, users must: - Submit an authentic, non-expired Government ID. - Submit matching, valid credentials or verification sources matching the name on their ID. This is a universal requirement for all personas. For Professionals: Matching registry listings, valid state or national licenses, or active institutional directory entries. For Travellers: Matching travel-stamped pages and a corresponding public link or travel image catalog showing presence in those locations. For any other category: Explicit, verifiable proof that is directly traceable to the individual's legal identity. - Provide a properly redacted public copy for profile display. -------------------------------------------------------------------------------- 3. Verification Lifecycles -------------------------------------------------------------------------------- Any change to your verified profile parameters triggers an automatic review: - Editing any field linked to your Verified Persona status or updating your registered name will instantly suspend your badge and remove your public copy from view. - To regain verification after making changes, you must upload a new unredacted copy alongside your updated public copy for manual review. Once approved, the unredacted copy is deleted and your new public copy is made visible. -------------------------------------------------------------------------------- 4. Platform Permissions -------------------------------------------------------------------------------- Verified status grants users distinct platform permissions: - The Credibility Badge: A distinct badge denoting a verified profession or lifestyle, displayed alongside the user's name. - Content Authority: Posts within a verified domain are prioritized in content algorithms to reduce misinformation and fake reviews. - Moderation and Peer Review: Verified users may gain permission to flag misleading industry-specific content or moderate designated community spaces. - Networking Access: Access to restricted professional-only or travel-exclusive channels and secure local networking groups. ================================================================================ SAFETY DISCLOSURES ================================================================================ User Safety: - Reporting: You can report any post, comment, or user through the in-app reporting tool. Reports are reviewed by Duruha's trust and safety team. - Blocking: You can block individual users through the in-app blocking feature to prevent further interaction. - Moderation: Reports are reviewed by Duruha staff. We treat serious violations (threats, illegal content, child safety) as priority. - Verification is not a safety guarantee: A verified badge means Duruha confirmed identity and credentials at the time of submission. It does not mean Duruha vouches for the user's character, future behavior, or the accuracy of all content they post. - Reputation scores are signals, not proof: Credibility scores reflect platform engagement signals. They are not independent assessments of a person's trustworthiness or expertise. Verification Disclaimer: A "Verified" badge on Duruha means: - The user submitted evidence reviewed by Duruha's compliance team. - The submitted evidence matched the stated persona at the time of review. - The identity document matched the persona credentials. A "Verified" badge does NOT mean: - Duruha endorses the user's opinions, advice, or recommendations. - The user's credentials are currently valid or in good standing. - The user will behave appropriately in all future interactions. Verified status may be revoked if a user submits fraudulent documentation, violates community guidelines, or misrepresents their professional status. Content posted by verified personas is for informational purposes only. It does not substitute for professional medical, scientific, legal, or official travel-safety consultations. Location Safety: - Duruha uses your location to place you within a geographic community hierarchy for relevance and community matching. - Your raw GPS coordinates are not displayed to other users. - Do not share your exact home address, workplace, or daily routine in public posts or profile fields. - Location access is captured once at onboarding. You may deny it and enter your location manually. - Duruha does not access your location in the background. Encrypted Messaging: - Private messages use end-to-end encryption. Duruha cannot read them. - Your encryption keys are stored only on your device. - If you lose your device and have not set a PIN-protected backup, your message history cannot be recovered. - Ephemeral chat sessions are designed to minimize persistent message storage.