01Who we are
Strnger is a peer-support app that anonymously connects people going through similar emotional struggles for one-on-one conversations. It is not therapy, not a hotline, and not a substitute for professional or emergency care.
For the purposes of the EU General Data Protection Regulation (GDPR), the data controller is Strnger, based in Amsterdam, the Netherlands. Wherever this policy says "we", "us", or "Strnger", we mean that entity.
Questions about your data, or want to exercise a right? Email our privacy team at privacy@strnger.com. We answer every request from a real human.
02Our privacy principles
Before the legal detail, here is how we think about your data. These principles guide every product decision we make:
- Anonymous by design. You talk to other people on Strnger without revealing your real name, and we never ask for it.
- Collect the minimum. If we do not need a piece of data to make the conversation work, we do not collect it.
- Your story stays yours. We do not sell your data, and we do not use the content of your conversations to advertise to you.
- Plain language over fine print. No dark patterns, no buried clauses.
03What we collect
Because Strnger is anonymous to other users, we deliberately keep the data we hold small. Here is the full picture:
| Category | Examples |
|---|---|
| Account basics | A chosen display name or pseudonym, an account identifier, and authentication credentials (an email or sign-in token used only to secure and recover your account — never shown to other users). |
| What you're going through | The struggles, topics, and feelings you tell us about so we can match you. You choose what to share; you can use Strnger without disclosing your identity. |
| Conversation data | Messages exchanged in one-on-one chats, match history, and the timing of conversations, so the service functions and stays safe. |
| Wellbeing & psychoeducation | Optional weekly check-ins, mood signals, and progress with psychoeducation cards you interact with in the app. |
| Device & technical | Device type, operating system, app version, a push-notification token, and basic diagnostics needed to keep the app running and secure. |
| Usage & analytics | Aggregated, privacy-respecting metrics about how features are used — to improve the product, not to profile you individually. |
We do not require your legal name, home address, or social-media accounts to use Strnger.
04Conversations & sensitive data
Strnger is about mental and emotional health. Information you share about your wellbeing is treated as a special category of personal data under Article 9 of the GDPR, which means it gets the highest level of protection we can offer.
- We process this data only with your explicit consent, given when you choose to use the app and start a conversation.
- Your conversations are visible to the person you are matched with, and to a limited, trained set of systems and staff only where strictly necessary for safety and abuse prevention (see Safety & crisis).
- We never use the content of your conversations for advertising, and we never sell it.
Anonymity to other users is not the same as legal anonymity to us. We hold the minimum data needed to run a secure account, but because that data exists, the rights below (like deletion) genuinely apply to you.
05Why we use your data
We only use your data for clearly defined purposes:
- To match you with someone going through something similar.
- To run conversations — delivering messages in real time and keeping your chat history available to you.
- To keep people safe — detecting abuse, harassment, and signals of acute risk.
- To power psychoeducation — surfacing relevant, clinically reviewed content and weekly check-ins.
- To maintain and improve the app — fixing bugs, securing accounts, understanding which features help.
- To communicate with you — service notifications and, only if you opt in, product updates.
06Legal basis (GDPR)
We rely on the following lawful bases to process your personal data:
| Purpose | Legal basis |
|---|---|
| Matching, messaging, and wellbeing features involving health-related data | Explicit consent (Art. 6(1)(a) & Art. 9(2)(a)) |
| Creating and securing your account; delivering the core service | Performance of a contract (Art. 6(1)(b)) |
| Safety, abuse prevention, and protecting users from harm | Legitimate interests & vital interests (Art. 6(1)(f) & (d)) |
| Product analytics and improvement | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
Where we rely on consent, you can withdraw it at any time — see Your rights.
08How long we keep it
We keep personal data only as long as we need it for the purpose it was collected, after which it is deleted or irreversibly anonymised:
- Account data (profile, username, login) — for as long as your account is active, and permanently deleted within 30 days after you delete your account.
- Conversation data (matches and messages) — kept while your account is active so your history stays available to you, and deleted within 30 days of account deletion. Messages may be retained for up to 90 days after a conversation ends where needed to investigate a safety report, then deleted or anonymised.
- Diagnostics & analytics — kept for up to 14 months, then aggregated or deleted.
- Backups — encrypted backups containing your data are rotated and fully purged within 30 days.
- Legal records — limited data we are legally required to keep is retained only for the period the law requires, then deleted.
How to delete your account and data
You are in full control and can delete your account and all associated personal data at any time. There are two ways to do this:
- In the app (recommended) — open Profile → Account management → "Delete my account", then confirm. Your account, matches, conversations and all related data are deleted immediately and the deletion is irreversible.
- By email — write to privacy@strnger.com from the address linked to your account and we will delete your account and data within 30 days.
Once deletion is complete, your data is removed from our active systems within 30 days and from encrypted backups within the following backup cycle (at most 30 days), except for the limited legal records described above.
09How we protect it
Protecting sensitive conversations is core to what we do. Our measures include:
- Encryption of data in transit (TLS) and at rest.
- Strict, role-based access controls — staff access is limited, logged, and on a need-to-know basis.
- Pseudonymous identifiers so accounts are not tied to real-world identity by default.
- Ongoing security testing and a process to respond quickly to any incident.
No system is ever perfectly secure, but we work continuously to protect your data and will notify you and the relevant authority of a breach where the law requires.
10Your rights
Under the GDPR you have strong rights over your personal data. You can:
- Access a copy of the data we hold about you.
- Rectify data that is inaccurate or incomplete.
- Erase your data ("right to be forgotten").
- Restrict or object to certain processing.
- Port your data to another service.
- Withdraw consent at any time, without affecting processing done before withdrawal.
To exercise any of these, email privacy@strnger.com. You also have the right to lodge a complaint with your local data protection authority — in the Netherlands, the Autoriteit Persoonsgegevens.
11Age & minors
Strnger is not intended for children. You must be at least 16 years old (or the minimum age of digital consent in your country) to use the app. If we learn that we have collected data from someone under that age without appropriate consent, we will delete it.
12Safety & crisis
Strnger is not an emergency service. If you or someone else is in immediate danger, please contact your local emergency number or a crisis line right away.
To protect our community, we may process conversation data to detect abuse, harassment, or signals of acute risk of harm. In rare, serious situations we may act — including contacting appropriate responders — to help keep someone safe. We design these safeguards to be proportionate and to interfere as little as possible with your privacy.
13International transfers
We aim to keep data within the EU/EEA. Where a service provider processes data outside the EEA, we ensure an adequate level of protection through legally recognised safeguards, such as the European Commission's Standard Contractual Clauses.
14Changes to this policy
We may update this policy as Strnger evolves. When we make material changes, we will update the "last updated" date above and, where appropriate, notify you in the app. Continuing to use Strnger after an update means you accept the revised policy.
15Contact us
For any privacy question or to exercise your rights:
- Privacy team: privacy@strnger.com
- General enquiries: hi@strnger.com
- Strnger · Amsterdam, the Netherlands
See also our Terms of Service and GDPR statement.