Privacy Policy

Effective date: May 1, 2025 · Last updated: April 26, 2026

IdolFyre ("we," "us," or "our") operates the IdolFyre personal relationship management platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.

1. Who We Are

IdolFyre is a personal CRM (contact relationship manager) that helps individuals maintain meaningful relationships. We are headquartered in Maryland, United States.

2. Information We Collect

Account data

Username, email address, hashed password, and optional profile fields you provide (name, phone, company, birthday, profile picture).

Content data

Contacts, events, interactions, live session logs, guild memberships, and other data you enter into the service.

Usage data

IP addresses, browser type, pages visited, and timestamps — collected for security and service improvement purposes only.

Payment data

Processed by our payment provider (Adyen or Stripe). We do not store raw card numbers or full payment credentials.

We collect only the minimum data necessary to provide and improve our services (data minimization).

3. Third-Party Account Connections (Google, Microsoft, iCloud)

IdolFyre offers optional one-time contact import from Google Contacts, Microsoft Outlook/Office 365, and Apple iCloud. These integrations are entirely opt-in. Here is exactly what happens when you use them:

Summary: We fetch your contacts once, import them into your IdolFyre account, and immediately discard all credentials and tokens. We never store OAuth tokens, Apple credentials, or any third-party login information.

Provider	What we access	How	What we store
Google	Your Google Contacts (names, emails, phone numbers, companies, notes)	OAuth 2.0 with read-only `contacts.readonly` scope. You authorize via Google's own login screen — we never see your Google password.	Only the contact records you choose to import into IdolFyre. The OAuth access token is used once and immediately discarded.
Microsoft	Your Outlook / Office 365 contacts (same fields as above)	OAuth 2.0 with read-only `Contacts.Read` permission via Microsoft Graph. You authorize via Microsoft's own login screen.	Only the contact records you choose to import. The access token is used once and immediately discarded.
Apple iCloud	Your iCloud address book contacts	Apple's CardDAV protocol using an App-Specific Password that you generate yourself at appleid.apple.com. Your main Apple ID password is never used or requested.	Only the contact records you choose to import. Your Apple ID and App-Specific Password are transmitted over HTTPS and never written to disk or logged.

What we do NOT do with third-party contact data

We do not store OAuth tokens or refresh tokens beyond the duration of the import.
We do not synchronize, re-fetch, or access your third-party accounts after the initial import.
We do not share contact data obtained via these integrations with any third party.
We do not use contact data for advertising, profiling, or any purpose other than populating your IdolFyre contact list.
We do not combine third-party contact data with any external database or data broker.

Revoking access

Because we do not store persistent tokens, there is nothing to revoke on our end after an import completes. To be thorough, you can also revoke IdolFyre's access from the respective provider's account settings:

Google: myaccount.google.com → Security → Third-party apps with account access
Microsoft: myapps.microsoft.com → remove IdolFyre Contact Ingestion
Apple: appleid.apple.com → Security → App-Specific Passwords → delete the IdolFyre password

Contacts already imported into IdolFyre can be deleted at any time from your contact list or via Settings → Danger Zone (bulk delete).

4. How We Use Your Information

To provide, maintain, and improve the service.
To authenticate your account and prevent unauthorized access.
To send optional email digests and transactional notifications you have opted into.
To comply with legal obligations.

We do not sell your personal information to third parties. We do not use your data for targeted advertising or profiling for advertising purposes.

5. Your Rights

Depending on where you reside, you may have the following rights:

Access & Portability: Request a copy of your data in a machine-readable format via Settings → Export.
Correction: Update your data at any time in Settings.
Deletion: Delete your account and all associated data from Settings → Danger Zone, or by contacting us.
Opt-Out of Sale/Sharing: We do not sell or share personal data. No opt-out is required, but you may contact us to confirm.
Non-Discrimination: We will not discriminate against you for exercising any privacy right.

6. Maryland Online Data Privacy Act (MODPA)

For Maryland residents, we comply with the Maryland Online Data Privacy Act (effective October 1, 2025). You have the right to:

Know what personal data we process about you and why.
Correct inaccurate personal data.
Delete personal data we have collected from you.
Obtain a portable copy of your data.
Opt out of any profiling that produces legal or similarly significant effects (we do not engage in such profiling).

We do not process sensitive personal data as defined by MODPA without your consent. We do not sell personal data.

To submit a privacy request, email admin@idolfyre.com. We will respond within 45 days.

7. General Data Protection Regulation (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland:

Legal basis: We process data on the basis of contract performance, legitimate interests (security, fraud prevention), and consent where required.
Data transfers: Data may be transferred outside the EEA. We use Standard Contractual Clauses where required.
Retention: We retain your data for as long as your account is active. Upon deletion, personal data is purged within 30 days except where retention is required by law.
Supervisory authority: You have the right to lodge a complaint with your local data protection authority.

8. Other Applicable Laws

We aim to respect the privacy rights of all users globally, including obligations under Brazil's LGPD, Canada's PIPEDA, Thailand's PDPA, China's PIPL, Japan's APPI, India's DPDPA, and Australia's Privacy Act. Where these laws grant rights beyond those described above, we will honor them upon request.

9. Cookies

We use only essential session cookies necessary for authentication. We do not use advertising or tracking cookies.

10. Children's Privacy

Our service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us immediately.

11. Changes to This Policy

We will notify you of material changes via email or an in-app notice. Continued use after the effective date constitutes acceptance.

12. Contact

Privacy inquiries: admin@idolfyre.com