Pref← Home

Privacy Policy

Last updated: May 14, 2026

Pref lets you record your real-world preferences — food, travel, home, safety notes — and share them with people and businesses you trust. This page explains what data we collect, why, and how we handle it.

Who runs Pref

Pref is operated by Becker Capital Ventures LLC. For privacy questions, data requests, or to exercise any of the rights described below, email hello@prefpref.com.

What we collect

  • Phone number. Used to sign you in via SMS one-time code. We also store a one-way hash of your number so other users who have your contact saved can find you without us revealing the number itself.
  • Profile details. Handle, name, pronouns, preferred greeting, optional profile photo, optional background image — whatever you choose to enter.
  • Your preferences.Whatever you record (diet, allergies, seating, sleep, etc), including the preferences you mark as most important (“priority items”). You control visibility on each: Public, Friends, or Private.
  • Dependents. If you record preferences on behalf of a child, pet, or adult in your care, we store what you enter under your account. You can delete any dependent at any time.
  • Social content. Friendships, pref requests you send or receive, stickers you send or receive, and share-grants or share links you create. Visible to the people involved.
  • Contact matches (optional). If you grant the Contacts permission, we hash each phone number in your address book on your device (SHA-256 over the E.164-normalized number) and send only those hashes to our server to check which of your contacts are already on Pref. We never upload contact names, emails, or plaintext phone numbers. When two people independently have each other in their contacts, we treat that as a mutual signal and connect you as friends automatically. You can skip the prompt — Pref works without it.
  • Push notification token (optional).If you grant the Notifications permission, your device sends Apple Push Notification service (APNs) a token that identifies your device to the APNs system, and we store that token so we can send you a notification when a friend nudges you, shares a preference, or accepts a friend request. The token is device-specific and tells us nothing about your phone's contents.
  • Device metadata.Our server doesn't store a long-term log of your requests. Our hosting provider (Railway) retains short-term operational logs of inbound requests (timestamps, IPs) so we can debug outages and detect abuse; those logs are kept for the period Railway provides and aren't replicated into our database.

iOS permissions we ask for

Every iOS permission is optional. If you skip it or revoke it later in Settings, the rest of Pref keeps working.

  • Contacts — to find friends already on Pref, using the hashed-lookup flow described above.
  • Notifications — to send you a nudge when a friend interacts with you.
  • Photos (or Camera) — only when you explicitly pick or take a photo for your profile or a preference.
  • Microphone — only when you explicitly record audio for a preference.

What we don't collect

  • We don't track you across other apps or websites. No advertising SDKs, no IDFA.
  • We don't read contact names, emails, photos, or addresses — just hashed phone numbers, and only if you grant the Contacts permission.
  • We don't upload your photo library or microphone stream. We access them only when you explicitly attach a photo or record audio for a preference.

Third parties we share data with

  • Twilio — we pass your phone number to Twilio to send the SMS sign-in code.
  • Apple Push Notification service (APNs)— when you have notifications enabled, Apple receives the notification payload we send your device. We send only the minimum needed to render the notification (for example: a friend's handle and a short message), never the contents of your preferences.
  • Google (Gemini API)— when you chat with our AI assistant Pina, generate a share summary, or generate a profile background image, we send the relevant input to Google for inference. For chat and summaries, that's your recent chat messages plus the relevant subset of your catalog (preference names, your answers); for the background image, it's the prompt you wrote. Before we send, we replace your name and your friends' names with opaque tokens (P1, F1, F2, …) so the model never receives plaintext identifiers. We never send medical data that isn't already part of a preference you chose to record. Google's handling is governed by their Gemini API terms.
  • Railway — our hosting provider. They run our servers and database.
  • Sentry— when the app or server crashes, we send a stack trace and basic device info (iOS version, app version, device model) so we can debug. We don't attach your user ID or any preference content to the crash report.

We don't sell or rent your personal data to advertisers or data brokers, and we don't share it with third parties for their own marketing. The operational vendors above process data on our behalf so we can run the service. Sharing your prefs with friends, businesses, or other apps only happens at your direction — see Sharing your prefsbelow. We may publish aggregated, de-identified statistics (for example, “X% of users record at least one allergy”) that can't be tied back to any individual.

How sharing works

Pref is built around sharing — the whole point is to let people and businesses you trust see the prefs you choose to expose. Every share is initiated by you and scoped to the prefs you pick. We don't share prefs with anyone you didn't opt in to.

Visibility you set on each pref

Every preference you record carries one of three visibility settings, which you choose and can change at any time:

  • Public. Anyone who lands on your profile — a friend, the spouse or partner of a friend who reaches you through the relationship link described below, a business you've shared with — can see this pref.
  • Friends. Visible to people you've mutually accepted as friends. Also visible to the limited transitive case described under Family relationships below. Not visible to strangers, businesses you haven't shared with, or anyone via a share link unless you put the pref into the link explicitly.
  • Private. Visible only to you by default. You can grant a specific friend access to a specific Private pref from their profile (for example, sharing a health note with one trusted friend but not the rest of your friends list). Grants are per-pref, per-friend, and revocable.

A few safety prefs — food allergies, epi-pen / inhaler location, and similar — default to Public when you record them, because the whole point of writing them down is that whoever's hosting or caring for you might need them in a moment when you can't pull out your phone. You can move any of them to a more restrictive setting if you want.

Direct friends

Connecting with a friend lets them see prefs you've marked Friends or Public. Private prefs stay private (unless you grant per-pref access as above). Friend connections happen either when one person sends a request by handle and the other accepts, or when both people independently have each other in their phone contacts and the hashed-match flow connects you automatically.

Family relationships and transitive access

You can record relationships with other Pref users — spouse, partner, coparent, sibling, household member, and so on. Each side of the relationship independently controls a visibility toggle for it:

  • Public — the relationship appears on your profile and counts as a shared family link (see below).
  • Hidden — the connection is recorded between the two of you, but it isn't surfaced on your profile.

When both people set the relationship to Public — a deliberate two-way opt-in — your direct friends can see that person's Friends-level prefs even if they aren't already friends with them, and your partner's friends can see yours. This is the same level of access a direct friend would have, and it never exposes anyone's Private prefs. Either side can switch their own toggle back to Hidden at any time, which ends the transitive access immediately on both sides.

The two-way opt-in is the load-bearing part: no one ever appears as “part of your household” on a friend's view without their own consent. We do this because in practice the partner of a friend is usually someone you'd plan around too — the same dinner, the same gift, the same hosting context — and routing those preferences through a single direct-friend connection is what users have asked for.

Dependents

If you record preferences on behalf of a child, pet, or adult in your care (a “dependent”), those prefs sit under your account. Your direct friends see your dependents as small indented rows under you in their People tab, with each dependent's prefs subject to the same Public / Friends / Private visibility as your own. You can invite another guardian (the other parent, for example) so both households share the same set of dependent prefs without duplicating data, and you can remove a dependent — or your share of one — at any time.

Share links

When you create a share link, anyone who has the link can see the prefs you chose to expose. Links expire (default 24 hours) and you can revoke them anytime from the app. We log view counts so you can see if a link has been opened.

Businesses and other apps

Pref may let you share selected prefs with a business (for example, a restaurant taking your reservation) or another app (for example, a travel-booking service). Each share is opt-in, scoped to what you pick, and revocable from the app. Once you share, the recipient handles that data under their own privacy terms; we'll always show you who you're sharing with and what they'll see before you confirm.

Children

Pref is designed for adults. You can record preferences on behalf of a child in your care (for example, a peanut allergy to share with a host), but only if you are their parent or guardian. If you believe a child under 13 has a Pref account, email hello@prefpref.com and we'll delete it.

Deleting your account

You can delete your account directly from the app — tap Settings → Account → Delete account. That removes your profile, preferences, priority items, dependents, friendships, pref requests, stickers, share grants, contact hashes, and push tokens. The deletion runs immediately and the data isn't retained on our servers afterward (database backups roll off on a normal cadence). If you can't reach the in-app option for any reason, email hello@prefpref.com from the phone associated with your account and we'll delete it for you.

Security

All traffic is encrypted with TLS. Your sign-in token is stored in the iOS Keychain. Passwords aren't used — authentication is via a one-time SMS code.

Your rights

Depending on where you live (GDPR in the EU/UK, CCPA/CPRA in California, and similar regimes elsewhere), you may have the right to:

  • Access the data we hold about you, in a machine-readable export.
  • Correct information that is inaccurate.
  • Delete your account and associated data (see above).
  • Object to, or restrict, our processing of your data.
  • Opt out of sale or sharing— we don't sell or share personal information in the sense CCPA/CPRA uses those words, so there's nothing to opt out of, but if that changes we'll surface a clear control.

Email hello@prefpref.com and we'll respond within 30 days. You also have the right to complain to your local data-protection authority if you believe we've mishandled your data.

Changes

We'll update this page when practices change and bump the “last updated” date. For material changes, we'll notify you in-app.