BeReal was created as recently as 2020; however, the app has gained popularity and downloads, especially during 2022. Unlike TikTok and Instagram, BeReal encourages users to post authentic and unfiltered pictures of themselves.
Cyber security experts at VPNOverview.com decided to investigate just how safe data is in the hands of BeReal. In information provided to Digital Journal, BeReal’s privacy policy was examined to reveal what types of data they collect and how long they retain it. The experts go on to reveal the best ways to protect such data.
What type of data does BeReal collect?
BeReal collects two types of data:
Data that users provide when creating an account
Profile Data: This is the Data that you are required to enter when you sign in: your phone number, first or last name, date of birth, username, and password. You can also fill in optional Data: your biography, email address, and profile picture.
Communications with BeReal: When you report a problem with the Platform (inappropriate content, bugs, errors), respond to a survey about the quality of BeReal’s Services, request assistance, or make a request to exercise your rights, BeReal will record the information you agree to share with them or that they need to respond to your request.
Data that BeReal collects when users are using the app
Data related to your activity on BeReal: this notably includes:
- Connection Data: IP address, date of registration, date of your last connection.
- Data about how you interact with other Users: the number of friends and invitations, comments left on Content shared by your friends, and the friends with whom you interact the most.
- Data about how you use BeReal’s Services, including use of RealMojis, time of posting, number of late BeReal posts, etc.
Content Data: BeReal collects content created through their Services such as photos, RealMojis, and comments. Note that users who view your content can always take a copy or screenshot of it. Therefore, it is strongly recommended that users do not post or send to a friend any content that they do not want to share.
Geolocation Data: For each photo, the Platform offers you the possibility to share, with your friends, your exact location or, when the photo is published publicly, an approximate location. Users can also locate their friends precisely on a map in relation to their position. Use of the Service requires your consent to the collection of Geolocation Data.
If you do not want BeReal to collect your Geolocation Data, you may refuse to give the Platform permission to access your location when you first open the application. If you wish to withdraw your consent after accepting such processing, you must change the permissions given to the application in the system settings of your phone.
Phonebook Data: With your consent, BeReal may access your phone book to identify your contacts already registered on BeReal or so that you can invite your friends to register on the Platform. BeReal will never access your contact list without your permission.
Device and Equipment Data: Information is collected about and from the devices and equipment you use to access BeReal. This includes your IP address, device type, application crashes, operating system version, and language used.
Cameras and Photos: Most of BeReal’s Services require that you allow them to collect Data from your phone’s camera and photo library (i.e. send and upload photos). If you refuse to allow access to your camera or photo library, you may receive photos from and contact other Users, but you will not be able to take, upload, and share your own photos.
In summary, all of this means:
| Categories of data | Type of data collected from user | What is the data used for? | How long is my data kept for? |
| Profile data | Name, date of birth, phone number, password, biography, email address | Account creation and user identification – Account management | Duration of the use of the services increased by 3 years after the last connection to the service or until the request for removal |
| Financial information | Transaction data submitted by the store | Purchase of paid features | Duration necessary for the execution of the transaction increased by the legal retention period for accounting purposes |
| Camera and photo data | Data sent by your phone’s camera and photos stored on your phone, Geolocation data | Proper functioning of the platform and its services | Duration of the use of the services increased by 3 years after the last connection or until the withdrawal of consent |
| Usage data | Data related to your activity on BeReal, Communications with BeReal, Data related to devices and equipment used | 2 years from collection date | |
| Content data | Activity when using the app – photos taken using the app as well as comments made and RealMojis | Moderation of content in accordance with the law (prevention of illegal activities, fraud, cyber harassment, …) | 1 year from collection for metadata 5 years (statutory limitation) for data retained for dispute prevention purposes |
| Communications with BeReal | Administrative management of the Platform, complaints and reports from Users, Moderation of content in accordance with our ToU | Duration of the use of the services + applicable statutory limitation | |
| Contact data | Contacts from your smartphone | Connection with other users | Duration of use of services or until the withdrawal of consent |
| Geolocation data | Information that can be used to identify your electronic device’s physical location |
For those who are concerned about protecting their data when using BeReal, it is important they only download reputable apps from official sources. It is also important to keep all software on a device updated. Using a virtual private network is a further consideration, as this will hide the IP address, encrypt data traffic, bypass government censorship, and allow the user to download files anonymously.
Social media has been known to have affiliations with data insecurity issues. After the infamous Facebook-Cambridge Analytics scandal or the LinkedIn data breach, it is sensible to limit the amount of information present on social media accounts.
A spokesperson from VPNOverview.com tells Digital Journal: “Whilst several apps have been found to collect irrelevant data to a specific service, this doesn’t necessarily make these apps data-miners in disguise. It is worth noting that sometimes, developers end up requiring certain data while trying to make the app. Even so, we should all stay vigilant and critical about what kind of data these apps are collecting and where they may be using them. ‘Free’ apps and services still need to make money, so if users aren’t paying for services, it is likely that they’ll be making money elsewhere – by providing data.”
