What TRR sees and what it doesn't: a privacy explainer
By TRR Editorial · Trends · March 15, 2025
People ask us all the time what data TRR reads when you sign in through your social network. The answer is short but worth saying out loud. Here's exactly what we see, what we never see, and how the social graph gets used to surface mutuals without exposing your private connections.
What we read at signup
When you sign in through Facebook, Google, LinkedIn, or your school email, we ask for:
- Your name and profile photo (the public version)
- Your verified email address
- A list of connection IDs — the unique identifiers of accounts you're connected to on that platform
That's it. We don't read your messages, your posts, your private photos, your timeline, your location history, or your contact list. We don't store your password — your social provider handles authentication.
The connection IDs are the only sensitive thing on the list, and they're handled in a specific way.
What we store
We store your name, photo, email, the lifestyle preferences you set, and the listings you create or save. We store the connection IDs as one-way hashed values — meaning the IDs themselves never live in our database in readable form. Hashed IDs can be compared (does Alice's hash set overlap with Bob's hash set?) but they can't be reverse-engineered into a list of who Alice is connected to.
This is what lets us compute mutuals without storing your social graph. Two members get a mutual indicator when their hash sets overlap — we know how many they overlap on, but neither member's actual connection list ever leaves the hash layer.
What we never see
- The content of your social media posts
- Your direct messages on any platform we read from
- Your contact list, calendar, location, or browsing history
- Your friends' personal information beyond the hashed connection ID
- Your TRR conversations, beyond what's needed for moderation when reported
Specifically on the moderation point: TRR messages are stored encrypted and only decrypted when a user reports a conversation for review. We don't read message contents in normal operation, and we don't run ad-targeted analytics on conversation data.
How mutuals get computed
When you create a profile and someone else is browsing the platform, the engine does the following:
- Pulls your hashed connection set
- Pulls the other person's hashed connection set
- Counts the overlap
- Returns: 0 mutuals, 4 mutuals, 12 mutuals — whatever the count is
We only show the actual names of mutual friends when both people in question are TRR members and have consented to mutual visibility. If a friend you have in common isn't on TRR, they show up only as part of the count — never by name.
What happens if you delete your account
Account deletion removes your profile, your messages, your saved searches, your listings, and your hashed connection set from our active database within seven days. Anonymized usage data — aggregate metrics about how the platform performed during your time on it — is retained for product and research purposes for up to two years and then purged.
We don't sell user data. We've never sold user data. We're not interested in being in the user-data business.
The principle behind this
We started TRR because Craigslist and Facebook groups asked you to trust complete strangers with your living situation. The alternative we wanted to build was one where you could see who's already in your real network without having to make your private life public.
That principle has shaped every privacy decision since. We read the minimum required to compute mutuals. We hash the connection data so it can't be reverse-engineered. We don't surface relationships beyond what both members have agreed to share. And we don't monetize through ads or third-party data sharing.
If we ever change any of that, we'd say so in our policy and email every member directly. For now, the deal is the deal: you give us enough to compute your ring, and we give you back the ring without exposing anyone in it.
.jpg)