Privacy Policy
Last updated: [DATE] — Template, not legal advice.
1. Who we are
Datemaxxing ("we", "us") operates the Datemaxxing dating application (the "Service"). Contact: privacy@[YOURDOMAIN].com. [Insert legal entity name, registered address, and — if required under GDPR Art. 27 — your EU representative.]
2. Data we collect
- Account data: email address, hashed password (managed by our authentication provider, Supabase Auth).
- Profile data: username, date of birth, gender, gender(s) you're interested in, bio, city.
- Photos: images you upload to your profile.
- Activity data: swipes, matches, messages you send.
- Cookie/consent data: your cookie preferences (see Section 8).
- Technical data: IP address, device/browser type, and log data collected automatically by our hosting provider for security and abuse prevention.
We do not collect government ID, precise geolocation, or payment data in the MVP version of the Service.
3. Photos and the optional "PSL Score" feature
Photographs of your face can be considered sensitive/biometric-adjacent personal data in some jurisdictions (e.g. "special category data" under GDPR Article 9, or a "biometric identifier" under laws such as the U.S. Illinois Biometric Information Privacy Act). We designed this feature to minimize that risk and to always keep it under your control:
- The PSL Score is entirely optional and off by default. Core features (profile, swiping, matching, chat) work without ever using it.
- We only enable it after your explicit, separate opt-in consent, recorded with a timestamp. You can withdraw consent at any time in your Profile settings; withdrawal immediately stops any further scoring.
- When you request a score, your photo is sent to a third-party AI vision provider (currently OpenAI) solely to generate a numeric rating (0-100) and a short comment. We do not request, extract, or store facial geometry, facial embeddings, or any other biometric template — only the resulting score and comment are saved to your profile.
- The score is presented as a subjective, AI-generated opinion for entertainment purposes. It is not a scientific, psychological, or medical assessment, and is not used to make any automated decision that produces legal or similarly significant effects about you.
- If you opt in and have a completed score, it may also be used to order the Discover feed, showing you people with a similar score first if they have also opted in. This never excludes anyone from being shown to you or you to them — members who haven't opted in appear normally, just without score-based ordering.
- You can delete any generated score, delete the underlying photo, or delete your account at any time (Section 9).
4. Legal bases for processing (GDPR)
- Contract: processing your account, profile, swipes, matches, and messages is necessary to provide the Service you signed up for.
- Consent: the PSL Score feature, and non-essential cookies (analytics/marketing), rely on your explicit consent, which you may withdraw at any time without affecting other processing.
- Legitimate interests: fraud prevention, abuse/report handling, and basic security logging, balanced against your rights.
- Legal obligation: where we must retain or disclose data to comply with law.
5. Who we share data with
We use a small number of processors to run the Service. We do not sell your personal data.
- Supabase (database, authentication, file storage, realtime messaging).
- OpenAI (or an equivalent vision-AI provider) — only receives a photo when you explicitly request an PSL Score, solely to compute that score.
- Vercel (application hosting).
- Other members of the Service can see your public profile fields (username, age, city, bio, primary photo) and messages you send them after a match — that visibility is the core function of the app, not third-party sharing.
[Insert/confirm Data Processing Agreements (DPAs) with each processor above before launch.]
6. International data transfers
We serve users in the EU/EEA, UK, and USA. Where personal data is transferred outside the EU/EEA (e.g. to US-based processors), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the EU-U.S. Data Privacy Framework. [Confirm current mechanism with each processor.]
7. Data retention
We retain your account and profile data for as long as your account is active. If you delete your account, we permanently delete your profile, photos, swipes, matches, and messages within 30 days, except where we must retain limited data (e.g. records of a safety report) to comply with legal obligations or to protect other users.
8. Cookies
- Essential — required for login sessions and security. Always on.
- Analytics — helps us understand aggregate usage. Only set with your consent.
- Marketing — used for promotional purposes. Only set with your consent.
9. Your rights
If you are in the EU/EEA or UK (GDPR/UK GDPR)
You have the right to: access your data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict or object to processing; data portability; and withdraw consent at any time. You can exercise deletion yourself from Profile → "Delete my account and all data", or contact us. You also have the right to lodge a complaint with your local data protection supervisory authority.
If you are a California resident (CCPA/CPRA)
You have the right to know what personal information we collect, request deletion, correct inaccurate information, and opt out of the "sale" or "sharing" of personal information (we do not sell or share personal information as those terms are defined by the CCPA). We will not discriminate against you for exercising these rights.
10. Security
Photos are stored in a private storage bucket, never publicly accessible, and served only via short-lived signed URLs to authenticated, authorized users. Access to user data is protected by row-level security policies at the database layer, in addition to application-level authentication.
11. Age restriction
The Service is restricted to individuals 18 years of age or older. We do not knowingly collect data from anyone under 18.
12. Changes to this policy
We may update this policy from time to time. Material changes will be notified in-app or by email before they take effect.
13. Contact
Questions or requests: privacy@[YOURDOMAIN].com