Legal

Privacy Policy

GDPR-aware. Last updated: May 2026. Data controller: Human In The Love, Inc.

1. What we collect

  • Account: email, OAuth provider, language preference.
  • Profile: name, age, gender, orientation, location, photos, intent text.
  • Activity: match history, messages, memory facts, AI client connections.
  • Device: IP address (for fraud prevention), browser language.

2. How we use it

  • To match you with compatible people.
  • To improve our AI matchmaker through feedback and memory accumulation.
  • To enforce safety (trust scores, moderation, report handling).
  • To send service emails (matches, billing, security alerts).

3. Legal basis (GDPR)

Processing is based on contract performance (matching service), legitimate interest (safety, fraud prevention), and consent (optional analytics). You may withdraw consent anytime without affecting service availability.

4. Data sharing

We do not sell personal data. Processors: Supabase (database), Stripe (payments), Cloudflare (MCP server), Resend (email). All processors are GDPR-compliant with signed DPAs.

5. Your rights

  • Access: export your full data as JSON via Settings.
  • Deletion: request account deletion with 30-day grace period.
  • Correction: update profile info anytime.
  • Portability: JSON export is machine-readable.
  • Complaint: contact your local data protection authority.

6. Retention

Active accounts: retained indefinitely. Deleted accounts: 30-day grace + 90-day technical purge. Backups may retain data up to 180 days. Legal holds may extend retention where required.

7. Security

AES-256 encryption at rest, TLS 1.3 in transit. OAuth tokens never touch our database (per ADR-0003). RLS policies enforce row-level access control. Penetration testing is conducted quarterly.

8. Cookies

Essential cookies only (auth session, locale). Analytics cookies require opt-in. See our Cookie Policy for details.

DPO contact: dpo@humaninthelove.com

Terms of Service →Cookie Policy →