This Privacy Policy explains how HeartsConnect collects, uses, stores, and protects your personal data. We are committed to transparency and giving you meaningful control over your information.
Section 1
What Information We Collect
We collect information you provide directly, information generated by your use of the service, and in some cases information from third parties.
| Category | Examples | Required? |
|---|
| Identity | Name, date of birth, gender, sexual orientation | Yes |
| Contact | Email address | Yes |
| Profile | Photos, bio, headline, interests, body type, education | Optional |
| Location | City, country, approximate GPS coordinates | Optional |
| Communications | Messages sent via in-app chat | N/A |
| Usage Data | Pages visited, features used, swipe activity, session times | Automatic |
| Device | IP address, browser type, operating system, device identifiers | Automatic |
| Payment | Billing address, last 4 digits of card (full card data handled by payment processor) | Premium only |
Section 2
How We Use Your Information
We use your data only for legitimate purposes necessary to operate and improve HeartsConnect:
- Matching & Discovery: To show you profiles that match your preferences and vice versa, using location, age, and preference filters.
- Account Management: To create and maintain your account, authenticate you, and provide customer support.
- Communications: To send transactional emails (e.g. email verification, password reset, match notifications) and, with your consent, marketing communications.
- Safety & Security: To detect and prevent fraud, abuse, and violations of our Terms, and to verify user ages.
- Service Improvement: To understand how users interact with the platform and to develop new features. Analytics data is anonymised where possible.
- Legal Compliance: To comply with applicable laws, court orders, or valid legal processes.
We do not use your data to train external AI models, sell it to data brokers, or share it with advertisers for targeted advertising outside our platform.
Section 3
How We Share Your Information
We do not sell your personal data. We share it only in these limited circumstances:
- Other Users: Your public profile (photos, name, age, bio, interests) is visible to other registered users. Your exact location is never shared — only approximate distance is shown.
- Service Providers: Trusted third-party vendors who help us operate the platform (hosting, payment processing, email delivery, fraud prevention). They are bound by data processing agreements and may not use your data for their own purposes.
- Legal Requirements: When required by law, court order, or to protect the rights, property, or safety of HeartsConnect, our users, or the public.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.
- With Your Consent: In any other case, only with your explicit, informed consent.
Section 4
Data Retention
We retain your personal data for as long as your account is active or as needed to provide the service. Specific retention periods:
- Active accounts: Data is retained for the lifetime of your account.
- Deleted accounts: Profile data is removed within 30 days of deletion. Backup copies may persist for up to 90 days before being purged.
- Messages: Chat messages are stored for the duration of the match. When a match is unmatched or either user deletes their account, messages are deleted within 30 days.
- Financial records: Billing records are retained for 7 years as required by tax and accounting regulations.
- Safety records: Reports and moderation actions may be retained for up to 3 years to protect the community.
- Log data: Server logs are retained for 90 days.
Section 5
Security
We implement industry-standard technical and organisational safeguards to protect your data:
- All data in transit is encrypted using TLS 1.2 or higher.
- Passwords are hashed using bcrypt with a high cost factor and are never stored in plaintext.
- Payment data is handled exclusively by PCI-DSS compliant payment processors — we never store full card numbers.
- Access to production data is restricted to authorised personnel on a need-to-know basis.
- We conduct regular security audits and vulnerability assessments.
No system is 100% secure. If you discover a security vulnerability, please responsibly disclose it to security@heartsconnect.site rather than publicly disclosing it.
Section 6
Your Rights & Choices
Depending on your jurisdiction, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion ("Right to be Forgotten"): Request deletion of your personal data. You can do this directly via Settings → Account → Delete Account, or by contacting us.
- Portability: Request a machine-readable export of your data.
- Objection: Object to processing of your data for direct marketing purposes at any time.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, email us at privacy@heartsconnect.site. We will respond within 30 days (GDPR) or the timeframe required by applicable law. We may need to verify your identity before processing your request.
Section 7
Children's Privacy
HeartsConnect is strictly for adults aged 18 and over. We do not knowingly collect or process personal data from anyone under the age of 18.
If you believe a minor has registered on our platform or provided us with personal data, please contact us immediately at safety@heartsconnect.site. We will investigate and delete any such data promptly.
Section 8
International Data Transfers
HeartsConnect operates globally. Your data may be processed in countries other than your own, including countries that may have different data protection standards.
Where we transfer data internationally, we use appropriate safeguards such as:
- Standard Contractual Clauses approved by the European Commission (for EEA data).
- Data processing agreements requiring equivalent protections.
- Reliance on adequacy decisions where applicable.
Section 9
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify you via email or an in-app notification at least 14 days before changes take effect.
- Where required by law, seek your consent for new processing activities.
We encourage you to review this policy periodically. Continued use of HeartsConnect after the effective date of changes constitutes acceptance of the updated policy.