Privacy Policy
Last updated: July 2, 2026
This Privacy Policy describes how Matchu ("we", "us") collects, uses, discloses, and protects information when you use the Matchu mobile applications, website at matchu.dating, and related services (the "Service"). We are the data controller for the personal information described here.
1. Information we collect
- Account & profile: name or display name, email address, mobile phone number, date of birth, gender, location (city / approximate coordinates), photos, voice intros, prompts, preferences, and other profile details you choose to share.
- Content & activity: messages, matches, swipes, likes, reports you file, and other interactions inside the Service.
- Device & usage: device model, operating system, app version, IP address, crash logs, and usage events. Approximate location derived from IP or precise location if you grant OS-level permission.
- Purchase data: transaction identifiers and subscription status from the Apple App Store or Google Play. Matchu does not receive or store your payment card details.
2. How we use information
We use personal information to:
- Create your account, authenticate you, and operate the Service;
- Suggest matches and personalize your experience;
- Enable messaging and other user-to-user communication;
- Detect fraud, spam, abuse, fake accounts, and violations of our Terms;
- Comply with legal obligations and respond to lawful requests;
- Communicate with you about your account, changes to policies, and support requests.
3. Automated screening & moderation
To keep Matchu safe, we use automated systems that scan photos, profile text, and messages for prohibited content — including nudity, CSAM signals, violence, spam, and AI-generated imagery. These systems may block or flag content, restrict features, or queue an item for human review. In most cases decisions can be appealed to our Trust & Safety team at safety@matchu.dating. Certain automated actions (for example, blocking suspected CSAM) are not subject to appeal and are reported to appropriate authorities.
4. Service providers & processors
We share personal information only with vendors acting on our behalf, under written data processing agreements. Current categories of processors:
- Cloud hosting & database — Supabase (hosted on AWS) for our backend, database, storage, and authentication infrastructure.
- SMS verification — Twilio to deliver one-time passcodes to your mobile number.
- Payments — Apple App Store and Google Play process all subscription and in-app-purchase billing. Matchu does not receive card numbers.
- Content moderation — automated image- and text-classification services used to detect prohibited content (nudity, CSAM signals, AI-generated imagery, hate speech).
- Push notifications — Apple Push Notification Service and Firebase Cloud Messaging deliver notifications to your device.
- Analytics & crash reporting — privacy-respecting product analytics and crash-reporting providers used to keep the app stable and improve features.
- Customer support — email and helpdesk tooling used to respond to your requests.
Matchu does not use Stripe Identity, and government-issued IDs are not collected or processed by Matchu.
5. Identity verification
Identity verification is not currently offered in the app. If we introduce it in the future, government-issued IDs and selfies will be processed by a dedicated verification provider under its data-retention policy, and Matchu will retain only your verification status and verified age — never the raw ID or selfie images. This policy will be updated before any such feature launches.
6. Sharing with other users
Your profile — including photos (soft-revealed until match), display name, age, prompts, and interests — is visible to other Matchu users who match our discovery criteria. Messages are visible to the people you exchange them with. We never sell your personal information.
7. Legal disclosures
We may disclose information when required by law, subpoena, court order, or other valid legal process; to enforce our Terms; or to protect the rights, property, or safety of Matchu, our users, or the public.
8. International transfers
Matchu is operated from the United States. If you use the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our processors operate. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.
9. Retention
We keep personal information only as long as needed for the purposes described here:
- Active accounts: for as long as your account exists.
- Deleted accounts: profile data is deleted within 30 days of your deletion request. Backups are purged within 90 days.
- Messages: deleted from active systems when your account is deleted; the copy retained by the other participant in a conversation is subject to their account lifecycle.
- Safety & abuse records: limited data (e.g. hashed device or account identifiers, records of terminated accounts, reports of serious violations) may be retained longer to prevent banned users from returning and to comply with legal obligations, typically up to 5 years.
- Legal & financial records: retained as long as required by applicable law.
10. Security
We use technical and organizational safeguards including TLS in transit, encryption at rest for stored data, access controls, and regular security review. No system is 100% secure; you use the Service at your own risk.
11. Your rights (GDPR, UK GDPR)
If you're in the EEA, UK, or Switzerland, you have the right to:
- Access the personal data we hold about you;
- Correct inaccurate data;
- Delete your data ("right to erasure");
- Restrict or object to certain processing;
- Data portability — receive your data in a machine-readable format;
- Withdraw consent, where processing is based on consent;
- Lodge a complaint with your local supervisory authority.
Our lawful bases for processing are: performance of a contract (operating your account), legitimate interests (safety, fraud prevention, product improvement), consent (SMS opt-in, marketing where applicable), and compliance with legal obligations.
12. Your rights (CCPA / CPRA — California)
If you're a California resident, you have the right to:
- Know what personal information we collect, use, and disclose about you;
- Delete personal information we've collected;
- Correct inaccurate personal information;
- Opt out of the "sale" or "sharing" of personal information — Matchu does not sell or share personal information as those terms are defined by the CPRA;
- Limit the use of sensitive personal information;
- Non-discrimination for exercising your rights.
To exercise any of the rights above, email privacy@matchu.dating. We will verify your identity before acting on your request.
13. Account deletion
You can delete your account at any time from the app's Settings screen, or by following the process at matchu.dating/delete-account. Deletion is permanent — see Retention above for what is removed and when.
14. Children
Matchu is not directed to anyone under 18. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided us personal information, contact privacy@matchu.dating and we will delete it.
15. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified in the app or by email. Continued use of the Service after changes take effect constitutes acceptance.
16. Contact
Privacy questions? Email privacy@matchu.dating.
Mobile information & SMS messaging
This section is a standalone SMS-program disclosure preserved for CTIA / carrier / TCR compliance review.
No Mobile Information will be shared with third parties or affiliates for marketing or promotional purposes. All categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
By providing your mobile number and opting in, you consent to receive SMS messages from Matchu strictly for account authentication — including one-time passcodes (OTP), login verification, and identity verification. We do not send marketing, promotional, match notifications, date scheduling, or unrelated messages to your phone number.
- Message frequency: Messages are sent only when you initiate a sign-in or verification action. Typical frequency is 1–5 messages per login attempt.
- Message and data rates may apply. Standard carrier message and data rates from your mobile provider may apply to each message sent or received.
- Opt-out: Reply
STOPat any time to unsubscribe. ReplyHELPfor assistance. - Carriers are not liable for delayed or undelivered messages.
For full SMS program details see our Terms of Service and the SMS Opt-In Verification page.