# Privacy Policy - Velvett

**Last updated: January 16, 2025**

## 1. Introduction

Velvett ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share and protect your information when you use our dating application.

## 2. Data Controller

**Velvett**
- Address: [Company address]
- Email: privacy@velvett.app
- Data Protection Officer: dpo@velvett.app

## 3. Data Collected

### 3.1 Information Provided Directly

**Account Information:**
- Email address
- Phone number
- Password (hashed)
- Date of birth
- Gender/sex

**Profile Information:**
- Username
- Profile photos
- Biography
- Dating preferences
- Interests and hobbies
- Location information (city, region)
- BDSM/SM preferences (Spicy mode)

**Communications:**
- Messages exchanged with other users
- Photos and shared media
- Message reactions
- Call history (if applicable)

### 3.2 Information Collected Automatically

**Usage Data:**
- Pages visited and features used
- Time spent on the application
- Profile interactions
- Action history (likes, dislikes, flashes)
- Geolocation data (with consent)

**Technical Data:**
- IP address
- Device type and operating system
- Device identifiers
- Cookies and similar technologies
- Application performance data

**Compatibility Data:**
- AI-calculated compatibility scores
- Machine learning data
- Interaction patterns
- Derived preferences

## 4. Processing Purposes

### 4.1 Service Provision
- Creating and managing your account
- Connecting you with other users
- Calculating compatibility and recommendations
- Messaging and chat features
- Organizing community events

### 4.2 Service Improvement
- Usage data analysis
- Developing new features
- Optimizing recommendation algorithms
- User experience testing and research

### 4.3 Security and Moderation
- Fraud and abuse prevention
- Content moderation
- Age and identity verification
- Protection against inappropriate behavior

### 4.4 Communications
- Push notifications and emails
- Customer support
- Information about new features
- Marketing communications (with consent)

## 5. Legal Basis for Processing

### 5.1 Contract Performance
- Providing requested services
- Managing your account
- Connecting you with other users

### 5.2 Legitimate Interest
- Improving our services
- Fraud prevention
- Usage data analysis
- Compatibility algorithm development

### 5.3 Consent
- Precise geolocation
- Marketing communications
- Spicy mode (adult content)
- Non-essential cookies

### 5.4 Legal Obligation
- Age verification
- Data retention for authorities
- Compliance with applicable regulations

## 6. Data Sharing

### 6.1 With Other Users
- Profile information (according to your settings)
- Messages and communications
- Shared photos
- Presence status

### 6.2 Service Providers
- Hosting and infrastructure (Supabase)
- Payments (Stripe)
- Analytics (Google Analytics)
- Push notifications (Expo)
- Customer support

### 6.3 Legal Authorities
- In case of legal obligation
- To protect our rights
- In case of security emergency

### 6.4 International Transfers
- Some providers may be located outside the EU
- Appropriate safeguards in place
- European Commission standard contractual clauses

## 7. Data Retention

### 7.1 Account Data
- **Duration**: As long as your account is active
- **Deletion**: 30 days after account deletion
- **Exception**: Data necessary for legal obligations

### 7.2 Messages and Communications
- **Duration**: 2 years after last activity
- **Automatic deletion**: Self-destructing messages according to settings
- **Archiving**: Important messages for moderation

### 7.3 Usage Data
- **Duration**: Maximum 3 years
- **Anonymization**: After 1 year for analytics
- **Deletion**: Personally identifiable data removed

### 7.4 Compatibility Data
- **Duration**: 1 year after last interaction
- **Automatic cleanup**: Via cron jobs
- **Anonymization**: For algorithm improvement

## 8. Your Rights

### 8.1 Right of Access
- Obtain a copy of your personal data
- Verify the data we hold about you

### 8.2 Right of Rectification
- Correct inaccurate information
- Update your preferences

### 8.3 Right to Erasure
- Request deletion of your data
- "Right to be forgotten" under certain conditions

### 8.4 Right to Portability
- Retrieve your data in a structured format
- Transfer your data to another service

### 8.5 Right to Object
- Object to processing for legitimate reasons
- Unsubscribe from marketing communications

### 8.6 Right to Restriction
- Request processing limitation
- In case of data accuracy dispute

## 9. Data Security

### 9.1 Technical Measures
- Data encryption in transit and at rest
- Two-factor authentication available
- Continuous security monitoring
- Regular and secure backups

### 9.2 Organizational Measures
- Staff training on data protection
- Limited access to personal data
- Strict security policies
- Regular practice audits

### 9.3 Security Incident
- Breach notification procedure
- Information to affected users
- Authority notification if necessary
- Immediate corrective measures

## 10. Cookies and Similar Technologies

### 10.1 Cookie Types
- **Essential cookies**: Application functionality
- **Performance cookies**: Usage analysis
- **Functionality cookies**: Personalization
- **Marketing cookies**: Targeted advertising (with consent)

### 10.2 Cookie Management
- Cookie settings in the application
- Possibility to refuse non-essential cookies
- Impact on certain features

## 11. Children's Data

- Velvett is strictly for users 18 years and older
- We do not knowingly collect data from minors
- Age verification during registration
- Immediate deletion if minor detected

## 12. Policy Changes

### 12.1 Change Notification
- Email notification for important changes
- Display in the application
- 30-day notice before application

### 12.2 Acceptance
- Continued use = acceptance of changes
- Possibility to terminate in case of disagreement
- Version history maintained

## 13. Contact and Complaints

### 13.1 General Questions
- Email: privacy@velvett.app
- Support: support@velvett.app

### 13.2 Data Protection Officer
- Email: dpo@velvett.app
- Address: [DPO address]

### 13.3 Supervisory Authority
- CNIL (France): https://www.cnil.fr
- Right to file a complaint
- Appeal procedure available

## 14. Specific Provisions

### 14.1 Spicy Mode (BDSM/SM)
- Explicit consent required
- Sensitive preference data
- Enhanced data protection
- Possibility to withdraw consent

### 14.2 Geolocation
- Explicit consent required
- Limited to dating features
- Possibility to disable at any time
- Anonymized data for analytics

### 14.3 AI and Compatibility
- Automated preference processing
- Transparent algorithmic decisions
- Possibility to contest recommendations
- Continuous algorithm improvement

## 15. Appendices

### 15.1 Glossary
- **Personal data**: Any information identifying a person
- **Processing**: Any operation on personal data
- **Data controller**: Velvett
- **Processor**: Service provider processing data for Velvett

### 15.2 Previous Versions
- Archive of previous versions available
- Modification history maintained
- Version comparison possible

---

**This Privacy Policy is effective as of January 16, 2025. By using Velvett, you accept the practices described in this policy.**