1. Introduction
Your privacy matters to us -- genuinely. DateFlo is a platform built around personal moments, and we take the responsibility of handling your information seriously. This Privacy Policy is here to be transparent about what we collect, why we collect it, and what control you have over it.
By using DateFlo, you're agreeing to the practices described here. If something doesn't sit right, we'd rather you reach out and ask than walk away confused. This policy works alongside our Terms of Service.
2. What We Collect
2.1 What You Tell Us
When you sign up and use DateFlo, you share certain things with us. Here's what that includes:
- Account basics: your name and email address.
- Your partner's name: so we can personalize your date plans (we only use their first name).
- Relationship details: things like your relationship status and anniversary, if you choose to share them.
- Location: your city and neighborhood preferences -- entered by you, not tracked automatically.
- Food preferences: dietary restrictions, cuisine favorites, allergies, and anything else that helps us plan around what you love to eat.
- Activity preferences: the kind of vibes you're into, your budget range, and any special requests.
- Date history and feedback: your past plans, ratings, and comments.
- Photos: any images you upload for your date memories or profile.
- Messages: anything you send us via email or through the platform.
2.2 Payment Info
When you buy something, your payment goes directly through Stripe. We never see or store your full card number, CVV, or sensitive payment details. All we receive is:
- Whether the payment went through or not.
- The last four digits of your card (so you can recognize it in your history).
- Your billing address, if your payment method requires it.
- The amount, date, and currency of the transaction.
2.3 What We Pick Up Automatically
When you use DateFlo, some technical info gets collected in the background -- nothing unusual, just standard web stuff:
- Device info: your browser, operating system, device type, and screen size.
- Log data: your IP address, when you visited, which pages you viewed, and where you came from.
- Usage patterns: which features you use, what plans you look at, and how long your sessions last.
3. How We Use It
Everything we collect serves a purpose. Here's what we do with your information and why:
3.1 Making Your Dates Better
- Building personalized date plans around your preferences, location, and relationship.
- Learning from your feedback and history to make future recommendations even sharper.
- Keeping your dashboard filled with your plans, favorites, wishlists, and memories.
- Using your names to make the experience feel personal -- because it is.
3.2 Running the Service
- Processing payments and managing your credits.
- Sending you plan deliveries, confirmations, and important account updates.
- Responding when you reach out to us with questions or needs.
- Verifying your identity and keeping your account secure.
3.3 Improving DateFlo
- Understanding how people use the platform so we can make it better.
- Seeing which date plans and venues resonate most.
- Finding and fixing bugs or performance issues.
- Building new features that actually matter to our users.
3.4 Legal and Safety
- Complying with laws and regulations when required.
- Enforcing our Terms and protecting against fraud or abuse.
- Keeping DateFlo safe for everyone.
4. Who We Share With
4.1 We Don't Sell Your Data. Period.
We don't sell, rent, or trade your personal data to anyone -- not for marketing, not for ads, not for any reason. We never have, and we never will.
4.2 The Services That Help Us Run DateFlo
We work with a small number of trusted services that help us deliver the platform. They only get the data they need to do their job:
- Supabase: hosts our database and handles authentication. Your account info, preferences, and date history live on their secure infrastructure.
- Stripe: processes payments. Your card info goes directly to them -- we never see it. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy.
- Google Maps API: powers the location features in your date plans. Your city and venue info may be shared with Google when we pull up maps or directions. See Google's Privacy Policy.
- Resend: delivers our emails -- things like date plan deliveries and account notifications. They receive your email address and the content of messages we send you.
4.3 When the Law Requires It
We may share your information if legally required to -- for example, by court order or subpoena -- or if we genuinely believe it's necessary to:
- Comply with the law.
- Protect DateFlo's rights or property.
- Prevent fraud or illegal activity.
- Keep our users and the public safe.
4.4 If DateFlo Changes Hands
If DateFlo is ever acquired, merges with another company, or sells part of its assets, your data may be part of that transition. If that happens, we'll let you know by email and give you a clear picture of what it means for your information.
5. How Long We Keep Your Data
5.1 While You're With Us
- Active accounts: we keep your data for as long as your account is active.
- Payment records: transaction records are kept as long as tax and financial regulations require (usually around 7 years).
- Usage data: kept in anonymized, aggregate form for analytics -- it can't be tied back to you.
- Support conversations: we may keep these for up to 3 years after the issue is resolved, for quality purposes.
5.2 If You Want Out
You can request account deletion anytime -- through your dashboard settings or by emailing support@dateflo.com. Here's what happens when you do:
- We'll delete or anonymize your personal data within 30 days.
- Your name, email, partner name, preferences, photos, and date history will be permanently removed.
- Anonymized data that can't identify you may stick around for improving the service.
- Payment records stay on file as required by law, but they'll no longer be linked to you.
- We'll email you to confirm once everything's been deleted.
6. Cookies
6.1 What We Use
We keep cookies minimal and privacy-focused:
- Authentication cookies: these keep you signed in. Without them, the app can't work.
- Preference cookies: these remember your display settings so you don't have to set them every time.
6.2 What We Don't Use
- No advertising or marketing cookies.
- No third-party tracking pixels or retargeting.
- No cross-site tracking.
- No targeted or behavioral ads. None.
6.3 Your Control
You can manage cookies through your browser settings. Just know that turning off essential cookies will break the sign-in experience.
7. Children's Privacy
DateFlo is for adults 18 and older. We don't knowingly collect data from anyone under 18, and if we find out we have, we'll delete it and close the account immediately.
If you believe a minor has created an account on DateFlo, please let us know right away at support@dateflo.com.
8. California Privacy Rights
If you're in California, the CCPA and CPRA give you some extra protections. Here's what you can do:
8.1 Right to Know
You can ask us to tell you exactly what personal information we've collected about you over the past 12 months -- what categories, where it came from, why we have it, and who we've shared it with.
8.2 Right to Delete
You can ask us to delete your personal information. There are a few legal exceptions (like data we need to finish a transaction), but we'll honor your request wherever we can.
8.3 Right to Correct
If something we have on file is wrong, you can ask us to fix it.
8.4 Right to Opt-Out of Sale
We don't sell your data or share it for targeted advertising -- so there's nothing to opt out of. But feel free to contact us to confirm anytime.
8.5 No Discrimination
Exercising your privacy rights will never affect the quality or availability of our service. We won't treat you any differently for it.
8.6 How to Make a Request
Email us at support@dateflo.com with the subject line "California Privacy Request." We'll verify your identity and respond within 45 days.
8.7 What We Collect (CCPA Categories)
For full transparency, here are the CCPA-defined categories of personal information we collect:
- Identifiers: name, email address, IP address.
- Personal info (Cal. Civ. Code 1798.80(e)): name, city.
- Protected classifications: relationship status (voluntarily provided).
- Commercial info: purchase and transaction history.
- Internet activity: how you use the dashboard and which features you interact with.
- Inferences: date preferences and recommendations based on the above.
9. International Users
9.1 Where Your Data Lives
DateFlo operates from the United States. If you're using us from another country, your data may be transferred to and stored in the US or wherever our service providers operate. Data protection laws in those places may be different from where you live.
9.2 For Users in the EEA and UK
If you're in the European Economic Area or the UK, here's the legal basis for how we handle your data:
- Contract performance: we need to process your data to deliver the service you signed up for.
- Legitimate interests: things like improving the platform, running analytics, and preventing fraud -- where our needs don't override your rights.
- Consent: for any processing where we've specifically asked for your permission.
- Legal obligation: when the law requires us to process certain data.
You also have additional rights under GDPR, including data portability, the right to restrict processing, and the right to file a complaint with your local supervisory authority. Reach out to support@dateflo.com to exercise any of these.
9.3 For Users in Canada
Your data is handled in line with PIPEDA. You can access, correct, or withdraw consent for your personal information at any time.
10. How We Protect Your Data
We take security seriously. Here's what we've put in place:
- Encryption in transit: everything between your browser and our servers is encrypted with TLS/SSL.
- Encryption at rest: your data is encrypted in our database, even when it's just sitting there.
- Secure authentication: accounts are protected through Supabase's auth system with secure password hashing and session management.
- Access controls: only authorized team members can access personal data, and only when they need to.
- PCI compliance: all payment processing goes through Stripe, which is PCI DSS Level 1 certified.
- Ongoing reviews: we regularly check and update our security practices.
No system is 100% bulletproof -- that's just the reality of the internet. But we're committed to staying vigilant and acting fast if something ever goes wrong. If a data breach affects your information, we'll notify you and the relevant authorities as required by law.
11. Do Not Track
Some browsers send "Do Not Track" signals. There's no industry standard for how to respond to them, so we don't formally act on them. That said, we don't do cross-site tracking or targeted advertising anyway -- so the result is the same either way.
12. Links to Other Sites
Your date plans may include links to restaurants, venues, maps, and other third-party websites. Those sites have their own privacy policies, and we're not responsible for how they handle your data. We'd encourage you to give their policies a quick look when you visit.
13. Updates to This Policy
We may update this Privacy Policy as things evolve. When we make meaningful changes:
- We'll update the date at the top of this page.
- We'll give you at least 14 days' notice by email before the changes take effect.
- For big changes, we may also put a notice in the app itself.
If the updated policy doesn't work for you, you're free to stop using DateFlo and request account deletion.
14. Questions? Talk to Us.
If you have any questions about this policy or your data, we're here for you.
For privacy-related questions, put "Privacy Inquiry" in the subject line. We'll get back to you within 2 business days, and any data requests will be fulfilled within 30 days.