Matchmallow Privacy Policy

Effective Date: June 9, 2026

This Privacy Policy explains how Matchmallow ("Matchmallow," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use the Matchmallow mobile application and related services (the "Service"). By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

Table of Contents

1. Who We Are
2. Information We Collect
3. How We Collect It
4. How We Use Your Information
5. Legal Bases for Processing
6. Location: City-Level Only, No GPS
7. How We Share Your Information
8. We Do Not Sell Your Data
9. Data Retention & Deletion
10. Security
11. Children
12. Your Privacy Rights
13. International Data Transfers
14. Push Notifications & Opt-Out
15. Cookies & Tracking
16. Changes to This Policy
17. Contact Us

1. Who We Are

Matchmallow is an "intentional" dating app available on iOS and Android. The app is built with Expo/React Native, and its backend runs on Microsoft Azure. The data controller responsible for your personal information is Matchmallow. You can reach us at matchmallowapp@gmail.com.

2. Information We Collect

We collect only the information needed to operate a dating service. Specifically:

Account & identity information

• Email address
• Password (stored only as a secure BCrypt hash — we never store or see your plain-text password)
• Name
• Date of birth (used to confirm you are 18+ and to display/derive age)

Profile information you provide

• Gender, and who you want to date
• City and country (used to estimate distance — see Section 6)
• Profile photos
• Short bio
• Interests
• "Prompts" (question-and-answer responses)
• Self-described attributes: religion/faith and observance level; ethnicity; relationship status; whether you have or want children; and smoking and drinking habits
• "Deal-breakers" (the hard matching filters you choose)

Activity & communications

• Chat messages exchanged with users you have matched with
• Likes, matches, blocks, and reports
• Last-active timestamp

Device & technical information

• Push notification token (so we can send you notifications)
• Device platform (iOS or Android)

We do not collect GPS or precise location, and we do not use third-party analytics SDKs or advertising trackers.

3. How We Collect It

We collect information:

• Directly from you when you register, verify your email, build your profile, set deal-breakers, upload photos, and send messages;
• Automatically in limited, technical ways when you use the app, such as your device platform, push token, and last-active timestamp; and
• Derived/computed by us — for example, we estimate the approximate distance between members using the public coordinates of the cities they select (see Section 6).

4. How We Use Your Information

We use your information to:

• Provide your account — register you, authenticate you, and maintain your profile;
• Verify your email — email verification is mandatory before you can use the Service, which helps keep out bots and fraudulent accounts;
• Power matching — show you relevant profiles, apply your deal-breaker filters, enable mutual matching under the capped "3+3" connection model, and enable chat between matched users;
• Estimate distance — calculate approximate distance between members from the public coordinates of the cities they select (never from GPS);
• Keep the community safe — operate blocking and reporting tools, review reports, moderate content, and remove objectionable content or abusive users;
• Send transactional email — such as email-verification and account-related messages;
• Send push notifications — such as new match and new message alerts (you can opt out — see Section 14);
• Maintain, secure, and improve the Service — including troubleshooting, preventing fraud and abuse, and ensuring reliability; and
• Comply with law — meet legal obligations and enforce our Terms.

5. Legal Bases for Processing

Where the EU/UK General Data Protection Regulation (GDPR) or similar laws apply, we rely on the following legal bases:

• Performance of a contract — to provide the Service you sign up for (account, matching, chat, notifications you request).
• Consent — for certain processing such as the optional sensitive profile details you choose to share (for example, religion/faith, ethnicity), and for push notifications. You may withdraw consent at any time.
• Legitimate interests — to keep the Service safe and secure, prevent fraud and abuse, moderate content, and improve the Service, balanced against your rights.
• Legal obligation — where we must process data to comply with applicable law.

Some profile attributes (such as religion/faith and ethnicity) may be considered "special category" data. We process this information only because you choose to provide it to be displayed on your dating profile, on the basis of your explicit consent. You are never required to share these attributes, and you can edit or remove them at any time.

6. Location: City-Level Only, No GPS

Matchmallow does not use GPS and does not collect your precise location. You tell us your city and country. We estimate the approximate distance between you and other members using the public coordinates of the cities each member selects. This means distances shown in the app are approximate, city-level estimates — not your real-time or exact position.

7. How We Share Your Information

We share information only as described below.

With other users (by design). Your profile information — such as your name, age, photos, bio, interests, prompt answers, self-described attributes, and city-level location — is visible to other users as part of how a dating app works. Your chat messages are shared with the user(s) you are matched with. We never share your email address, password, or exact contact details with other users.

With service providers (subprocessors). We use a small number of trusted providers to operate the Service. They process data only on our instructions and only as needed to provide their service:

For legal and safety reasons. We may disclose information if required by law, legal process, or government request, or where we believe disclosure is necessary to protect the rights, safety, or property of our users, the public, or us — including to investigate or report abuse.

In a business transfer. If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy.

8. We Do Not Sell Your Data

We do not sell your personal information, and we do not share it with advertising networks. We do not use third-party advertising trackers. We have no financial incentive to monetize your data beyond providing the Service.

9. Data Retention & Deletion

We retain your personal information for as long as your account is active and as needed to provide the Service.

• In-app account deletion. You can delete your account directly within the app at any time. Deleting your account erases your personal data from the Service.
• Limited exceptions. We may retain certain information where necessary to comply with legal obligations, resolve disputes, prevent fraud and abuse, or enforce our agreements. Content you already shared with another user (for example, messages they received) may remain visible to that user. Backups are purged on a rolling basis according to our standard backup cycle.

If you would like help deleting your data, contact us at matchmallowapp@gmail.com.

10. Security

We take reasonable technical and organizational measures to protect your information, including:

• Hashed passwords — passwords are stored only as BCrypt hashes, never in plain text;
• Encryption in transit — data exchanged between the app and our servers is encrypted using industry-standard transport encryption (HTTPS/TLS); and
• Access controls — access to personal data is limited to what is necessary to operate the Service.

No method of transmission or storage is 100% secure, so we cannot guarantee absolute security. Please help protect your account by using a strong, unique password and keeping it confidential.

11. Children

The Service is strictly for adults. You must be at least 18 years old to use the Service. We do not knowingly collect personal information from anyone under 18. We collect and enforce date of birth at registration, and under-18 use is prohibited. If we learn that we have collected information from someone under 18, we will delete it and terminate the account. If you believe a minor is using the Service, please contact us at matchmallowapp@gmail.com.

12. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights regarding your personal information.

For everyone. You can view and edit most of your profile information directly in the app, and you can delete your account in the app at any time.

GDPR (EU/UK and similar). You have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate or incomplete data;
• Erase your data ("right to be forgotten");
• Port your data — receive it in a portable format;
• Restrict or object to certain processing; and
• Withdraw consent at any time, without affecting prior processing.

You also have the right to lodge a complaint with your local data protection authority.

CCPA/CPRA (California and similar U.S. state laws). You have the right to:

• Know what personal information we collect and how we use it (described in this Policy);
• Access and delete your personal information;
• Correct inaccurate personal information; and
• Opt out of the "sale" or "sharing" of personal information. Note: we do not sell or share your personal information, so there is nothing to opt out of.

We will not discriminate against you for exercising any of these rights.

How to exercise your rights. Use the in-app tools where available, or contact us at matchmallowapp@gmail.com. We may need to verify your identity before acting on your request, and we will respond within the timeframes required by applicable law.

13. International Data Transfers

We operate using infrastructure and service providers (including Microsoft Azure, Cloudflare R2, Resend, and Expo) that may store or process data in countries other than the one in which you live. When we transfer personal data internationally, we rely on appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) where required by applicable law to protect your information.

14. Push Notifications & Opt-Out

With your permission, we send push notifications (for example, new match and new message alerts) using your device's push token and the Expo push notification service (with Apple and Google delivering the actual notifications). You can turn off push notifications at any time in your device's system settings. Turning off notifications does not delete your account or other data.

15. Cookies & Tracking

Matchmallow is a mobile app and uses minimal tracking. We do not use third-party advertising trackers, advertising networks, or third-party analytics SDKs. We use only the technical identifiers necessary to operate the Service (such as your push notification token and authentication tokens). We do not track you across other apps or websites.

16. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice (for example, by posting the updated Policy in the app or on our website and updating the Effective Date). Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

17. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:

• Email / Data-protection contact: matchmallowapp@gmail.com
• Company: Matchmallow

If you are in the EU/UK and we are required to designate a representative or Data Protection Officer, their contact details will be provided here: We have not appointed a Data Protection Officer or EU representative; you can contact us at the email above..