Privacy Policy

Last updated: April 10, 2026  |  Effective: April 10, 2026

1. Introduction

EchoDate ("we," "us," or "our") operates the EchoDate mobile application (the "App") available on Apple App Store and Google Play Store. This Privacy Policy applies to all users of the App worldwide and describes our practices regarding the collection, use, storage, sharing, and protection of your personal data.

By downloading, installing, or using the App, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

We may update this Privacy Policy from time to time. We will notify you of material changes through in-app notifications or email. Your continued use of the App after any changes constitutes your acceptance of the updated policy.

2. Data Controller

EchoDate is the data controller responsible for your personal data. For any privacy-related inquiries or requests, you can contact us at:

• Email: privacy@echodate.me
• Support: support@echodate.me

3. Information We Collect

We collect the following categories of personal data:

3.1 Information You Provide Directly

• Account Registration Data: Name, email address, password (hashed and encrypted), date of birth, and gender.
• Profile Information: Profile photos, additional photos, cover image, biography/description, interests, languages spoken, country of residence, height, weight, and body type/figure.
• Identity Verification Data: When you choose to verify your identity, we collect a selfie photograph for facial comparison. This image is used solely for verification purposes and is processed securely.
• Communications: Messages, chat content, voice call metadata, video call metadata, gifts, message requests, and system notifications you send or receive through the App.
• Payment Information: When you purchase a subscription (Plus or Premium) or buy coins, payment processing is handled entirely by Apple (App Store) or Google (Play Store) through RevenueCat. We do not collect, store, or have access to your credit card number, bank account details, or other financial payment instruments.
• Support Requests: Any information you provide when contacting our support team, including email correspondence and attachments.
• User-Generated Content: Reports you file against other users, feedback, and any other content you voluntarily submit.

3.2 Information Collected Automatically

• Device Information: Device type, operating system and version, device model, unique device identifiers, mobile network information, and app version.
• Usage Data: How you interact with the App, including pages visited, features used, buttons tapped, time spent on screens, and session duration.
• Location Data: With your explicit consent, we collect approximate geographic location (latitude and longitude) to show your distance from other users and provide location-based discovery. You can disable location sharing at any time in your device settings or in the App's Privacy settings.
• Log Data: IP address, access timestamps, error logs, and crash reports to help us diagnose issues and improve the App.
• Online Status and Presence: Whether you are currently online, your last active timestamp, and typing indicators.
• Push Notification Token: Your device's push notification token (provided by Expo/Apple/Google) to deliver notifications. This token is stored in our database and associated with your user account.

3.3 Information from Third Parties

• Authentication Providers: If you sign in via Google or Apple, we receive your name, email address, and a unique identifier from the authentication provider. We do not receive your password from these providers.
• Subscription Status: RevenueCat provides us with your subscription status (active, expired, plan type) but does not share your payment method or billing details with us.

4. How We Use Your Information

We use the personal data we collect for the following purposes:

4.1 Providing and Operating the Service

• Creating and managing your user account
• Displaying your profile to other users in the discovery feed
• Facilitating connections, matches, and chat between users
• Enabling voice and video calls between matched users
• Processing in-app purchases (coins, subscriptions, store items)
• Delivering push notifications for messages, calls, matches, likes, and system notices
• Providing the store, gifting, and virtual item features

4.2 Personalization

• Showing you relevant users based on your location, preferences, and activity
• Customizing your chat experience with themes, backgrounds, and bubble styles
• Displaying your equipped avatar frame, chat background, and bubble style

4.3 Safety and Security

• Verifying user identity through facial verification
• Detecting, preventing, and addressing fraud, abuse, and violations of our Terms
• Enforcing our community guidelines and blocking/reporting features
• Protecting the rights, property, and safety of our users
• Investigating suspicious activity and unauthorized access

4.4 Communications

• Sending you service-related notifications (account verification, security alerts, policy updates)
• Responding to your support requests and inquiries
• Sending promotional communications about new features (you may opt out at any time)

4.5 Analytics and Improvement

• Understanding how users interact with the App to improve features and user experience
• Monitoring app performance, diagnosing bugs, and resolving technical issues
• Conducting research and analysis to develop new features

4.6 Legal Compliance

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from government authorities
• Establishing, exercising, or defending legal claims

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following legal bases for processing your personal data:

Purpose	Legal Basis
Account creation, profile display, messaging, calling	Contract Performance — necessary to provide the services you requested
Location-based features	Consent — you explicitly grant location permission
Push notifications	Consent — you grant notification permission on your device
Identity verification (selfie)	Consent — you voluntarily choose to verify
Fraud prevention, safety, abuse detection	Legitimate Interest — maintaining a safe platform
Analytics and improvements	Legitimate Interest — improving our services
Legal compliance	Legal Obligation — required by applicable law
Marketing communications	Consent — you can opt out at any time

6. Data Sharing and Disclosure

We do not sell your personal data to third parties. We share your data only in the following circumstances:

6.1 With Other Users

Certain information is visible to other users as part of the dating service:

• Your profile information (name, age, photos, bio, interests, country, languages)
• Your online status and last active time (unless you have hidden these via Privacy settings)
• Your distance from other users (unless hidden)
• Your connection count (unless hidden via Privacy settings)
• Messages and media you send in chats
• Your verification badge status
• Your equipped avatar frame and subscription badge

6.2 Service Providers (Third-Party Processors)

We use the following third-party service providers who process data on our behalf:

• Supabase — Database hosting, authentication, real-time messaging infrastructure, and file storage. Data is stored on Supabase's servers. See Supabase Privacy Policy.
• LiveKit — Real-time voice and video call infrastructure (WebRTC). Call media is transmitted peer-to-peer through LiveKit servers. Call content is not recorded or stored by LiveKit or EchoDate. See LiveKit Privacy Policy.
• Expo / Expo Notifications — Push notification delivery service. Your push token and notification content pass through Expo's servers. See Expo Privacy Policy.
• RevenueCat — Subscription and in-app purchase management. RevenueCat receives your anonymous user ID and subscription/purchase status. RevenueCat does not have access to your profile data, messages, or photos. See RevenueCat Privacy Policy.
• Apple App Store / Google Play Store — Payment processing for subscriptions and in-app purchases. All payment information is handled exclusively by Apple or Google. We never see or store your credit card or bank details.

6.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or government request, or if we believe in good faith that disclosure is necessary to:

• Comply with applicable law or respond to valid legal process (e.g., subpoena, court order)
• Protect the safety of any person
• Prevent fraud or address security issues
• Protect our rights, property, or the rights of our users

6.4 Business Transfers

If EchoDate is involved in a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.

7. Data Retention

We retain your personal data for as long as necessary to provide the service and fulfill the purposes described in this policy. Specific retention periods are:

Data Type	Retention Period
Account profile data	As long as your account is active, plus 30 days after deletion request
Chat messages	As long as the match/conversation exists; deleted when either user deletes the chat
Voice/video call data	Call metadata (duration, timestamp) retained for 90 days. Call audio/video is never recorded or stored.
Photos and media	As long as your account is active; deleted within 30 days of account deletion
Verification selfies	Processed for verification and retained for up to 90 days, then permanently deleted
Purchase/transaction records	Retained for 3 years for financial and legal compliance
Block and report records	Retained for 2 years to maintain platform safety
Push notification tokens	Retained while active; deactivated on logout; deleted with account
Log data and analytics	Retained for up to 12 months, then aggregated or deleted

When your data is no longer needed, we securely delete or anonymize it so it can no longer be associated with you.

8. Data Storage and Security

8.1 Where We Store Data

Your data is stored on servers operated by our service provider Supabase. Supabase may use data centers located in various regions. Data may be transferred to and stored in countries outside of your country of residence, including the United States.

Where data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the recipient's certification under an applicable data transfer framework.

8.2 Security Measures

We implement the following technical and organizational measures to protect your data:

• Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption (HTTPS).
• Encryption at Rest: Sensitive data stored in our database is encrypted at rest using AES-256 encryption.
• Password Hashing: Passwords are hashed using industry-standard bcrypt algorithms and are never stored in plain text.
• Access Controls: Access to user data is restricted to authorized personnel only, on a need-to-know basis.
• Row Level Security (RLS): Our Supabase database uses Row Level Security policies to ensure users can only access their own data through the API.
• Authentication Tokens: JWT-based authentication with automatic expiration and refresh.
• Regular Security Reviews: We periodically review and update our security practices.

9. Your Rights and Choices

Depending on your location, you have certain rights regarding your personal data:

9.1 Rights Available to All Users

• Access: You can view and access your personal data at any time through your Profile and Settings in the App.
• Correction: You can update or correct your profile information through the Edit Profile screen.
• Deletion: You can request deletion of your account and all associated data through Settings > Privacy > Delete Account. We will process your request within 30 days.
• Data Export: You can request a copy of your data through Settings > Privacy > Download My Data. We will provide your data in a machine-readable format within 48 hours.
• Withdraw Consent: Where processing is based on consent (e.g., location, notifications), you can withdraw consent at any time through your device settings or the App's Privacy settings.
• Opt Out of Marketing: You can opt out of promotional communications at any time by adjusting your notification preferences.

9.2 Additional Rights for EEA/UK/Swiss Residents (GDPR)

• Right to Restriction: You can request that we restrict the processing of your personal data in certain circumstances.
• Right to Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to Object: You can object to processing based on our legitimate interests. We will stop processing unless we have compelling grounds that override your interests.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.
• Automated Decision-Making: We do not make any decisions solely by automated processing (including profiling) that produce legal or similarly significant effects on you.

9.3 Additional Rights for California Residents (CCPA/CPRA)

• Right to Know: You can request information about the categories and specific pieces of personal data we have collected about you.
• Right to Delete: You can request that we delete your personal data, subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Opt Out of Sale: We do not sell your personal data. There is no data to opt out of selling.
• Right to Correct: You can request correction of inaccurate personal data.
• Right to Limit Use of Sensitive Data: You can request that we limit the use and disclosure of your sensitive personal data.

9.4 How to Exercise Your Rights

To exercise any of the above rights, you can:

• Use the relevant features in the App (Profile, Privacy settings, etc.)
• Email us at privacy@echodate.me with your request

We will respond to your request within 30 days. We may need to verify your identity before processing your request to prevent unauthorized access to your data.

10. Privacy Controls in the App

EchoDate provides extensive in-app privacy controls that allow you to manage your visibility and data sharing:

10.1 Discovery & Visibility Controls

• Show Me in Discovery: Control whether your profile appears in the discovery feed (Premium feature)
• Incognito Mode: Browse profiles invisibly — only users you like first can see you (Premium feature)
• Show Online Status: Hide your online/offline status from other users (Plus feature)
• Show Last Active: Hide when you were last active (Plus feature)
• Show Distance: Hide your distance from your profile (Plus feature)
• Show Age: Hide your age from your profile (Plus feature)
• Show Connection Count: Hide how many connections you have (Plus feature)

10.2 Interaction Controls

• Who Can Message Me: Restrict messaging to everyone, matches only, or nobody (Plus feature)
• Who Can View My Profile: Restrict profile visibility to everyone or matches only (Plus feature)
• Who Can Connect Me: Limit who can swipe right on you (Plus feature)
• Read Receipts: Control whether others see when you've read their messages (Premium feature)

10.3 Safety Controls

• Block Users: Block any user to prevent them from contacting you or seeing your profile
• Report Users: Report users who violate our community guidelines
• Unblock Users: Review and unblock users from your blocked list at any time

11. Children's Privacy

EchoDate is intended for users who are 18 years of age or older.

We do not knowingly collect, solicit, or maintain personal data from anyone under the age of 18. If we learn that we have collected personal data from a child under 18, we will take immediate steps to delete that data and terminate the associated account.

If you are a parent or guardian and believe that your child under 18 has provided us with personal data, please contact us immediately at privacy@echodate.me so we can take appropriate action.

12. Cookies and Tracking Technologies

As a mobile application, EchoDate does not use browser cookies. However, we may use the following technologies:

• Local Storage: We use AsyncStorage (on-device storage) to store your preferences, cached data, and session information locally on your device. This data never leaves your device unless you explicitly sync it.
• Push Notification Tokens: As described in Section 3.2, we store your device's push notification token to deliver notifications.
• Analytics SDKs: We may use analytics tools to understand app usage patterns. These tools may collect anonymized or pseudonymized data about your interactions with the App.

Our website (echodate.me) may use essential cookies for functionality. We do not use advertising or tracking cookies on our website.

13. Voice and Video Calls

EchoDate offers voice and video calling between matched users, powered by LiveKit:

• We do not record, store, or monitor the content of your voice or video calls.
• Call media (audio and video streams) is transmitted in real-time through LiveKit's secure WebRTC infrastructure and is not stored on any server.
• We only store call metadata (who called whom, call duration, call type, and timestamp) for service operation and troubleshooting purposes.
• Call metadata is retained for 90 days and then deleted.
• Your camera and microphone are only activated when you explicitly initiate or accept a call.

14. Push Notifications

We use push notifications to alert you about:

• New messages from your connections
• Incoming voice and video calls
• New matches and connection requests
• Profile views and likes (activity notifications)
• Gifts received
• System notices and important updates

Push notifications are delivered through:

• Apple Push Notification service (APNs) for iOS devices
• Firebase Cloud Messaging (FCM) for Android devices
• Expo Push Notification Service as an intermediary

You can disable push notifications at any time through your device settings. Disabling notifications will not affect your ability to use the App, but you may miss important alerts like incoming calls or messages.

15. In-App Purchases and Subscriptions

EchoDate offers subscription plans (Plus and Premium) and virtual currency (Coins) for in-app purchases:

• All payment processing is handled by Apple App Store or Google Play Store through RevenueCat.
• We never collect, process, or store your payment card information, banking details, or billing address.
• We receive only your subscription status (plan type, active/expired, renewal dates) from RevenueCat.
• Transaction records (coin purchases, store item purchases, gifts) are stored in our database for your transaction history and customer support purposes.
• For refund requests, we may verify your purchase through Apple or Google's systems.

16. User Content and Messages

• Messages: Chat messages are stored in our database to enable message delivery and history. Messages are accessible only to the sender and recipient of each conversation.
• Photos and Media: Photos uploaded to your profile and media shared in chats are stored on Supabase Storage with access controls. Profile photos are visible to other users according to your privacy settings.
• Deleted Content: When you delete a message "for everyone," it is marked as deleted in our database and no longer displayed to either party. When you clear or delete a chat, the messages are removed from your view. Account deletion removes all your content permanently.
• Encryption: While messages are encrypted in transit (TLS), they are not end-to-end encrypted. We have access to message content for safety and moderation purposes (e.g., reviewing reported content).

17. Location Data

• We collect your location only when you grant location permission on your device.
• Location data is used to calculate and display approximate distances between users and to show your location on your profile.
• You can hide your distance from other users through the Privacy settings (Plus feature).
• You can revoke location permission at any time through your device settings. The App will continue to function, but distance-based features will be unavailable.
• We do not continuously track your location in the background. Location is updated when you actively use the App.

18. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals to websites. As a mobile application, our App does not respond to browser DNT signals. However, we respect your privacy choices as described in this policy and provide extensive in-app privacy controls.

19. International Data Transfers

EchoDate operates globally, and your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission for certain countries
• Binding corporate rules or similar mechanisms adopted by our service providers
• Your explicit consent where required

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you through in-app notifications or email
• For significant changes, we may ask for your renewed consent

We encourage you to review this policy periodically. Your continued use of the App after any changes constitutes your acceptance of the updated policy.

21. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy Inquiries: privacy@echodate.me
• General Support: support@echodate.me
• Data Protection Officer: dpo@echodate.me

We will respond to all privacy-related inquiries within 30 days of receipt.