🔒 Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, age, gender, email address, phone number, password
• Profile Information: Photos, bio, interests, preferences, location, education, occupation
• Identity Verification: Government-issued ID for verified badge (stored securely)
• Communications: Messages, chat history with matched users
• User Content: Photos, videos, and other content you upload
• Payment Information: Billing address, payment method details (processed securely by third-party providers)

1.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: Pages viewed, features used, time spent, interactions
• Location Data: GPS coordinates, IP address-based location
• Cookies & Tracking: Session cookies, analytics cookies, preference cookies
• Log Data: Access times, error logs, crash reports

1.3 Information from Third Parties

• Social media profile data (if you sign in with Facebook/Google)
• Payment processors (transaction confirmations)
• Analytics providers (aggregate usage statistics)

2. How We Use Your Information

• ✅ Provide Services: Create and manage your account, facilitate matches and connections
• ✅ Personalization: Show you relevant profiles based on preferences and location
• ✅ Communication: Send notifications about matches, messages, and app updates
• ✅ Safety & Security: Verify identities, prevent fraud, detect abuse
• ✅ Customer Support: Respond to inquiries and resolve issues
• ✅ Analytics: Understand usage patterns and improve our services
• ✅ Marketing: Send promotional content (with your consent, opt-out available)
• ✅ Legal Compliance: Comply with applicable laws and regulations

3. Information Sharing & Disclosure

3.1 With Other Users

Your profile information is visible to other users based on your privacy settings:

• Profile photos and bio (visible to potential matches)
• Online status and last active (if not using incognito mode)
• Messages (only with matched users)

3.2 With Third-Party Service Providers

• Cloud Hosting: AWS, Google Cloud (data storage)
• Analytics: Google Analytics, Firebase Analytics
• Payment Processing: Stripe, Razorpay (for premium features)
• Communication: Twilio (for SMS verification)
• Push Notifications: Firebase Cloud Messaging

All third parties are bound by strict data protection agreements.

3.3 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal processes (court orders, subpoenas)
• Protect our rights and property
• Prevent fraud or abuse
• Protect user safety

3.4 Business Transfers

In case of merger, acquisition, or sale of assets, your information may be transferred to the new entity.

4. Your Privacy Rights & Controls

4.1 Privacy Settings

• Show Profile: Control whether you appear in discover feed
• Show Photos: Display photos only to matched users
• Incognito Mode: Browse profiles without others knowing
• Location Sharing: Enable/disable location-based matching

4.2 Your Legal Rights

• 📄 Access: Request a copy of your data
• ✏️ Correction: Update inaccurate information
• 🗑️ Deletion: Request account and data deletion
• 🚫 Object: Object to certain data processing
• 📦 Portability: Receive your data in portable format
• ⏸️ Restrict: Limit how we process your data

To exercise these rights, email privacy@heartlink.co.in

5. Data Security

We implement industry-standard security measures:

• 🔐 Encryption: TLS/SSL encryption for data in transit
• 🔒 Secure Storage: Encrypted databases, access controls
• 🛡️ Authentication: Secure password hashing (bcrypt)
• 🔍 Monitoring: Regular security audits and vulnerability scans
• 👥 Access Control: Limited employee access on need-to-know basis
• 💾 Backups: Regular encrypted backups with access restrictions

6. Data Retention

• Active Accounts: Data retained while account is active
• Inactive Accounts: May be deleted after 2 years of inactivity
• Deleted Accounts: Personal data removed within 30 days
• Legal Requirements: Some data retained longer for compliance (e.g., transaction records for 7 years)
• Backup Data: Purged from all systems within 90 days of deletion

7. Children's Privacy

HeartLink is NOT intended for users under 18 years of age. We do not knowingly collect data from children. If we discover we have collected information from a minor, we will delete it immediately.

If you believe a minor is using our service, please report to report@heartlink.co.in

8. International Data Transfers

Your data may be transferred to and stored in countries outside your jurisdiction. We ensure appropriate safeguards through:

• Standard Contractual Clauses (EU-approved)
• Privacy Shield frameworks (where applicable)
• Adequate data protection agreements

9. Cookies & Tracking Technologies

• Essential Cookies: Required for app functionality
• Analytics Cookies: Help us understand usage patterns
• Preference Cookies: Remember your settings

You can manage cookie preferences in your browser settings.

10. Changes to Privacy Policy

We may update this policy periodically. Major changes will be notified via:

• In-app notification
• Email to registered users
• Banner on our website

Continued use of the app after changes constitutes acceptance.

11. Contact Us

12. Compliance & Certifications

HeartLink complies with:

• 🇪🇺 GDPR (General Data Protection Regulation)
• 🇺🇸 CCPA (California Consumer Privacy Act)
• 🇮🇳 IT Act 2000 and IT Rules 2011 (India)
• 🔒 ISO 27001 Information Security Standards (in progress)