Last updated: February 2026
Your privacy matters. This policy explains what we collect and how we use it.
1. Information we collect
- Account details: email, name, password (hashed).
- Profile info: age, gender, city, bio, photos, interests.
- ID verification: selfie + ID document (stored securely, used only for verification, deleted after 90 days if unverified).
- Activity: swipes, matches, messages, likes, subscription history.
- Device info: browser type, IP address, push notification tokens.
2. How we use it
- To match you with other users.
- To verify identity and detect fake profiles.
- To process payments via Pesapal.
- To send notifications (with your consent).
- To improve safety and prevent abuse.
3. Payments
Payment processing is done by Pesapal. We never see your mobile money PIN or card details. Payment records include transaction reference, amount, and status only.
4. Who we share with
We do NOT sell your data. We share only with:
- Pesapal (payment processing)
- Our automated moderation service (photo safety check)
- Law enforcement when legally required
5. Your rights
You can:
- Access all data we hold about you (email us)
- Correct inaccurate information (via Profile page)
- Delete your account and all associated data (Profile → Delete account)
- Download a copy of your data (email us)
- Withdraw consent to marketing emails at any time
6. Data retention
We retain your data while your account is active. If you delete your account, we permanently remove all personal data within 30 days, except where required by law to retain (e.g. financial records for 7 years).
7. Security
Passwords are hashed with bcrypt. Session cookies are httpOnly + secure. Servers are protected with industry-standard measures. No system is 100% secure — report suspected breaches immediately.
8. Cookies
We use only essential cookies for authentication. No tracking or advertising cookies.
9. Contact
Privacy questions or requests: email privacy@heartbeat.app