Privacy Policy

• Account data: username, email, password hash, and terms acceptance timestamp.
• Security data: TOTP secrets, recovery codes, passkeys/WebAuthn credentials (encrypted at rest), authentication events, IP addresses, and user-agent strings.
• Session data: active session records (IP + user-agent) so you can view and revoke sessions.
• OAuth link data: linked provider accounts (42, Google, GitHub, Discord) and provider email when available.
• Matcha profile data: first name, last name, birth date/year, gender, preference, bio, tags, and profile completion status.
• Matcha media data: up to 5 uploaded photos per user, including profile photo flag and ordering.
• Photo editor output data: final processed image files after crop/rotate/filter actions.
• Matcha interaction data: profile views, expressed/removed interest signals, matches, blocks, reports, messages, audio-call events, and notification events.
• Event planning data: match event invites, responses, schedule, and optional place details shared between participants.
• Voice message data: uploaded audio files (validated and type-checked), metadata (duration/type), and associated message records.
• Live audio call data: caller/callee IDs, call status transitions, timestamps (start/answer/end), signaling metadata, and derived call duration.
• Location data: required city (manual fallback), optional GPS coordinates, and optional GPS-resolved area/neighborhood label.
• GPS consent data: explicit consent flag indicating whether GPS-based location is authorized by the user.
• Location visibility preference: whether your location is visible to everyone, only matches, or nobody.
• Map query preference: selected audience/radius filters used to render profiles on the map view.
• Geocoding data (server-side): OpenStreetMap Nominatim may be used to resolve GPS to city/area labels (reverse) and city/area labels to approximate map coordinates (forward), with local fallback when unavailable.
• Public profile photo data: your selected Matcha profile photo URL and gallery ordering.
• Development email fallback logs: in non-production only, verification/reset links may be logged when SMTP is disabled or delivery fails (for local testing).
• Moderation data: sanctions/restrictions, report handling, admin actions, and banned emails for anti-abuse.
• System and operational logs for reliability and incident response.

• Provide account features and Matcha functionality (registration, profile, discovery, chat, notifications).
• Provide realtime product behavior (SSE event stream updates, unread counters, live chat/notification refresh).
• Protect users and platform integrity (security, anti-abuse, moderation, audit trail).
• Comply with legal obligations and handle user rights requests.

Data is retained only as long as needed for operation, security, and legal obligations. Account data and Matcha data are kept while your account is active. Security/audit/admin logs are retained for a limited period (currently 365 days in the admin interface), then deleted.

Only strictly necessary cookies are used. No advertising cookies and no third-party behavior tracking cookies are used.

• Authentication cookies (access + refresh tokens): HttpOnly and Secure in production.
• CSRF cookie: protects against cross-site request forgery attacks.
• OAuth state cookies (temporary): used during OAuth flows and cleared after completion.
• Cookie-consent preference: stores your banner choice state.

Data is not sold. It may be processed by infrastructure and service providers strictly required to run the project (hosting, email delivery, operational tooling) as processors/sub-processors.

• Email delivery provider (for verification and password-reset messages).
• Geocoding (reverse + forward) may use OpenStreetMap Nominatim from backend requests (your browser does not call it directly for geocoding).
• Interactive map tiles are fetched client-side from OpenStreetMap/CARTO tile infrastructure (their standard HTTP logs may include your IP and requested tile coordinates).

• Access, rectification, deletion, restriction, and portability of your personal data.
• Objection to processing based on legitimate interest.
• Withdraw consent (where applicable) without affecting prior processing.
• View and revoke active sessions at any time from the settings page.
• Export your personal data (including Matcha data, voice metadata, audio call history, events, and event chat messages) in machine-readable JSON format.
• Lodge a complaint with your supervisory authority (Belgian Data Protection Authority / APD-GBA).

If your account is restricted, some self-service actions may be unavailable. You can still exercise your rights by contacting [email protected].

For privacy requests (access, deletion, correction, objection, portability), contact: [email protected].