Privacy Policy

1. About this policy

GraceMeet ("GraceMeet", "we", "us", or "our") is committed to protecting your personal data. This privacy policy explains how we collect, use, share, and safeguard information about you when you use our matchmaking service (the "Service").

We process personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

2. Data controller

The data controller for personal data processed via the Service is GraceMeet Ltd, a private limited company registered in England and Wales (company number 17192031). Contact: gracemeetapp@gmail.com.

3. Personal data we collect

Information you provide

• Account information: email address, full name, date of birth, gender, gender you are seeking, city, country.
• Profile information: occupation, denomination, church attendance, faith values, marriage vision, dealbreakers, hobbies, communication style, love language, lifestyle preferences, children preferences, spiritual leadership view.
• Heart answers: free-text responses to onboarding questions about faith, family vision, conflict, growth, hopes for a partner, and what has carried you through hardship.
• Photos: profile photos (up to 6) and verification selfies.
• Messages: content of messages you send to other users via the Service.
• Match feedback: which matches you accepted or passed on, and reasons given for passing.

Information collected automatically

• Authentication tokens to keep you signed in.
• Last-seen timestamp to identify inactive accounts.
• Verification attempt timestamps and outcomes.

Information from third parties

We do not purchase or receive personal data from third parties.

4. How we use your personal data

We process your personal data for the following purposes:

Purpose	Legal basis
Providing the matching service (including AI-powered match generation)	Performance of contract
Verifying your identity and preventing fraud	Legitimate interests; legal obligation
Sending service-related emails (matches, messages, account)	Performance of contract
Processing subscription payments	Performance of contract
Investigating reports and moderating the platform	Legitimate interests; legal obligation
Improving our matching algorithm via aggregate analysis	Legitimate interests
Complying with legal obligations	Legal obligation

5. Automated decision-making

Our matching service uses artificial intelligence — specifically, large language models provided by Anthropic — to recommend potential partners based on the profile information you provide. This constitutes automated processing.

You always retain the right to:

• Decline any match recommendation;
• Request human review of your match recommendations by contacting us;
• Provide feedback that influences future recommendations.

The matching process does not produce legal effects or similarly significant effects on you, as you are free to accept, reject, or ignore any match.

6. Training of AI models (optional consent)

We may use your profile data, heart answers, match decisions, conversation patterns, and (where applicable) relationship outcomes to train and improve our AI matching models. This may include fine-tuning open-source language models on our dataset to produce successor versions of the matching system.

This is strictly optional. We will only use your data for AI training purposes if you have given explicit, separate consent — either by ticking the dedicated "Help us improve" checkbox at sign-up, or by enabling the corresponding toggle in your account's privacy settings.

If you do not consent:

• Your data will not be used for training future models;
• Logs of AI matching decisions involving your data are automatically deleted within 30 days of generation;
• Your experience of the Service is not affected in any way.

If you do consent:

• Your data will be anonymised before training — direct identifiers (name, email, photos, contact details) are removed;
• Trained models are designed not to memorise individual users — they learn statistical patterns, not personal details;
• We will not sell or share training data with third parties unrelated to model development;
• You may withdraw consent at any time from your privacy settings. Withdrawal is processed within 30 days. Models that have already been trained on your data cannot be retroactively "untrained" — but no further training will use your data.

This consent is recorded with a timestamp and version, so we have a clear record of what you agreed to and when.

7. Sharing your personal data

Visible to other users

Your name, photos, age, city, denomination, occupation, faith values, hobbies, and selected profile fields are visible to users with whom you are matched. Once a mutual match occurs, conversation messages are exchanged directly between you.

Service providers (data processors)

• Supabase Inc. (United States) — database hosting, authentication, file storage. Processes profile and conversation data.
• Anthropic, PBC (United States) — AI matching and identity verification analysis. Receives profile summaries for matching purposes; receives selfie and profile photo for verification.
• Resend, Inc. (United States) — email delivery. Receives email address and message content for transactional emails.
• Netlify, Inc. (United States) — frontend hosting.

All processors are bound by data processing agreements requiring UK GDPR-equivalent protections. International transfers to the United States rely on appropriate safeguards including Standard Contractual Clauses.

Other disclosures

We may disclose your personal data:

• To comply with legal obligations, court orders, or regulatory requests;
• To protect our rights, property, or safety, or that of our users or others;
• In connection with a merger, acquisition, or sale of assets.

We do not sell your personal data.

8. Photo and selfie processing

• Profile photos are stored in our public storage and visible to matched users.
• Verification selfies are stored in private storage, analysed by AI to confirm your identity, and automatically deleted after a verification decision is made (or within 30 days at the latest).

9. Retention

We retain your personal data for as long as your account is active. When you delete your account:

• Profile data, photos, and faith details are deleted within 30 days;
• Conversation messages are retained for up to 90 days for safety/abuse investigation;
• Aggregate, anonymised data may be retained indefinitely for service improvement;
• We may retain certain information longer if required by law (e.g., financial records).

10. Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate personal data;
• Erase your personal data ("right to be forgotten");
• Restrict processing of your personal data;
• Data portability — receive your data in a structured, machine-readable format;
• Object to processing based on legitimate interests;
• Withdraw consent where processing is based on consent;
• Lodge a complaint with the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, contact us at gracemeetapp@gmail.com. We will respond within one calendar month.

11. Security

We implement appropriate technical and organisational measures including encrypted transport (HTTPS), encrypted-at-rest storage, row-level security, and access controls. However, no method of transmission or storage is completely secure. You are responsible for keeping your password confidential.

12. Children

GraceMeet is exclusively for adults aged 18 or over. We do not knowingly collect data from anyone under 18. If you believe a minor has provided personal data, contact us immediately.

13. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to your registered address at least 14 days before they take effect.

14. Contact

For privacy questions, requests, or complaints:

GraceMeet Ltd
Company number 17192031 (registered in England and Wales)
Email: gracemeetapp@gmail.com

You also have the right to complain to the UK Information Commissioner's Office (ICO):

• Online: ico.org.uk
• Phone: 0303 123 1113