Your privacy matters

1. Introduction

Welcome to want ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a safe experience. This policy explains how we collect, use, and protect your data when you use our app and attend our events.

Contact Us: For any privacy questions or to exercise your rights, email us at team@want.london or privacy@want.london.

2. Data We Collect

We collect only what is necessary to connect you with great matches and run safe events.

A. Data You Give Us

• Account Info: Name, phone number, email, date of birth (for age verification).
• Profile Data: Gender, height, ethnicity, religion, job title, hometown, education, dating preferences.
• Media: Photos and voice notes you upload.
• Verification: A selfie or ID document used solely to verify you are a real person (processed by our partner Sumsub).

B. Data Automatically Collected

• Device Data: IP address, device model, and OS version (for security and debugging).
• Usage Data: When you log in, matches you see, and how you interact with the app.

3. How We Use Your Data

We use your data to:

• Create Matches (we use algorithms and AI to suggest profiles you might like)
• Verify Identity (to keep bots and bad actors out)
• Ensure Safety (to detect harmful behavior or harassment)
• Improve the App (to fix bugs and understand what features you use)

A Note on AI

We use Artificial Intelligence to help us understand your preferences and suggest better matches. We do NOT use your conversations or photos to train general-purpose AI models (like ChatGPT or Gemini) for the public. Your data is used only within our private ecosystem to improve your personal experience.

4. How We Share Data (Third Parties)

We do not sell data. We only share data with trusted tech providers who help us run the service ("Data Processors"). We have strict contracts with them to ensure they protect your data.

A Note on Ticket Tailor & Payments

When you purchase a ticket, you are entering data into Ticket Tailor, who acts as a "Data Processor" on our behalf. We remain the "Data Controller," meaning we are responsible for your data. Payment details are processed directly by Stripe and are not stored on our servers.

5. Data Retention & Deletion

Active Accounts

We keep your data as long as your account is open.

Deleted Accounts (Safety Window)

When you request deletion, we retain your data for 90 days before permanently deleting it. This is a safety measure to effectively investigate any reports of harassment or criminal activity that may arise after a user leaves.

Archives

Verification data (via Sumsub) may be kept for legal compliance periods as required by UK law.

6. Your Rights (UK GDPR)

You have the right to:

• Access (ask for a copy of your data — Subject Access Request)
• Delete (ask us to delete your account and data)
• Correct (update wrong information)
• Object (stop us from processing your data, though this may mean you can't use the app)

7. Security

We take security seriously and utilize a "defense in-depth" approach:

Location

Usage data stored in Supabase's London region eu-west-2 to ensure data sovereignty.

Encryption

All data encrypted in transit TLS and at rest AES-256.

Monitoring

Regular security reviews and automated vulnerability scanning.

Breach Protocol

If a high-risk data breach occurs, we pledge to notify affected users within 72 hours.

8. Changes to This Policy

We may update this policy. If we make big changes, we will notify you in the app.

Changelog

• January 2026: Safety Retention (introduced 90-day post-deletion retention window), AI Transparency (added explicit pledge that user data is not used to train general/public AI models), Processors (updated third-party list), Clarification (defined "Data Controller" vs "Data Processor" roles for Ticket Tailor event data).
• 1 September 2025: Added explicit consent for sensitive data, AI profiling with bias audits, chat moderation, third-party sharing table, breach notification, dual contact emails.