← PrideConnect home · Child Safety Policy · Terms of Service

Privacy Policy

Last updated: 2026-04-27 · Effective: 2026-04-27

PrideConnect respects your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we protect it, who we share it with, and the rights you have over it. Because PrideConnect serves LGBTQ+ adults, much of the data we handle is special-category sensitive personal data under GDPR Article 9 and equivalent provisions in the India DPDP Act, UK Data Protection Act 2018, and California Civil Code § 1798.140. We treat it with the highest standard of care.

This policy is written for PrideConnect operated by [Legal Entity Name — to be appointed before submission] ("we", "us", "our"). If anything in this policy conflicts with the laws of your country of residence, the local law prevails for residents of that country.

1. Data we collect

Category	Examples	Why	Retention
Account identifiers	email address, hashed password (argon2id), date of birth, declared gender identity + sexual orientation	create + secure your account; verify 18+ age gate; serve identity-relevant content	until account deletion
Profile data	display name, photos, bio, preferences, looking-for filters	show your profile to other users you choose to be discoverable to	until account deletion
Coarse location	500m grid cell only (never exact GPS)	show profiles within distance buckets ("<1 km", "1-2 km", etc.) for the Discover feature	session lifetime; not persisted at exact coordinates
Communication data	direct messages, voice / video call metadata (not content), reactions, reports filed	deliver messages; enforce safety policy	until account deletion or 90 days for soft-deleted messages; reports retained per legal hold
Device + technical	device fingerprint hash, app version, OS, IP address (truncated), crash logs (no personal content)	fraud / ban-evasion prevention; debugging; security audit	fingerprint: 1 year (India DPDP Act access logs); IP: 7 days max
Payment data	via Stripe / Razorpay / Apple / Google IAP — we never see card numbers	process Super Coins purchases or event commission payouts (when those features ship)	per processor; we keep only transaction id + amount
Special-category sensitive data	HIV status, health info you choose to disclose, orientation, gender identity	only if you voluntarily add it; column-level encrypted at rest (pgcrypto / AES-256 + libsodium)	until you remove it OR account deletion

We do not collect: phone contacts, calendar, exact GPS, biometric identifiers (face / fingerprint scans), or government ID. We do not sell your data to anyone.

2. Why we collect it (legal bases)

Consent (GDPR Art 6(1)(a) + Art 9(2)(a); India DPDP Act § 6) — for special-category data (HIV status, orientation), explicit opt-in at the moment you choose to disclose. You can withdraw consent any time and we will delete that data.
Contract performance (GDPR Art 6(1)(b)) — for account / profile / messaging features you sign up for.
Legal obligation (GDPR Art 6(1)(c)) — CSAM detection + NCMEC reporting (US 18 USC § 2258A); takedown obligations (UK Online Safety Act, Take It Down Act, India IT Rules); 1-year access-log retention (India DPDP Act).
Legitimate interest (GDPR Art 6(1)(f)) — fraud prevention, ban-evasion, security audits. Balanced against your reasonable expectations; you can object via privacy@prideconnect.lgbt.

3. How we protect it

Encryption in transit: TLS 1.3 between the app and our servers; HTTP Strict Transport Security; certificate pinning in the mobile app (rotates with each release).
Encryption at rest: AES-256-GCM via Cloudflare R2 (storage), TLS-encrypted Postgres, AES-256 SQLCipher for the on-device Drift database. Special-category fields (HIV status, orientation, etc.) are additionally encrypted at the column level via pgcrypto + key separation.
Strict Row-Level Security: every database query for user data runs inside a per-request Postgres transaction with app.current_user_id set; cross-user reads are physically blocked by 12-table FORCE ROW LEVEL SECURITY policies (verified by integration test).
Authentication tokens: PASETO v4 (never JWT) for access tokens with 15-minute expiry; refresh tokens stored as SHA-256 hashes only (never plaintext); device-bound; revocation list with token rotation.
Argon2id passwords with 19 MiB memory + 2 iterations (OWASP 2026 floor or stronger); we do not implement password hints, secret questions, or any memory-weak fallback.
Background CSAM scanning at upload via Cloudflare CSAM Scanning Tool + Project Arachnid Shield API; matches are blocked, the account is suspended, and a CyberTipline report is filed automatically. We never store or distribute CSAM.
No third-party analytics or trackers. No Firebase Analytics, no Google Analytics, no Mixpanel, no Segment, no Facebook Pixel. We use self-hosted Plausible / PostHog only.
No Apple / Google / Cloudflare staff have plaintext access to your sensitive data. Special-category fields are encrypted with keys we control.

4. Who we share it with

The shortest possible list:

You, via the in-app data-export feature (GDPR Article 15 + DPDP Section 11 right of access).
Other users you choose to share with — through your visible profile, sent messages, public posts.
Cloudflare (CDN + R2 photo storage + CSAM scanning + Zero Trust Access for our admin panel) — data processor under our DPA.
Hetzner Cloud (compute hosting in EU + India regions) — data processor.
NCMEC / Project Arachnid / National authorities — only when CSAM is detected or upon valid legal process, in accordance with the law of the relevant jurisdiction.
Stripe / Razorpay / Apple / Google IAP — payment processors, only the data needed to complete transactions.

We never share your sexual orientation, HIV status, or special-category data with advertisers, data brokers, third-party trackers, or marketing partners. We will never use your face photos for facial-recognition training or sell them to any AI company. We do not participate in the IAB TCF or any cross-platform ad-tracking framework.

5. Your rights

Depending on where you live, you have some or all of the rights below. Exercise any right by emailing privacy@prideconnect.lgbt or via in-app Settings → Privacy & Data → Manage My Data.

Access (GDPR Art 15, DPDP Sec 11, CCPA Sec 1798.110) — receive a machine-readable copy of all your data within 30 days.
Rectification (GDPR Art 16) — correct inaccurate data.
Erasure / "right to be forgotten" (GDPR Art 17, DPDP Sec 12, CCPA Sec 1798.105) — we delete your account + associated data within 72 hours of request, purge from backups within 30 days, and request CDN cache purge. Some legally-mandated logs (financial, CSAM-incident) are retained per applicable retention law.
Restriction + Objection (GDPR Art 18 + 21) — pause processing while we resolve a dispute; object to legitimate-interest processing.
Portability (GDPR Art 20, DPDP Sec 11) — export in JSON / CSV.
Consent withdrawal (GDPR Art 7(3), DPDP Sec 6) — withdraw consent for special-category data any time, without affecting the lawfulness of prior processing.
Lodge a complaint with your supervisory authority (EU Member State DPA, UK ICO, India DPB, US state AG, etc.).

6. International transfers

Your data may be processed in: India (primary infrastructure), the European Union (Cloudflare edge + EU users), and the United States (NCMEC reports, US users). Where data leaves your country of residence, we use Standard Contractual Clauses (EU SCCs 2021), the UK IDTA, or DPDP Act § 16 cross-border transfer rules as applicable. We do not transfer data to countries that criminalise same-sex relationships or LGBTQ+ identity, except where strictly necessary to fulfil your account access from those locations and where data is end-to-end encrypted in transit.

7. Children

PrideConnect is exclusively for adults aged 18+ (see [Child Safety Policy § 2]). We do not knowingly collect data from anyone under 18. If we discover a minor's account, we delete it immediately and block the device fingerprint. If you believe a minor has registered, please report via safety@prideconnect.lgbt.

8. Cookies + on-device storage

The PrideConnect mobile app does not use HTTP cookies (we use PASETO bearer tokens). The on-device app stores a Drift / SQLite database encrypted with SQLCipher AES-256, plus flutter_secure_storage entries (iOS Keychain / Android Keystore) for tokens. The web pages (prideconnect.lgbt/, /safety/, /privacy/, /terms/) are static and set no cookies; Cloudflare may set a __cf_bm bot-management cookie required for security — this contains no personal data and lasts 30 minutes.

9. Data retention summary

Active account data: until you delete the account.
Soft-deleted messages: 90 days, then hard-deleted.
Access logs (India DPDP Act): 1 year, then deleted.
IP address logs: 7 days max.
CSAM-incident records: retained per US 18 USC § 2258A obligations (currently 90 days from report; check current statute).
Backups: 30-day rolling; deletion requests propagate to backups within 30 days.

10. Grievance redressal (India)

In compliance with India IT Rules 2021 Rule 3(2)(a):

Grievance Officer: [TBD — to be appointed before India launch]
Contact: grievance@prideconnect.lgbt
We acknowledge grievances within 24 hours; dispose them within 15 days; urgent CSAE / NCII complaints within 3 hours per the 2026 amendment.

11. Data Protection Officer

DPO: [TBD — appointed when we cross the GDPR DPO threshold (regular monitoring of subjects on a large scale, OR processing of special-category data on a large scale)]. Contact: privacy@prideconnect.lgbt. Even before formal DPO appointment, the privacy mailbox is monitored daily.

12. Changes to this policy

We will post material changes here at prideconnect.lgbt/privacy/ at least 30 days before they take effect, send an in-app notification, and email all users for whom we have a verified email address. The effective date at the top of this page reflects the most recent material change.

13. Contact

Privacy / Data Subject Rights: privacy@prideconnect.lgbt
Safety / Reports: safety@prideconnect.lgbt
Grievance Officer (India): grievance@prideconnect.lgbt
Legal: legal@prideconnect.lgbt