Privacy Policy
DRAFT — 2026-05-08. This is a first-draft Privacy Policy produced by HERMES for AKY's review. Before publishing, this document must be reviewed by a lawyer qualified in GDPR / CCPA / UK Data Protection Act compliance. Specifically: the bracketed placeholders below need to be filled in with Aky's legal identity, postal address, and DPO contact details.
Effective date: [PUBLICATION DATE] Last updated: 2026-05-08
1. Who we are
Aedenly ("we", "us", "our", or "the Service") is operated by [YOUR LEGAL NAME], a sole proprietor based in [YOUR ADDRESS, CITY, COUNTRY]. You can contact us at privacy@aedenly.com.
Aedenly is a mobile dating application that connects adults aged 18 and over.
For questions about this policy or to exercise your data rights, contact privacy@aedenly.com.
2. What this policy covers
This Privacy Policy explains how we collect, use, share, and protect personal data when you use the Aedenly mobile application ("the App") and any associated services, including the aedenly.com website.
By using Aedenly, you agree to the practices described in this policy.
3. Data we collect
3.1 — Data you provide directly
When you create an account and use Aedenly, you provide:
- Identity: name (or chosen first name), date of birth (used to confirm you are 18+ and to display your age)
- Account credentials: email address and a password (the password is stored as a salted hash, never in plain text)
- Profile content: photos, optional bio, occupation, education, height, gender, gender preference, sexual orientation (inferred from "interested in")
- Lifestyle attributes (optional): drinking, smoking, workout, pets, social media presence, zodiac sign, family plans, communication style, love style, relationship goal, relationship type preferences, languages spoken
- Verification: if you opt to verify your account, a selfie photo (held only for verification, then deleted within 30 days)
3.2 — Data we collect automatically
- Location: your device's approximate latitude and longitude, used to show you people nearby and to show you to people nearby. We round your stored coordinates to ~1 km of precision when shown to other users.
- Activity: swipes (left, right, super-like), matches, messages sent and received within Aedenly, profile views, app open/close events, push notification preferences
- Device data: device model, operating system and version, app version, device push notification token (when push notifications are enabled), language and locale preferences
- Crash and diagnostic data: when the app crashes, technical information needed to diagnose the issue (no personal content)
3.3 — Data we do NOT collect
- We do not collect your contacts, calendar, or any social media data unless you explicitly link such data to your profile.
- We do not collect biometric or health data.
- We do not run third-party advertising trackers in the App.
- We do not collect data about you from data brokers.
4. How we use your data
We use your data only to operate, maintain, and improve Aedenly. Specifically:
| Purpose | Legal basis (GDPR) |
|---|---|
| Show you potential matches and show you to others | Performance of contract |
| Authenticate you when you sign in | Performance of contract |
| Enable matches, messaging, and notifications between users | Performance of contract |
| Detect and prevent fraud, abuse, and policy violations | Legitimate interest |
| Diagnose crashes and improve stability | Legitimate interest |
| Comply with legal obligations (e.g. responding to lawful requests) | Legal obligation |
| Send transactional emails (password reset, security alerts) | Performance of contract |
We do not profile you for advertising. We do not sell your data. We do not share your data with advertisers.
5. Who can see what
5.1 — Other users
- Your profile content (name or first name, age, photos, bio, optional attributes, verification badge) is visible to other users you appear in front of through the discovery deck.
- Your approximate location (rounded to ~1 km) is used to compute distance shown to other users.
- Your swipes are private. The other user only sees you if you also swipe right.
- Likes you have received are private to you.
- Messages are visible only between you and the other party.
- Your email, exact location, date of birth, and device data are NEVER shown to other users.
5.2 — Service providers (data processors)
We use the following data processors. All process data only on our instructions and are bound by data-processing agreements:
- Supabase (Supabase Inc., USA, with infrastructure in Frankfurt, Germany — eu-central-1) — hosts our database, authentication, file storage, and realtime infrastructure. Supabase is the primary processor for all user data.
- [Future processors will be added here as integrated, e.g. Sentry for crash reporting, Resend for transactional email.]
5.3 — Legal disclosures
We will share data with law enforcement only when compelled by valid legal process (court order, warrant) or to protect the safety of users or third parties. We will notify the affected user where lawfully permitted.
5.4 — Business transfers
If Aedenly is sold, merged, or transferred to another entity, your data may be transferred to the new operator, who must continue to honor this Privacy Policy or notify you of changes.
6. International transfers
Your data is primarily stored in the European Union (Frankfurt, Germany — Supabase eu-central-1). Some Supabase-managed processes may temporarily handle data in the United States; in those cases, transfers are governed by the EU Standard Contractual Clauses (SCCs).
If you are outside the EEA, your data may be transferred to and processed in the EEA or the United States.
7. How long we keep your data
| Data type | Retention |
|---|---|
| Account profile, photos, attributes | Until you delete your account |
| Messages | Until you delete your account or the match |
| Swipes (left, right, super) | Until you delete your account |
| Verification selfie | 30 days from submission, then deleted |
| Crash logs | 90 days |
| Push notification tokens | Until revoked or you sign out |
| Backups | Up to 30 days after deletion (then permanently purged) |
When you delete your account, we delete all your personal data within 30 days, except where retention is required by law (e.g. tax records — none are kept by Aedenly directly).
8. Your rights
If you are in the European Economic Area, the United Kingdom, or California, you have the following rights:
- Access: You can request a copy of the data we hold about you.
- Rectification: You can correct inaccurate data via the in-app Edit Profile screen, or contact us.
- Erasure ("right to be forgotten"): You can delete your account in-app via Settings → Delete account. This removes all your personal data.
- Portability: You can request a machine-readable export of your data.
- Restriction: You can ask us to limit how we use your data while a complaint is investigated.
- Objection: You can object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing.
- Lodge a complaint: You can complain to your local data protection authority — for example, the CNIL (France), Garante (Italy), ICO (UK), or any EEA member state authority.
To exercise these rights, contact privacy@aedenly.com. We will respond within 30 days.
9. Security
We protect your data with industry-standard measures:
- Encryption in transit: All connections to Aedenly use HTTPS / TLS 1.2 or higher.
- Encryption at rest: Supabase encrypts all database storage and file storage at rest.
- Authentication: Passwords are stored only as salted hashes (never in plain text).
- Access control: Row-level security (RLS) enforces that you can only see your own data and data shared with you (e.g. profiles in your discovery deck, messages with people you matched with).
- Bug bounty / responsible disclosure: Security researchers can report vulnerabilities to privacy@aedenly.com.
No system is perfectly secure. If we discover a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR Article 33.
10. Children
Aedenly is for adults aged 18 and over. We do not knowingly collect data from anyone under 18. During sign-up, we require a date of birth and reject accounts under 18.
If we learn that a user is under 18, we will delete their account and all associated data immediately.
If you are a parent or guardian and believe your child has registered for Aedenly, contact privacy@aedenly.com and we will act promptly.
11. Cookies and similar technologies
The Aedenly mobile app does not use browser cookies. It uses local device storage (AsyncStorage) only to keep you signed in between sessions. No third-party trackers, analytics SDKs that fingerprint users, or advertising trackers are present in the App.
If we use cookies on the aedenly.com website (only essential cookies for the website to function), they will be disclosed in a separate website cookie banner.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Notify you in-app or by email at least 14 days before the changes take effect.
- Update the "Last updated" date at the top of this document.
- Maintain a public version history at aedenly.com/privacy/history so you can see what changed.
Continuing to use Aedenly after a material change constitutes acceptance of the updated policy.
13. Contact
For privacy questions, data subject access requests, or any concerns about how Aedenly handles your data:
- Email: privacy@aedenly.com
- Postal address: [YOUR ADDRESS, CITY, COUNTRY]
If you are in the EEA / UK and we cannot resolve your complaint, you can lodge a complaint with your local supervisory authority. France: CNIL — www.cnil.fr. Italy: Garante per la protezione dei dati personali — www.gpdp.it. UK: ICO — www.ico.org.uk.