Privacy Policy

D&D Privacy Policy

Welcome to the D&D Privacy Policy (“Policy”). Thank you for choosing D&D. This Privacy Policy applies to the D&D mobile application. All references to “D&D” in this document are interchangeable and refer to the same application.

Your privacy is important to us, and we are committed to protecting your personal data. This Privacy Policy describes how we collect, use, store, protect, and share your information when you use the D&D mobile application (“Application”).

We recommend that you read this together with our Terms of Use.

The primary purpose of this document is not only to ensure transparency in how the Application operates, but also to protect the privacy of each user in accordance with applicable data protection laws, such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant regulations.

The Privacy Policy for the D&D mobile application plays an important role in ensuring the protection of users’ personal data and transparency regarding how such data are collected, used, and stored. Considering the unique features of the Application, the purpose of the Privacy Policy is to protect users’ rights and to provide them confidence in the security of their personal information.

For D&D, the Privacy Policy is not only a legal document but also a tool to build trust between users and the platform. The Privacy Policy helps establish clear rules of engagement so that users feel protected and confident when using the platform.

This Privacy Policy (“Privacy Policy”) describes which personal data D&D (“D&D,” “we,” “us,” or “our”) collects, the purposes for which we collect those personal data, to whom we may disclose personal data, and which rights you may have under applicable data privacy laws.

This Privacy Policy applies to our website https://datedonate.app/ in full, including all of our sub-pages, related sites, or pages (the “Website”), as well as the Android and iOS mobile application “D&D” (the “Mobile Application”), and the related services and features (for simplicity, together with the Website and the Mobile Application we refer to these as the “Platform” in this Privacy Policy) (collectively, “D&D”). We have also added links to this Privacy Policy on all relevant services. Some services may require their own unique privacy policy. If a particular service has its own privacy policy, that service’s policy applies rather than this Privacy Policy.

We are responsible for all information relating to an identified or identifiable natural person and, where applicable, a legal entity (“Personal Data”) that we collect, process, and use when you use D&D.

This Privacy Policy sets out how we process your Personal Data in connection with D&D and otherwise. The Website contains links to third-party websites, such as social networks. Clicking those links or enabling such connections may allow third parties to collect or transmit data about you. We do not control these third-party websites, so we recommend that you review the privacy policies of the relevant third-party websites.

In addition, you may choose to share information with other D&D users (“Users”) through the Application or websites, and there may be times when we need to transmit your data.

The D&D Application and websites are used worldwide, and we will transfer your information to, and use it in, the United States, the United Kingdom, Bulgaria, and Ukraine regardless of your country of residence. Our Privacy Policy describes how we protect your data when it is transferred across borders. Please review these provisions carefully.

You have the right to access, correct, or delete your personal data that we store. Your privacy is important to us, and we strive to maintain the highest standards of data protection and user control to make D&D a service that people love and trust.

This Platform is intended solely for individuals who are at least 18 years of age. Any use by minors is strictly prohibited.

About Us

The company responsible for protecting your personal data collected and processed through the D&D Mobile Application and Website in accordance with this Privacy Policy (the “data controller”) is Driveforce Ltd (company number: 207576513, company registration date: 27 October 2023), registered at the following address: 15 Odrin Street, 9th floor, 8001 Northern Industrial Zone, Burgas, Bulgaria.

If you wish to contact us, please email dateanddonate@proton.me or write to: Driveforce Ltd, Address: Odrin St., 15, 9th floor, 8001 Northern Industrial Zone, Burgas, Bulgaria.

Where Our Privacy Policy Applies

This Privacy Policy applies to websites, applications, events, and other services provided under the D&D brand. For simplicity, we call all of these our services in this Privacy Policy. We have also added links to this Privacy Policy across all relevant services.

Some services may require their own unique privacy policy. If a particular service has its own privacy policy, that service’s policy applies rather than this Privacy Policy.

Effective Date of the Privacy Policy

This Privacy Policy takes effect as of 19 August 2025.

2. What Data We Collect

2.1. Personal Data Provided by Users

We collect information from you when you register (“Registration Information”), visit and use our Application or our Website, subscribe to our mailing list, respond to a survey, or complete a form.

By using our services, you agree to provide certain information to us.

The list of data that users voluntarily provide during registration and creation of an account (“Account”) or when using the Application includes:

Registration Data

Name (username or pseudonym); email address or another login method, such as via a Facebook, Apple, or Google account; sex (gender identity); preferences (including gender preferences and sexual preferences); photographs.

To register, you must sign in with a Facebook, Apple, or Google account, or enter your email address to which a link will be sent to create an account (hereinafter, a login link).

When registering an account via Facebook, Apple, or Google accounts, we may request or automatically receive your credentials from those social media accounts.

By authenticating through Facebook, Apple, or Google, you allow them to disclose to us your credentials, your name, profile photo, email address, date of birth, gender, likes, and actual place of residence, unless you opt out of this separately. We use these personal data to create an account on D&D. If you delete your account, we will no longer have access to such data.

After registration, you may link your Account in settings to Facebook, Apple, or Google accounts that were not used when registering your Account.

To add certain materials, such as photos, you may grant us access to your camera or photo library.

Profile Data

Name (username), age, sex (gender identity), preferences (including gender preferences and sexual preferences), photographs, interests, and personal data (height, weight, hair color, eye color, languages spoken, specific physical disabilities).

When creating an account, you provide information that is necessary for the platform to function, such as gender, age, and your preferences for discovering and meeting other users.

The profile data you provide will be displayed to other users when they visit your profile.

Identity Data

User photos and videos during Oath authentication (authentication via a third party to confirm identity).

The D&D Mobile Application collects selfie images or a short selfie video provided by the user solely for identity verification purposes, to ensure consistency between the person in profile photographs and the real user. Profile photographs uploaded by the user may also contain facial images. Continuous face tracking, creation of biometric templates, or emotion analysis are not performed. All images are used exclusively for verification and are processed with security safeguards.

At D&D, facial data are collected solely for the single purpose of verifying that a user’s profile corresponds to that user’s real identity, which enhances safety and trust on the platform. The data are processed through a secure third-party verification service and are not used for any other purposes (including advertising or emotion analysis). The facial image provided by the user during verification is securely transmitted to Amazon Web Services (AWS) Rekognition for one-time processing using the CompareFaces function (Non-Storage Operation) (see AWS documentation).

This means that images are processed in memory and are not stored on AWS servers after processing and comparison are completed. AWS Rekognition never stores facial data processed on our behalf. The only place where such images may be stored temporarily is our Supabase Storage, hosted in secure data centers with controlled access. In Supabase, images are stored only for the time necessary to complete verification or to resolve disputes or moderation cases, after which they are permanently deleted. All facial images are stored in Supabase Storage, which we use as the primary secure repository for profile photographs and verification materials.

Access to this storage is restricted, and the data are stored in encrypted form. Specifically, access to photographs and facial data is limited to authorized company personnel who perform moderation and verification functions. Such personnel act in accordance with the privacy policy and may use these data solely for the purpose of confirming a user’s identity and ensuring platform security. All transfers of images to AWS and Supabase are encrypted in transit and at rest. Facial images are not transferred to other third parties, are not used for advertising purposes, and are not processed for any purpose other than identity verification. All users who wish to create and propose meetings on the D&D platform are required to undergo OATH authentication (third-party authentication to confirm identity) and photo-based authentication to ensure that the person in the profile photographs matches the person during authentication.

This process confirms the user’s identity and certifies that the account belongs to a real person. As part of this authentication, users are required to upload at least one genuine photo with a clear image of their face. Users must provide explicit consent to the processing of such data, may request deletion at any time, and all processing is carried out in accordance with the requirements of the GDPR, the CCPA, and the Apple App Store Review Guidelines and Google policies. If you choose to complete verification by photograph, we will scan each photo you provide for this purpose. The procedure may include facial recognition technology that allows each newly uploaded photo to be compared with your profile photographs to confirm your identity. Photos uploaded for verification will not be displayed on your profile. Therefore, we will retain their scanned copies for possible re-verification and recordkeeping until they are no longer necessary for that purpose or for two years from the date of your last use of our sites and applications, whichever occurs first.

After this period expires, we will take commercially reasonable measures to safely and permanently delete the scanned copies from our systems. Upon completing OATH authentication and uploading a genuine photo, users agree to the use of this information in accordance with our Privacy Policy and understand that failure to comply with these requirements may limit access to certain platform features, such as creating or proposing meetings. After completing the verification, users receive in their profile a blue “authenticity” icon.

This ensures transparency and users’ understanding of the authentication process and its purpose. These materials are processed solely for verification (authentication) and are not used for other purposes without the user’s consent. Facial geometry data that we collect if you choose to undergo photo verification are considered biometric in some jurisdictions. We process all facial data at the highest level of protection, as biometric data, regardless of jurisdiction. A user has the right at any time to contact support and request the deletion of their photographs or other verification-related data. In such a case, we undertake to securely and permanently delete such data from our storage unless retention is required by law.

Information about interactions with other users (correspondence, sharing of photographs).

With your consent we may collect photographs and videos, for example, if you choose to upload images or recordings or use broadcasting features on our platform.

When you publish information about yourself or communicate with other users in chats, only you decide the extent to which you share personal information.

To enable the organization of joint leisure activities, we may collect data regarding the place, date, and time of a planned joint leisure activity.

These data are processed solely for the organization of joint leisure activities and the provision of relevant services. We guarantee that no information is used for other purposes without your express consent.

Other Information

We collect information that you provide when contacting our support service and during communications with our support service. In addition, to ensure stable operation of the platform and the safety of our community, we process data from your chats with other users and content that you publish.

Our Platform includes forms for submitting feedback or personal stories regarding joint leisure activities that occurred as a result of using our mobile application. We may also conduct surveys for analysis and research purposes and contact you to provide feedback or to invite you to participate in surveys or promotional campaigns. Such information may be published on our Website and may be used for D&D advertising. Participation in such surveys, forms, or campaigns is voluntary. If you do not wish to participate, contact support.

If you participate in our promotions, events, or contests, we collect the information you use to register or apply to participate.

If you share information with us about other people (for example, if you use a friend’s contact information for a particular feature), we process that information on your behalf to fulfill your request.

We may also collect information regarding interactions with links in the D&D Application or on the Website (including the number of clicks on a particular link). We may also share general statistics of such interactions.

2.2. Data Collected Automatically

Data automatically collected during the use of the Application and/or the Website include:

Technical Data

Device information (IP address, device model, operating system), date and time of access, country and city from which D&D is accessed, browser type, referrer URL, login data, and device type.

Tracking Data

Cookies, analytics, log files.

We use and may allow third parties to use cookies and similar technologies in the D&D Application and on the D&D Website to recognize you or your devices. A cookie is a small file that may be downloaded to your device or browser so that we can recognize and remember you. You can learn more about cookies and similar technologies in Section 10 of this Policy, “Cookies and Similar Technologies.”

We may also use general access data that are analyzed in anonymized form to improve technical aspects, such as optimizing servers and enhancing the user interface, as well as to study interactions with the Application at various times. Personal data are not used for these purposes. General access data are stored in a log file to create statistics.

Location Data (with the user’s consent).

If you provide consent to the collection of your geolocation information, we may collect these data (longitude and latitude), including in the background (when you are not using the platform). You may choose not to grant permission for the collection of such data. In that case, we will not collect them, and certain services that rely on precise geolocation may be unavailable.

Location information helps us adapt the Application’s functionality, determine your location to facilitate interactions with other users, and allow other users to see information about your location while you see profiles of users nearby.

You can disable or enable the geolocation function in your device settings or in your browser.

Activity Log, including page views, clicks, and time spent in the Application.

We automatically collect data regarding your interactions with the D&D Platform to improve functionality, ensure security, and provide a personalized experience. This includes page view data (pages and sections of the Application you visit; the sequence of transitions between pages; time spent on each page); click data (elements you click, such as buttons, links, profiles; the time and date of each click; frequency and intensity of interactions with certain features); time spent in the Application (total time spent in the Application during each session; idle time, for example when the Application is open but not in use; periods of activity in the Application that help us analyze peak usage hours); information regarding interactions with functionality (interactions with user profiles such as viewing, likes, messages; use of search features, filters, and other interactive tools); and behavioral data analysis (we analyze these data to identify behavioral patterns that help improve usability; the data are also used to recommend content or profiles that may be of interest to you).

Activity log data are used to analyze Application performance and resolve technical issues; improve functionality and adapt the interface to user needs; prevent fraud, suspicious actions, or violations of the terms of use; and create statistical data that support the development of the platform.

Protection of your privacy is as follows. All activity log data are processed anonymously unless a direct link to your profile is required for functionality. We retain these data only as long as necessary to achieve the specified purposes, in accordance with our data retention policy. If you have questions regarding the collection or use of these data, you may contact our support service using the contact information provided in this Privacy Policy.

2.3. Data Obtained from Third Parties

Given that the Application and Website integrate with social networks and third-party services (Apple, Facebook, Google), if you create an account and sign in through a social network or another account, we will receive information about you from such sources.

We may also receive information about you from other users who interact with you or have reported you.

We may receive information about you from our partners regarding the results of advertising campaigns when our advertising is published on a partner’s service.

We care about the security of our users; therefore, in certain cases, in accordance with the laws of a particular country, we may receive information about suspected offenses or offenses already committed from third parties.

3. How We Use Your Data

We use your data to provide a high-quality user experience and to improve our services. The primary purpose of collecting information is to provide and enhance the Application’s functionality so that your time on the platform is convenient and pleasant.

In addition, we use your data to ensure the safety of our community and to protect against fraudulent or suspicious actions. Information may also be used to personalize your experience, for example, by showing relevant advertising or recommendations that may interest you.

In this section we explain in detail how we use your information and provide practical examples of how we apply these data to improve your interaction with the Application.

The purposes for which personal data are used include, for example:

To create an account and provide access to Application features

We collect your data during registration to create a personal account that allows you to access all core features of the Application and to manage them.

Information such as name, email, phone number, or other data is required for identification and authorization.

This also includes using data to configure your profile, to display information to other users, and to ensure the confidentiality of your account settings.

To provide recommendations and personalize content

We use your personal information, such as interests, preferences, location (with your consent), and Application activity data to create relevant recommendations.

Data regarding your preferences, such as profiles you view or interact with, are used to continuously improve the recommendation system.

To provide user support and service

We use your data when you contact support to resolve your requests, technical issues, or any other questions and when communicating with you about our platform (our services).

Data that you provide when communicating with us help us respond promptly to your needs.

This may include, for example, information about your account or prior activity in the Application for more accurate resolution of requests.

To improve the Application experience (for example, testing new features)

We analyze your activity data to test and implement new features to make the Application more convenient and useful.

This may include analysis of user behavior to understand which features are in demand or require improvement.

The data are also used to conduct A/B testing (comparing different versions of features) to select the best solutions.

Data may also be used to register and display your profile in new D&D features and applications and to administer your account in those new features and applications.

We review interactions with customer support to improve platform quality and develop new features and services (for example, we may create a new feature based on interests requested by users).

For security and fraud prevention

We use your data to monitor suspicious activity, prevent fraudulent actions, and protect you and our community.

This may include automated checks of accounts as well as analysis of data to identify inconsistencies or violations of the terms of use. We search for and eliminate violations of our Terms and Conditions, including through review of complaints and interactions between users.

If violations are detected, we may temporarily or permanently block the account. A user may contact D&D to contest this decision. We may also retain data related to violations of our Terms and Conditions to remediate violations and prevent recurrence.

If you post materials that do not comply with our Terms of Use, we are entitled to restrict or block access to your account.

We may identify and contact individuals who submit complaints, including to inform them of actions (if any) taken in response to their complaint.

We may use your information to ensure legal compliance (compliance with legal requirements; assistance to law enforcement authorities).

For marketing purposes (with the user’s prior consent)

We may use your contact details to send information about promotions, new features, or special offers, but only after obtaining your consent.

Data may also be used to personalize marketing materials so that they match your interests. You may withdraw from receiving marketing messages at any time by changing the settings in your profile.

We may contact you regarding products or services that we believe may be of interest to you.

4. Legal Bases for Processing Personal Data

Processing of personal data in our D&D dating mobile application is carried out in accordance with applicable data protection laws such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other international and national regulations. This section explains in detail the legal bases on which we process your data.

Performance of a Contract

We process your personal data when necessary to perform our contractual obligations to you. This includes:

creation and maintenance of your account;

providing access to Application features, including the ability to arrange joint leisure activities, view profiles, and communicate with other users;

providing support in case of technical issues or requests.

Processing your data in this case is necessary for the provision of services specified in the Terms and Conditions.

4.2. Consent

We process your personal data based on your consent when:

you grant permission to collect geolocation data;

you agree to receive marketing messages such as promotions, special offers, or new features;

you voluntarily add photographs, videos, or other information to your profile;

you participate in surveys, drawings, or other interactive initiatives in the Application.

If you decide to provide personal data that may be considered sensitive in certain jurisdictions, such as data about your sexual identity, you give us consent to process such personal data in accordance with this Privacy Policy.

Consent is voluntary, and you may withdraw it at any time by using the appropriate settings in your profile or by contacting our support service.

4.3. Legitimate Interests

We process your data to pursue our legitimate interests when this does not override your rights and freedoms. This includes:

ensuring platform security and monitoring activity to detect fraud or violations of the rules;

improving Application functionality, including analysis of user behavior to enhance algorithms;

ensuring the effective operation of our platform and providing users with relevant content;

protecting our company’s rights and interests in the event of legal disputes.

We always balance our legitimate interests against your rights to ensure fair data processing.

Compliance with Legal Obligations

We process your data when necessary to comply with our legal obligations, such as:

responding to requests from law enforcement or judicial authorities when required by law;

retaining data that evidence users’ consent and their opt-out decisions regarding certain features or processing.

4.5. Protection of Vital Interests

In exceptional cases we may process your data to protect your vital interests or those of others. For example:

in the event of an emergency or a threat to life or safety;

if it is necessary to notify the relevant authorities or third parties about a threat.

4.6. Performance of a Task in the Public Interest

Although this is a rare case for our Application, we may process your data if necessary to perform tasks that serve the public interest, for example:

conducting analytical research for the public benefit (in anonymized form).

For additional information or to exercise your rights, you may contact our support service using the contact details listed in this Privacy Policy.

5. With Whom We Share Your Data

To ensure the quality operation of our D&D platform, to support its functioning, and to meet legal requirements, we may transfer your personal data to third parties. In this section we explain in detail with whom and for what purpose we share your data.

5.1. Service Providers (Data Processors)

We cooperate with third parties who help us provide services. We transfer only the personal data necessary to provide the relevant service. These companies process data on our behalf and strictly within the framework of confidentiality agreements. This includes:

Hosting providers and cloud service providers. They provide storage and access to data such as profile photographs, messages, and technical information.

Analytics providers. We transfer anonymized or de-identified data to analytics services (for example, Google Analytics) to analyze user behavior and improve our services.

Communication service providers. For example, services for sending emails, messages, or push notifications.

Moderators. To monitor behavior on the site or in the Mobile Application and to approve content (names, registration data, profile data, messages, photographs).

Marketing service providers and advertising partners. We may cooperate with advertisers (“Advertising Partners”) and place third-party advertising in our Application or on the Websites. We also share data such as the advertising identifier linked to your device (device identifier), probable location (determined based on IP address), age, gender, data about your visits to websites or applications, and your interactions with them (for example, downloading our Application or creating an account).

Social network services. These enable users to create or link their D&D account with accounts on other platforms (for example, Facebook or Google).

5.2. Other Application Users

Information that you choose to make public in your profile (for example, your name, age, photographs, interests, and preferences) is available for viewing by other users. If you want other users to be temporarily unable to see your profile (your profile data), including in the feed, you can use the setting in your profile to “pause the account.”

You can share other users’ profiles, and they can share yours with people outside our services using sharing features.

Your interactions with other users, such as messages, are available only to those with whom you decide to interact.

If someone submits a complaint related to you (for example, regarding your violation of our Terms and Conditions), we may inform the person who submitted the complaint about the actions (if any) we took as a result of the complaint.

Partners and Affiliates

In some cases, we may share your data with our partners or affiliated companies to:

ensure the operation of our joint programs or features;

carry out marketing initiatives with your consent. All such organizations must comply with privacy policies and use data solely for the agreed purposes;

combat spam and fraud.

5.4. Legal Requirements

We may transfer your data to competent authorities or other third parties if necessary to:

comply with legal requirements or respond to official requests of government authorities, including law enforcement. To prevent or disclose a crime (in each case depending on applicable law);

comply with court orders (for example, a subpoena, court warrant, or search order issued for a government or law enforcement investigation or other legal requirements) or other legal processes;

protect the rights, property, or safety of the company, our users (including any specific person), or the public.

We may disclose information if necessary to reduce our liability in the event of an actual or potential claim; to protect our legitimate rights and the rights of our users, business partners, or other stakeholders; to perform our obligations to you; or to investigate, prevent, or respond to unlawful activity, suspected fraud, or other violations of the law.

5.5. In the Event of Corporate Changes

In the event of a merger, sale, acquisition, disposition of assets, restructuring, reorganization, dissolution, bankruptcy, or other change of ownership or management of the company, your data may be transferred to a new owner or another entity involved in such processes. In such a case, we will inform you of the transfer of data and of the application of a new privacy policy.

5.7. Anonymized or De-identified Data

We may transfer de-identified data to third parties for research, statistical, or analytical purposes. Such data do not identify you as an individual and are used solely to improve services or to create new features.

We may use and transfer de-identified (aggregated) information (for example, device data, aggregated demographic information, general behavioral data, location without a link to a specific person), as well as personal information that has been processed as a hash (excluding information that directly identifies you), which renders it unreadable by a person, in the cases described in this Policy.

Hashing is a method of encrypting data in which information is transformed into a set of random characters (numbers and letters). The resulting hash code does not allow identification or tracking of the original data, including an email address.

We may combine such information with additional de-identified data or personal information in hashed format obtained from other sources. More detailed information regarding the use of cookies and similar technologies can be found in Section 10 of this Policy, “Cookies and Similar Technologies.”

5.8. Third Parties with Your Consent

We may share your personal data with other parties with your express consent. For example, if you agree to participate in a marketing campaign or a unique feature that involves interaction with partner services.

6. Your Rights Regarding Your Data

We adhere to the principles of transparency and protection of personal data and provide you with control over the information you provide to us. Under the GDPR, the CCPA, and other applicable data protection laws, you have a number of rights regarding your personal data.

In this section we explain in detail which rights you have, how to exercise them, and which limitations may apply.

6.1. Right of Access

You have the right to receive confirmation as to whether we process your personal data and to access such data.

What can you request?

Which specific data we store about you.

For what purposes they are processed.

Which categories of personal data are collected.

To whom we transfer your data and on what grounds.

How long we retain your information.

To obtain access to your data, you may contact support. We will respond to your request within 30 days from receipt.

You can use account settings and relevant tools in the Application to view, modify, or delete information that you have provided to us.

Mobile operating systems allow you to manage the Application’s access to certain data and features, such as contacts, images, geolocation, push notifications, and advertising identifiers. You can change permission settings on your device by allowing or revoking access to these data.

If you wish to stop the collection of data through the Application, you may delete it from your device using the standard procedure. Alternatively, if you want other users to be temporarily unable to see your profile (your profile data), including in the feed, you can use the setting in your profile to “pause the account.”

6.2. Right to Rectification

You have the right to request correction or updating of your personal data if they are inaccurate or incomplete.

How does this work?

You can modify most of your data yourself (for example, name, age, photo, email) in your profile settings.

If certain data cannot be changed through the Application, you can contact our support service.

6.3. Right to Erasure (“Right to be Forgotten”)

You have the right to request the deletion of your personal data in the following cases:

The data are no longer necessary for the purposes for which they were collected.

You have withdrawn your consent to the processing of data.

You object to the processing, and we have no lawful grounds to continue processing.

The data were collected unlawfully.

Deletion is necessary to comply with legal obligations.

How can you do this?

You may delete your account through the settings in your profile in the Application or by contacting support.

If you decide to stop using our Platform, you may delete your account. After account deletion, we implement a thirty-day (30) safety and protection period. During this period, your data will be retained but will no longer be visible to other users.

Please note: Deleting the Application DOES NOT terminate your account. To close your account, use the appropriate function on the platform.

Limitations.

In some cases your data may be temporarily retained in backups. Access to such backup data is limited and they are not used for active processing or interaction.

6.4. Right to Restrict Processing

You have the right to request temporary or permanent restriction of processing of your data in the following cases:

you contest the accuracy of the data (for the period of verification);

processing is unlawful, but you do not want us to delete the data;

we no longer need your data, but you require them for the establishment, exercise, or defense of legal claims;

you have objected to processing, and we are verifying whether there are legitimate grounds for continuing processing.

During this period we will cease any active processing of your data, except for storage.

6.5. Right to Data Portability

You have the right to obtain your personal data in a structured, commonly used format (for example, CSV or JSON) and to transmit them to another organization.

This right applies if:

processing is based on your consent or is necessary for performance of a contract; and

the data are processed by automated means.

To obtain a copy of your data, you may submit a request through our support service.

6.6. Right to Object

You have the right to object to the processing of your personal data if we process them based on legitimate interests or for direct marketing (for example, advertising mailings).

If you object to marketing messages, we will stop sending them to you immediately.

If you object to processing based on legitimate interest, we will review your request and determine whether we have compelling grounds to continue processing.

6.7. Right to Withdraw Consent

If we process your data based on your consent, you may withdraw it at any time without stating reasons.

This may affect the use of geolocation, receipt of marketing messages, and the provision of certain personalized features.

Withdrawal of consent does not affect the lawfulness of processing carried out before that moment.

6.8. Right to Lodge a Complaint

If you believe that we process your personal data improperly, you have the right to lodge a complaint with:

Our support service. We will review your complaint and provide a response within the time limits set by law.

A data protection authority. For example, if you reside in the EU, you may contact the competent authority in your country.

Contact details for national data protection authorities are available on their official websites.

How to exercise your rights?

You can exercise your rights through the profile settings in the Mobile Application or by sending a request to our support service by email or through a special form on the Website or in the settings of your profile in the Mobile Application.

We will respond to your request within 30 days. In the case of complex requests, this period may be extended to 90 days, and you will be informed accordingly.

Identity Verification for Security Purposes

To ensure your safety and the safety of our community, we may require identity verification before processing any requests related to your personal data.

Requests may be denied if:

we cannot verify your identity;

the request is unlawful or invalid;

the request may jeopardize trade secrets, intellectual property rights, confidentiality, or the rights of another person.

If you submit a request regarding information about another user (for example, regarding copies of messages exchanged through our platform), the other user must provide explicit written consent for disclosure of such data. We may also require identity verification from that person before fulfilling the request.

In addition, certain requests for restriction or deletion of personal data may not be fulfilled if this would make it impossible to provide our services to you. For example, we cannot provide you services without your date of birth because we must confirm that you are at least 18 years old to use the platform.

7. How We Protect Your Data

We take the protection of your personal data seriously. We have implemented appropriate technical and organizational measures in line with GDPR, CCPA, and leading international cybersecurity practices.

Our security measures include the following.

Encryption and secure storage of data. We apply advanced encryption methods to protect data during transmission and storage.

Access control. Access to your personal data is restricted to authorized employees and partners who require it to perform their professional duties.

Monitoring and threat prevention. We regularly monitor systems for suspicious activity and implement measures to protect against cyberattacks and unauthorized access.

Regular audits and training. We continuously conduct audits and update security measures and regularly train staff on privacy and data protection.

Although we make every effort to protect your personal data, no method of transmission or storage can guarantee absolute security. Therefore, we recommend that you follow personal safety practices: create strong passwords, do not share your personal data with third parties, and be careful when using the platform.

8. How Long We Retain Your Data

We retain your personal data only for the period necessary to achieve the purposes for which they were collected and to comply with our legal and regulatory obligations. The retention period depends on the type of data, the purpose of processing, and legal requirements.

In this section we explain in detail which retention periods apply to different categories of data and which exceptions may apply.

If you wish to stop using our platform, you may pause or delete your account. Other users will then not see your profile. Note: we close an account automatically if a user shows no activity for two years.

After your account is deleted, it will no longer be displayed in the Application. You may restore your account within 30 days if it was deleted by mistake.

8.1. General Principles of Data Retention

We apply the following principles to data retention.

Storage limitation. We do not retain data longer than needed for the purposes for which they were collected.

Lawfulness. Compliance with legal requirements, including the GDPR and the CCPA.

Data minimization. We retain only the data necessary to provide services.

Security. We apply appropriate technical and organizational security measures during storage.

8.2. Categories of Data and Retention Periods

We retain different categories of data for different periods depending on the purpose of processing.

8.3. Deletion and Anonymization of Data

After the retention period expires, we delete personal data from our systems if they are no longer needed, anonymize data when their use is possible for statistical or analytical purposes (for example, to analyze general usage trends), and restrict access to data when they must be retained solely to comply with legal obligations.

8.4. Deletion of Account and Personal Data

You may delete your account through settings in the Mobile Application. After deletion, data become unavailable to other users; your personal information will be deleted within 30 days; data subject to legal requirements are retained pursuant to applicable law; and certain anonymized data may remain in analytical systems without the possibility of identifying the user.

Please note: Deleting the Application does not automatically delete your account. To do so, you must use the profile deletion function or contact support.

8.5. Temporary Retention in Backups

In some cases your data may be retained temporarily in backups for disaster recovery after technical failures or cyberattacks.

Access to such data is restricted and they are not used for active processing.

Backup data are automatically deleted after 90 days.

8.6. Lawful Grounds for Extended Retention

Even after deletion of your account or information from the profile, such data may remain accessible to third parties to the extent that they were previously disclosed to those parties or saved or copied by other users. We do not control subsequent use of such data and do not accept liability for such actions. If you have granted access to your personal data to third-party applications or websites, those parties may retain and use such data in accordance with their own terms of service and privacy policies.

8.7. How You Can Exercise Your Rights Regarding Retention

You have the right to know which of your data are stored; request deletion of your personal data; request restriction of processing if the data are no longer needed for the platform; and file a complaint regarding retention periods if you believe they violate your rights. To do so, contact our support service through the in-app contact form or email: dateanddonate@proton.me

8.8. Updates to the Data Retention Policy

We may review and update our data retention policy in accordance with changes in legislation or new security requirements. All changes will be published in this section and, if necessary, communicated to users.

8.9. Location and Storage of Personal Data

Your personal data may be stored on servers located both within your jurisdiction and outside it, including in countries outside the European Economic Area (EEA). We implement appropriate technical and organizational measures to protect your data, including encryption of data during transmission and storage.

Transfers of personal data outside the EEA are made solely using lawful mechanisms, such as Standard Contractual Clauses (SCCs) or other measures that ensure compliance with the GDPR requirements regarding data protection.

If you have questions regarding the location of your data or protection measures, please contact our support service.

9. Organization of Physical Joint Leisure Activities

D&D is a platform that enables users to organize joint leisure activities in real life and to interact within the platform. However, all physical joint leisure activities that occur outside the Mobile Application are solely arrangements between users. We do not provide services of joint leisure activities and are not providers of such services, but rather act as an intermediary that provides a technological platform for organizing and managing such joint leisure activities.

9.1. Rules for Organizing Joint Leisure Activities

D&D acts as an online platform for organizing joint leisure activities and facilitates interactions between users who wish to meet on agreed terms.

It is important to note that D&D is not the organizer, operator, or intermediary of physical joint leisure activities and does not control their organization or conduct after users agree among themselves, and D&D is not responsible for their outcomes. All joint leisure activities organized through the Application take place at physical locations that the users choose themselves.

9.2. User Responsibility

Joint leisure activities are exclusively physical services that take place outside the Application. Users are solely responsible for organization, adherence to agreements, and safety during such joint leisure activities.

Because all joint leisure activities take place outside the Application, users are fully responsible for organization, confirmation, and conduct of the joint leisure activities, including the selection of a safe venue, adherence to ethical and legal norms during the joint leisure activities, and their own safety during physical contact with other users.

In addition, each user, when registering with D&D, agrees that:

the platform does not provide any guarantees or facilitation for the organization of further personal or business relations after a joint leisure activity; and

any interactions between users that occur after a joint leisure activity are their own personal responsibility.

We recommend that users follow our safety recommendations for joint leisure activities, which are available in the Application. If you have any questions or issues, you can always contact our support service.

9.3. No Connection to the Provision of Sexual Services or Escort Services

We emphasize that the D&D platform is solely a platform for dating and organizing joint leisure activities between users by their mutual consent and without any obligations beyond ordinary social communication. We are not an intermediary in any other relationships between users outside the Application.

Prohibited Activity

We strictly prohibit the use of our platform to organize or facilitate:

the provision of sexual services in any form;

the exchange of contact information or communications for the purpose of providing such services;

any other activity that conflicts with applicable law.

Moderation Policy

We reserve the right to monitor activity on the platform and to remove content, accounts, and messages that contain:

offers or insinuations regarding the provision of sexual services;

advertising of escort services or other similar services.

Users who violate this policy may be subject to sanctions, including temporary or permanent blocking of their account without the possibility of restoration.

Cooperation with Law Enforcement

If activity that conflicts with this policy or applicable law is detected, we reserve the right to cooperate with appropriate law enforcement authorities, including transferring information about users who have violated the platform’s rules, in accordance with applicable law and our Privacy Policy.

Any cases of using the platform for illegal activity, including prostitution, will be investigated immediately, and violators’ accounts will be blocked.

Your Actions in Case of Violations

If you notice any activity that conflicts with our rules, please notify support through the Application or by email.

D&D is a platform for safe and comfortable dating. We strive to create a community where every user can interact openly and honestly, without coercion or unlawful offers.

9.4. Limitation of Liability

In the event of violations of behavior rules, fraud, or other abuses, users may contact the support service, which will review the complaint and take appropriate measures, including blocking the account or terminating access to the platform.

9.5. Safety of Joint Leisure Activities and Recommendations

We recommend that users follow the following safety rules when organizing joint leisure activities:

Choose public places for the first joint leisure activity.

Do not disclose personal contact details before the joint leisure activity (phone number, address, etc.).

Inform close persons about the place and time of the joint leisure activity.

If it becomes necessary to call the police, use the “SOS” function during the joint leisure activity if another user acts improperly.

Use the “Complain” feature if another user acted improperly during the joint leisure activity.

Each user who offers or purchases a joint leisure activity through the D&D platform does so solely of their own free will, without coercion or obligations, except for arranging a potential acquaintance and communication.

All further relationships that may arise between participants in a joint leisure activity are solely their personal responsibility, and the company bears no responsibility for the development of events after the joint leisure activity.

No other obligations arise between the parties, and all further actions or decisions are solely voluntary and are taken at the discretion of each participant.

To ensure users’ safety and the ability to identify a person in the event of improper or unacceptable behavior during a joint leisure activity, we collect and process data relating to both the person who offers the joint leisure activity and the person who purchases it.

Collection and processing of such data are carried out in accordance with this Privacy Policy and for the purpose of preventing potential violations and ensuring the safety of all platform participants in the future. All personal data are processed in compliance with the principles of lawfulness, proportionality, and minimization solely for the purposes set out in this Policy.

9.6. Compliance with App Store and Google Play Policies

To comply with the requirements of the App Store and Google Play, this section clearly distinguishes the functions of D&D as an online platform for organizing joint leisure activities and emphasizes that:

We do not organize joint leisure activities and do not provide physical services of joint leisure activities. All actions occur between users who independently propose, publish, select, and confirm joint leisure activities. All physical joint leisure activities take place outside the Application and are not services provided by D&D.

10. Cookies and Similar Technologies

To provide you with the best experience using D&D, we use cookies and similar technologies. They help us maintain stable service operation, analyze Application performance, improve usability, and personalize content and advertising. In this section we explain which technologies we use, why we use them, and how you can manage your settings.

10.1. What Are Cookies and Similar Technologies

Cookies are small text files stored on your device when you use our Application or Website. They allow us to remember your settings, identify you among other users, and improve the overall platform experience. In addition to cookies, we may use other technologies such as tracking pixels, browser local storage, and software development kits (SDKs) that perform similar functions.

10.2. Types of Cookies We Use

We use several categories of cookies, each with its function.

Strictly necessary cookies are required for the basic functioning of D&D. They allow you to log in, remain authenticated, perform operations, and prevent fraud.

Functional cookies help remember your individual settings, for example the chosen language or notification parameters, to increase convenience.

Analytical cookies are used to collect information about how you interact with the platform, which allows us to analyze service performance and improve it. We use tools such as Google Analytics, Appsflyer, Mixpanel, and Amplitude to collect statistical data in de-identified form.

Advertising cookies allow us and our partners, such as Meta (Facebook, Instagram), Google Ads, TikTok Ads, and others, to show you personalized advertising and to measure its effectiveness. We receive only aggregated analytical information without the ability to identify specific users.

10.3. How We Use Cookies

Cookies help us with the following.

Uninterrupted functioning of the platform. Without certain cookies, the Website and Application cannot operate properly.

Personalization of content and recommendations. We use analytics to select appropriate profiles in the feed.

Optimization of speed and stability. Through caching we reduce page load times and server load.

Analysis of advertising campaign effectiveness.

Maintaining user security and protecting the platform against fraudulent activity.

10.4. Do We Transfer Data to Third Parties

We may transfer anonymized or aggregated data to our partners, including analytics services (Google Analytics, Appsflyer, Mixpanel) and advertising networks (Meta, Google, TikTok) to improve the platform and optimize marketing campaigns. All third-party cookies are used in accordance with their privacy policies. We do not transfer your personal data to advertisers without your separate consent.

10.5. How You Can Control Cookies

You have full control over your cookie settings:

Through your browser settings you can delete or block cookies.

In the D&D Application settings you can change your preferences at any time regarding the use of analytical and advertising cookies and opt out of personalized advertising.

Through the advertising platforms’ settings you can manage your advertising preferences.

Disabling analytical or advertising cookies may affect content personalization and service performance; however, strictly necessary cookies will remain active to ensure the platform’s basic operation.

10.6. Can You Completely Opt Out of Cookies

Yes, you can opt out of the use of non-essential cookies at any time through the Application or browser settings. However, a complete opt-out may limit the platform’s functionality, for example, slow page loading or make advertising less relevant.

You can also manage settings for cookies of third-party services through their respective opt-out pages.

10.7. Updates to the Cookies Policy

We may periodically update this policy to reflect changes in the use of cookies or changes in applicable law. We will notify you of material changes through the Mobile Application or by email.

The last update of this policy: 25 April 2025.

11. Data Transfers Outside the Jurisdiction

Because D&D operates globally, your personal data may be transferred to, processed in, and stored in countries that have a different level of data protection than your country of residence. We ensure an appropriate level of security for all international transfers in accordance with the requirements of the GDPR, the CCPA, and other applicable rules.

11.1. Cases in Which Transfer May Occur

11.2. How We Protect Your Data During Transfer

11.3. Transfers to the United States and Other Jurisdictions

Some of our partners and service providers may be located in the United States and other countries outside the EEA. In such cases, we transfer data using approved protection mechanisms, including SCCs. If your country has special requirements for the processing of personal data, you may contact our support service for additional information.

11.4. Compliance with International Privacy Standards

We ensure compliance with the following core principles:

GDPR (European Union, United Kingdom): use of SCCs and implementation of user rights (access, rectification, deletion).

CCPA (California, United States): users’ right to request deletion, restriction of processing, and the right to opt out of the sale of data.

Other local laws in relevant jurisdictions.

We cooperate only with verified service providers that comply with data protection requirements.

11.5. Your Rights Regarding International Transfers of Personal Data

Under applicable law you have the right to obtain information about international transfers of your data; to object to such transfers in prescribed cases; and to withdraw consent to data transfers at any time (if the transfer is based on consent).

To exercise these rights, contact our support service by email or through the contact form in the Mobile Application.

12. Age Restrictions and Protection of Children’s Personal Data

Our Application is not intended for persons under 18 years of age, and we do not permit the registration and use of our Mobile Application by minors and do not knowingly collect, process, or store children’s personal data. We take the protection of children’s privacy seriously and have implemented appropriate measures to prevent their access to the platform.

If we learn that a user registered on the platform before turning 18 and provided personal data, we will take the necessary measures to delete the profile and all related information. In the event of account deletion due to a violation of the age restriction, we may retain the user’s email address and IP address to prevent re-registration and avoidance of the established rules.

If you suspect that a user is under 18, please report it through the reporting function on the platform.

13. Changes to This Privacy Policy

We continuously improve our platform and our approaches to personal data protection and therefore may update this Privacy Policy from time to time.

We strive to ensure transparency in matters of personal data protection and therefore inform our users about all significant changes in the Privacy Policy.

If the Policy is updated, we may use the following notification methods:

In-app notification. If the changes are significant, users will be prompted to review the updated Policy upon their next login.

Email notification. In the event of critically important changes that may affect users’ rights, we may send an email to the registered address.

Publication of the updated version on the Website. The latest version of the Privacy Policy is always available on our official Website.

We encourage all users to review our Privacy Policy periodically to stay informed of current changes. If you continue to use our platform after the changes take effect, this means that you agree to the updated terms of the Policy.

Changes to this Privacy Policy take effect automatically upon first publication on the Website or in the Mobile Application.

The current version of the Privacy Policy has priority in governing how we use your information.

The last update to this Privacy Policy was made on 25 April 2025.

14. Contact Information

We strive to ensure a high level of transparency regarding the processing of personal data and provide users with the ability to contact us regarding any questions related to the privacy and security of their data.

If you have any questions regarding this Privacy Policy, the processing of your personal data, or the exercise of your rights, you may contact us using the following contact details:

Email: dateanddonate@proton.me

Support service in the Mobile Application

Feedback form on the Website: https://datedonate.app

Postal address for legal requests and complaints: 15 Odrin Street, 9th floor, 8001 Northern Industrial Zone, Burgas, Bulgaria

Data protection contact person.

Although we are not currently obliged to appoint an official Data Protection Officer pursuant to the GDPR requirements, we take privacy matters seriously and you may contact our privacy team at: dateanddonate@proton.me

If you believe that we have violated your rights or are improperly processing your personal data, you have the right to submit a complaint to the competent data protection authority.

If you are a resident of the European Union, you may contact the national data protection authority in your country. Contact details for regulatory authorities can be found on their official websites.

If you are located in the United Kingdom, the competent authority is the Information Commissioner’s Office (ICO).

Residents of California (United States) may contact the California Privacy Protection Agency (CPPA).

15. Consent to Data Processing

We strive to ensure transparent and lawful processing of the personal data of our users in accordance with the GDPR, the CCPA, and other international privacy standards.

This section explains what your consent to data processing means, how it is given, which data we may process, and how you can withdraw your consent.

15.1. What Consent to Data Processing Means

Consent to the processing of personal data means that you voluntarily grant us permission to collect, process, and store your personal data within the scope described in this Privacy Policy.

Under the GDPR, your consent must meet the following criteria:

Freely given. You provide consent without any coercion.

Specific. Consent covers only specific purposes that are clearly described.

Informed. You have full information about which data are processed and for what purposes.

Unambiguous. Consent must be expressed clearly through affirmative actions (for example, clicking “I Agree” or “Yes, I am 18 years old” during registration).

If you do not consent to the processing of certain data, we will be unable to provide some platform features that are impossible without such data (for example, using geolocation to search for suitable joint leisure activities).

15.2. How You Provide Consent

D&D users may provide consent in the following ways:

During registration on the platform. You confirm that you have reviewed the Privacy Policy and provide consent to data processing by clicking “I Agree” or “Yes, I am 18 years old.”

Through profile settings. You can manage your privacy settings and choose which data to provide (for example, whether to allow access to geolocation).

Through pop-ups. In the case of new forms of processing (for example, a request to use new analytical cookies) we request separate consent through a corresponding pop-up window.

While using certain Application features. Some features require a separate permission (for example, camera access to upload photos).

15.3. Which Data May Be Processed with Your Consent

Depending on the functionality you use, we may process the following types of data: (as described above in Sections 2.1 and 2.2).

15.4. Withdrawal of Consent to Data Processing

You have the right to withdraw your consent at any time without giving reasons.

You can do this in the following ways:

In profile settings. Change data collection parameters.

Through the support service. Submit a request to restrict or stop data processing.

Withdraw consent to cookies. Change your browser settings or opt out of personalized advertising in the Application.

If you withdraw consent, this does not affect the lawfulness of data processing that occurred before that moment. At the same time, some D&D features may become unavailable.

15.5. Can We Process Data Without Your Consent
Yes, in certain cases we may process your data without separate consent if it is:

Necessary for the performance of the contract between you and D&D (for example, to provide dating services).

Required to comply with legal obligations.

Justified by our legitimate interest, provided it does not infringe your rights (for example, to prevent fraud).

15.6. Consent to the transfer of data to third parties

We may transfer your data only:

Aggregated and anonymized – to analytics partners (for example, Google Analytics).

To legal authorities – if required by law (for example, to comply with tax reporting obligations, respond to subpoenas, court orders, anti-money laundering laws, or other applicable legal obligations).

No personal data will be shared with advertisers without your explicit consent.

15.7. Your rights regarding consent to data processing

You have the following rights: To know what data of yours we process. To request the deletion of your personal data. To restrict or object to the processing of data. To receive a copy of your data (right to data portability).

To exercise your rights, you may contact our support service.

15.8. Updates to the consent policy

We may periodically update this section in accordance with changes in legislation or our data processing policy.

This section defines your rights and our obligations regarding obtaining consent for data processing, ensuring your awareness and control over your information.

User Health Data Privacy Policy

This User Health Data Privacy Policy is a supplement to the D&D Mobile Application Privacy Policy and applies exclusively to users residing in the states of Washington and Nevada (USA). In the event of a conflict between our general Privacy Policy and this Policy, this Policy shall prevail with respect to consumer health data of residents of Washington and Nevada. It explains what health data may be collected through our platform, how it is used, stored, and protected in accordance with the Washington My Health My Data Act (MHMDA) and the Nevada Consumer Health Data Privacy Law.

1. What health data we may collect

In the D&D mobile application, users may voluntarily provide information about their physical, cognitive, or emotional characteristics, including but not limited to:

Mobility characteristics (e.g., wheelchair use, limited mobility);

Hearing characteristics (e.g., partial or complete hearing loss);

Limb characteristics (e.g., amputation, congenital limb conditions);

Vision characteristics (e.g., nearsightedness, farsightedness, blindness);

Developmental characteristics (e.g., autism, developmental delay);

Cognitive and learning characteristics (e.g., dyslexia, attention deficit disorder);

Communication characteristics (e.g., speech disorders);

Social and emotional characteristics (e.g., anxiety, depression);

Other characteristics that a user may provide voluntarily.

This information constitutes sensitive personal data and is processed with special security measures in accordance with applicable law.

2. How we may use this data

We process health data only with your explicit consent and solely for the following purposes:

Adding information to your profile (if the user chooses to publicly display certain characteristics);

Filtering profiles (enabling users to search and filter profiles by certain parameters);

Ensuring an inclusive user experience (adapting the interface and functionality to user needs);

Analyzing and improving the platform (using anonymized data for analytics and feature development).

We do not use your health data for marketing, advertising, or other commercial purposes without your separate consent.

3. How we store and protect your health data

Your health data is protected through modern encryption during transmission and storage, limited access granted only to specifically authorized personnel, and automatic deletion upon account deletion.

4. 4. How we share health data with third parties

Your health data is not sold, shared with advertising companies, or used outside of legally permitted circumstances.

We are committed to keeping your health data confidential and only sharing it in strictly defined cases where it is necessary to provide our services or in accordance with legal requirements.

Your data may be shared with the following categories of third parties:

Other users

You voluntarily decide what data about your physical or cognitive characteristics will be displayed in your public profile. This means that other users can see this information if you choose to make it available.

Service providers

We work with trusted third-party providers who help us with hosting, security, and support (with mandatory data processing agreements).

Affiliates

We may share user health information with our affiliates and subsidiaries that help us process data for customer support, combating unwanted content and abuse, ensuring user safety, and improving platform functionality.

Affiliates are also required to comply with confidentiality requirements and legal regulations regarding the processing of personal data.

Parties to corporate agreements

In the event of a change in ownership or management of D&D, your data may be transferred to the relevant legal entities in the event of a merger, acquisition, or sale of part or all of the business, corporate reorganization or restructuring, liquidation of the company, or bankruptcy.

In such cases, we ensure that your data remains protected and is transferred in accordance with legal requirements.

Law enforcement agencies and legal institutions

We may transfer your personal data (including health data) in the following situations:

– at the request of a court or government agency (e.g., in the event of a subpoena or investigative request);

– to investigate and prevent crimes (e.g., in the event of fraudulent activity or a threat to user safety);

– to protect the rights, safety, and well-being of users or third parties;

– to establish, exercise, or defend our legal rights.

– when necessary to respond to legal requirements, including subpoenas, investigative requests, or compliance with healthcare data privacy laws.

We disclose such information only to the extent necessary to comply with the relevant legal requirements.

We do not share health data without your consent, except in the following cases:

when required by law or law enforcement agencies;

when sharing is necessary to protect the interests and safety of users;

if the information is aggregated or anonymized, which does not allow the identification of a specific person.

5. Your rights regarding health data

Users residing in Washington and Nevada have the following rights:

Right of access – to know what health data we store;

Right to rectification – update or change the information in your profile;

Right to restrict processing – you can restrict the use of your data;

Right to erasure – you can request that all health data be deleted from our database;

Right to withdraw consent – you can withdraw your consent to data processing at any time.

To exercise these rights, you can contact us at dateanddonate@proton.me

6. How long we store health data

We only store users’ health data for as long as necessary to fulfill the purposes for which it was collected.

If you delete health information from your profile, the data is automatically deleted.

If you delete your account, your health data will be deleted within 30 days.

If we retain information to comply with legal obligations, the data may be retained for up to 10 years, in accordance with international law.

7. How we comply with the Washington My Health My Data Act and the Nevada Consumer Health Data Privacy Law

In order to comply with local laws regarding the privacy of medical data, we have implemented the following measures:

We obtain explicit consent before collecting any health data.

We allow users to easily withdraw their consent and delete their data.

We ensure that data is encrypted and protected from unauthorized access.

We do not transfer data to third parties without legal grounds or user consent.

We review all privacy requests within the time limits specified by law.

8. How to obtain additional information or file a complaint

If you have questions about this Policy or believe that your rights have been violated, you can file a complaint with the appropriate regulatory authority:

Washington – Washington State Attorney General (https://www. atg. wa. gov).

Nevada – Nevada Attorney General’s Office (https://ag. nv. gov).

We are committed to ensuring the security and privacy of each user’s data and encourage you to carefully review this Policy.

Effective Date

This Privacy Policy was last updated on August 19, 2025.