Privacy Policy

1. INTRODUCTION

Welcome to Heartspace ("we," "our," or "us"). We are committed to protecting your privacy and creating a safe space for meaningful connections. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our dating platform.

Heartspace is designed for emotionally mature individuals seeking authentic, long-term relationships through deep compatibility matching rather than superficial swiping.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Profile Information:

• • Personal details (name, age, location, relationship status)
• • Photos and profile descriptions
• • Comprehensive compatibility assessment responses (60+ questions covering personality, values, communication style, and relationship goals)
• • Interest tags, hobby selections, and core values alignment
• • Bio and personal descriptions

Communication Data:

• • Messages sent and received through our platform
• • Voice messages and any future video call data
• • Interaction patterns and communication preferences

Personal Growth Data:

• • Journal entries and guided reflection responses
• • Mindfulness ritual participation and progress
• • Mood tracking selections and emotional awareness data
• • Personal development goals and milestone documentation

Payment Information:

• • Subscription plan details and payment history
• • Billing information (processed securely through Stripe)
• • Boost purchases and feature usage

2.2 Information We Collect Automatically

Usage Analytics:

• • App usage patterns and feature engagement
• • Time spent on different sections of the platform
• • Match interaction data and compatibility scores
• • Device information and technical specifications

Technical Data:

• • IP address and geolocation data
• • Browser type and operating system
• • Session duration and navigation patterns
• • Error logs and performance metrics

2.3 Information from Third Parties

Identity Verification:

• • Official Australian documents through Stripe Identity verification
• • Social media profile information (if you choose to connect accounts)
• • Professional network data (if applicable)

3. HOW WE USE YOUR INFORMATION

3.1 Core Platform Functions

Compatibility Matching:

• • Generate compatibility scores based on your assessment responses
• • Provide detailed compatibility analysis and reasoning
• • Suggest potential matches with 85%+ compatibility ratings
• • Create personalized match recommendations

AI-Powered Insights (Ellie AI):

• • Deliver personalized relationship guidance and conversation advice
• • Analyse communication patterns and provide compatibility insights
• • Offer growth recommendations based on your interaction data
• • Provide relationship pattern analysis and development suggestions

Personal Growth Support:

• • Curate guided journal prompts based on your responses
• • Track personal development progress and milestones
• • Recommend mindfulness practices and connection-building exercises
• • Provide mood-based insights and emotional awareness tools

3.2 Platform Improvement

Service Enhancement:

• • Improve matching algorithms and compatibility calculations
• • Optimise user experience and app performance
• • Develop new features based on user feedback and usage patterns
• • Enhance security measures and fraud prevention

Analytics and Research:

• • Conduct anonymized research on relationship patterns and success metrics
• • Analyse platform effectiveness and user satisfaction
• • Monitor feature usage and engagement rates
• • Improve AI capabilities and personalisation

3.3 Communication and Support

Platform Communications:

• • Send match notifications and messaging alerts
• • Provide customer support and technical assistance
• • Share platform updates and new feature announcements
• • Deliver subscription and billing notifications

4. INFORMATION SHARING AND DISCLOSURE

4.1 With Other Users

Profile Visibility:

• • Your profile information is visible to compatible matches
• • Compatibility scores and analysis are shared with mutual matches
• • Messages and interactions are visible to conversation participants
• • Growth milestones and achievements may be shared if you choose

4.2 With Service Providers

Technical Infrastructure:

• • Google Analytics (website analytics and user insights)
• • Google Forms (form submissions and data collection)
• • Email service providers (newsletters and communications)

AI and Enhancement Services:

• • AI processing services for Ellie AI functionality
• • Image processing and optimisation services
• • Communication and notification delivery services

4.3 Legal Requirements

We may disclose your information when required by law, to:

• • Comply with legal processes and government requests
• • Protect our rights, property, or safety
• • Investigate potential violations of our Terms of Service
• • Prevent fraud, abuse, or harmful activities

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, with continued protection under this Privacy Policy.

5. DATA SECURITY AND PROTECTION

5.1 Security Measures

Authentication and Access:

• • JWT token-based secure authentication
• • Role-based access controls with different permission levels
• • End-to-end encryption for sensitive communications
• • Secure data transmission using industry-standard protocols
• • Regular security audits and vulnerability assessments

Data Protection:

• • End-to-end encryption for data in transit and at rest
• • GDPR compliance for data protection and user rights
• • Regular security audits and vulnerability assessments
• • Secure API endpoints with rate limiting and request validation

Payment Security:

• • PCI compliance through Stripe payment processing
• • Encrypted transaction processing with fraud protection
• • Secure webhook handling for subscription events
• • No storage of payment card information on our servers

5.2 Application Security

Platform Protection:

• • Input validation and sanitization for all user inputs
• • Cross-site scripting (XSS) protection with Content Security Policy
• • Cross-site request forgery (CSRF) protection
• • Comprehensive error handling and secure logging

6. YOUR PRIVACY RIGHTS AND CONTROLS

6.1 Profile Management

Visibility Controls:

• • Adjust who can see your profile and information
• • Control match discovery and search visibility
• • Manage photo and personal information sharing
• • Set communication preferences and boundaries

Data Access and Portability:

• • Request a copy of your personal data
• • Download your profile information and conversation history
• • Export journal entries and personal growth data
• • Access compatibility assessment responses and insights

6.2 Account Management

Data Modification:

• • Update profile information and preferences at any time
• • Modify compatibility assessment responses
• • Change privacy settings and visibility controls
• • Update communication and notification preferences

Account Deletion:

• • Permanently delete your account and associated data
• • Remove profile from all match recommendations
• • Delete conversation history and personal growth data
• • Cancel subscriptions and remove payment information

6.3 Communication Controls

Notification Management:

• • Control match notifications and messaging alerts
• • Manage email communications and platform updates
• • Set boundaries for AI recommendations and insights
• • Adjust frequency of personal growth prompts and reminders

7. DATA RETENTION

7.1 Active Account Data

• • Profile Information: Retained while your account is active and for 30 days after deactivation
• • Conversation Data: Stored for the duration of your account and 90 days post-deletion
• • Personal Growth Data: Maintained while active, with option for immediate deletion
• • Analytics Data: Anonymized and retained for platform improvement purposes

7.2 Deleted Account Data

• • Immediate Removal: Profile visibility and match recommendations
• • 30-Day Retention: Backup systems and fraud prevention (anonymized)
• • Permanent Deletion: All personal identifiers and sensitive information
• • Anonymized Analytics: May be retained for research and platform improvement

8. INTERNATIONAL DATA TRANSFERS

As an Australian-based platform, your data is primarily stored and processed within Australia. When we use international service providers (such as cloud hosting), we ensure:

• • Adequate data protection measures are in place
• • Compliance with Australian Privacy Principles
• • Secure data transfer protocols
• • Contractual protections for your personal information

9. CHILDREN'S PRIVACY

Heartspace is designed for adults aged 18 and over. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected information from someone under 18, we will promptly delete such information.

10. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

• • Notify you of significant changes through the app or email
• • Post the updated policy with a new "Last Updated" date
• • Provide 30 days' notice for material changes
• • Obtain your consent for changes that significantly affect your rights

12. ADDITIONAL INFORMATION

12.1 Demo Mode Privacy

Our demo mode uses anonymized sample data with no real user information. Demo interactions are not stored or linked to any personal accounts.

12.2 Third-Party Links

Our platform may contain links to third-party websites or services. This Privacy Policy does not apply to those external sites, and we encourage you to review their privacy policies.

12.3 Research and Development

We may use anonymized, aggregated data for research purposes to improve online dating experiences and relationship outcomes. Individual users cannot be identified in such research.