PrivemeetBack to home

Privacy Policy

Effective date: March 1, 2026 — Last updated: March 2026

1. Introduction and Data Controller

Privemeet ("we", "us", or "our") operates a premium dating platform that prioritizes privacy and discretion. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website and progressive web application (collectively, the "Service").

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Spanish Organic Law 3/2018 on Data Protection and Digital Rights ("LOPDGDD"), the California Consumer Privacy Act ("CCPA"), and other applicable data protection laws.

Data Controller

Privemeet

Email: privacy@privemeet.com

Data Protection Officer: dpo@privemeet.com

By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Types of Data We Collect

We collect the following categories of personal data:

2.1 Account and Identity Data

  • Phone number (used for OTP authentication via Twilio)
  • Display name and profile information you provide
  • Date of birth (to verify you are 18 or older)
  • Gender and dating preferences
  • User segment and relationship preferences
  • Language and locale preferences

2.2 Photos, Media, and Biometric Data

  • Profile photos you upload (stored securely in our database)
  • Verification selfies and facial geometry data — used to confirm your identity via facial recognition. This constitutes biometric data under GDPR Article 9 and is processed only with your explicit consent.
  • Face-blurred versions of photos, generated automatically by our AI face blur technology
  • AI-enhanced photos generated through our fal.ai integration
  • Premium content (photos and videos) uploaded by Content Creators

2.3 Location Data

  • GPS coordinates (only when you explicitly grant location permission)
  • IP-based geolocation (approximate location derived from your IP address)
  • Location data is used to show nearby users and is never displayed precisely to other users

2.4 Communications Data

  • Messages exchanged with other users through the Platform
  • Message metadata (timestamps, read receipts)
  • Support communications you send to us
  • Reports and feedback submitted through the Platform

2.5 Financial and Transaction Data

  • Subscription type and billing history
  • Premium content purchase history
  • Earnings data for Content Creators (amounts, payout status)
  • Payment details are processed and stored exclusively by Stripe; we do not store your full card number, CVV, or complete banking information

2.6 Device and Technical Data

  • Device type, operating system, browser type and version
  • IP address and session identifiers
  • Push notification tokens (for delivering push notifications)
  • Usage logs (pages visited, features used, timestamps, click patterns)
  • Screen resolution and viewport size
  • Referring URL and landing page

2.7 Data We Do Not Collect

  • We do not collect data from social media accounts (we have no social login)
  • We do not collect contacts from your phone's address book
  • We do not collect health data, political opinions, or religious beliefs

3. How We Use Your Data

We process your personal data for the following purposes:

  • Account creation and authentication — verifying your identity via phone OTP (Twilio) and selfie verification (facial recognition)
  • Providing the Service — matching you with other users, displaying profiles, enabling messaging, and delivering premium content
  • Location-based features — showing users near you and calculating approximate distances between users
  • Privacy protection — applying face blur to photos, enabling app disguise and panic button features, preventing unauthorized content distribution
  • Payment processing — managing subscriptions, processing content purchases, and calculating and distributing Creator earnings
  • Safety and moderation — detecting and preventing fraud, abuse, harassment, and violations of our Terms of Service using both automated and human review
  • AI-powered features — generating enhanced profile photos, moderating messages, and maintaining ghost profiles for quality assurance
  • Push notifications — delivering real-time alerts for messages, matches, and account activity (with your opt-in consent)
  • Communications — sending SMS verification codes, account notifications, and service updates
  • Analytics and improvement — understanding usage patterns to improve the Service, diagnose technical issues, and measure feature effectiveness
  • Legal compliance — fulfilling legal obligations, responding to legal requests, and enforcing our Terms

4. Legal Basis for Processing (GDPR)

We process your data under the following legal bases as defined by GDPR Article 6 (and Article 9 for special categories of data):

Contract Performance (Art. 6(1)(b))

Processing necessary to provide you with the Service you signed up for, including account management, profile display, matching, messaging, payment processing, and content delivery.

Explicit Consent (Art. 6(1)(a) / Art. 9(2)(a))

For biometric data processing (selfie verification, facial recognition), GPS location data, AI photo generation, push notifications, and optional analytics cookies. You may withdraw consent at any time without affecting the lawfulness of processing performed prior to withdrawal.

Legitimate Interests (Art. 6(1)(f))

For fraud prevention, platform security, content moderation, abuse detection, service improvement, and aggregated analytics. We have conducted balancing tests to ensure these interests do not override your fundamental rights and freedoms.

Legal Obligation (Art. 6(1)(c))

Where we are required by law to retain, process, or disclose data, including tax record keeping, responding to lawful court orders, and mandatory reporting of CSAM.

5. AI and Automated Processing

Privemeet uses artificial intelligence and automated processing in several aspects of the Service. We are committed to transparency about how AI is used:

Face Blur Technology

When you upload a photo, our AI automatically detects faces and generates a blurred version. This processing happens on our servers. The original unblurred photo is stored securely and only revealed to users you explicitly authorize.

Legal basis: Contract performance (essential feature of the Service)

Selfie Verification (Facial Recognition)

Our verification system uses facial recognition to compare your live selfie with your profile photos, confirming you are a real person and that your photos are genuine. Facial geometry data (biometric data) is processed during verification and is not retained after the verification process is complete.

Legal basis: Explicit consent (Art. 9(2)(a) GDPR — biometric data)

AI Photo Generation (fal.ai)

When you use our AI photo enhancement feature, your photos are transmitted to fal.ai for processing. Generated images are returned to us and the originals are not retained by fal.ai beyond the processing period. This feature is entirely optional.

Legal basis: Explicit consent

Message Moderation (Anthropic Claude)

Messages may be analyzed by AI to detect abusive, threatening, or illegal content. Flagged messages are queued for human review. Message content sent to the AI service is processed in real-time and is not stored by the AI provider for training purposes.

Legal basis: Legitimate interest (user safety)

Ghost Profiles

We use AI-generated test profiles ("ghost profiles") for quality assurance, feature testing, and demonstration purposes. Ghost profiles are synthetic — they do not represent real individuals and do not initiate conversations with real users. They are marked internally as test accounts.

Legal basis: Legitimate interest (service quality)

Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you. If any automated processing results in account suspension or content removal, you may request human review by contacting support@privemeet.com.

6. Third-Party Data Sharing

We share your personal data only with trusted third-party service providers who assist us in operating the Service. We do not sell your personal data to third parties. We do not share your data with advertisers.

Stripe (Payment Processing)

Receives your payment information (card details, billing address) to process subscriptions, content purchases, and Creator payouts. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy.

Data shared: payment details, billing address, transaction history, email

Twilio (SMS Delivery)

Receives your phone number to send OTP verification codes and account notifications. See Twilio's Privacy Policy.

Data shared: phone number, SMS message content

Amazon Web Services (Infrastructure)

Our Service is hosted on AWS infrastructure. All data stored on AWS is encrypted at rest and in transit. AWS acts as a data processor under our instructions and does not access your data for its own purposes. See AWS Privacy Policy.

Data shared: all data is hosted on AWS (EU region by default)

Anthropic (AI Message Moderation)

Message content may be sent to Anthropic's Claude AI for automated moderation of abusive or illegal content. Messages are processed in real-time and Anthropic does not retain message content for model training under our commercial agreement. See Anthropic's Privacy Policy.

Data shared: message text content (no user identifiers)

fal.ai (AI Photo Generation)

When you opt in to AI photo generation, your photos are sent to fal.ai for processing. Generated images are returned to us. Originals are not retained by fal.ai beyond the processing period. See fal.ai's Privacy Policy.

Data shared: photo image data (only when you use the AI photo feature)

We may also disclose your data when required by law, in response to valid legal process (court orders, subpoenas), to protect the rights, property, or safety of Privemeet, our users, or the public, or in connection with a merger, acquisition, or sale of assets (in which case you will be notified).

7. International Data Transfers

Our primary infrastructure is hosted in the European Union (AWS EU region). However, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) when using our third-party service providers:

  • Stripe — United States (PCI DSS compliant, EU-US Data Privacy Framework)
  • Twilio — United States (Standard Contractual Clauses)
  • Anthropic — United States (Standard Contractual Clauses)
  • fal.ai — United States (Standard Contractual Clauses)

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission where applicable
  • Binding Corporate Rules where the service provider has adopted them

You may request information about the safeguards in place for specific transfers by contacting our Data Protection Officer.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

Data CategoryRetention Period
Active account dataDuration of account activity
Profile, photos, and messagesDeleted within 30 days of account deletion
Verification selfiesDeleted immediately after verification is complete
Facial geometry / biometric dataNot retained after verification process
Financial / tax recordsUp to 7 years (legal obligation)
Usage and access logs12 months
Safety / abuse reportsUp to 3 years after resolution
Banned account identifiersIndefinitely (to prevent re-registration)
Purchased premium contentAccessible to purchaser until their account is deleted or the content is removed by the Creator

When data is no longer needed, it is securely deleted or anonymized. Anonymized data (which cannot be linked back to you) may be retained indefinitely for statistical and analytical purposes.

9. Your Rights Under GDPR

Under the GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

Right of Access (Art. 15)

You can request a copy of all personal data we hold about you, together with information about how it is processed. We will provide this in a commonly used electronic format.

Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete personal data. You can also update most of your profile information directly through the app.

Right to Erasure (Art. 17)

You can request deletion of your personal data ("right to be forgotten"). You can delete your account at any time from the Settings page. Certain data may be retained where required by law.

Right to Data Portability (Art. 20)

You can request your data in a structured, commonly used, and machine-readable format (e.g., JSON), and have it transmitted directly to another controller where technically feasible.

Right to Object (Art. 21)

You can object to processing of your personal data based on legitimate interests or for direct marketing. We will cease processing unless we have compelling legitimate grounds.

Right to Restrict Processing (Art. 18)

You can request limitation of processing in certain circumstances, such as when you contest the accuracy of data or when processing is unlawful but you oppose erasure.

Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent (e.g., biometric data, location, AI photos), you can withdraw it at any time without affecting the lawfulness of processing performed prior to withdrawal.

Right Regarding Automated Decisions (Art. 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. You can request human review of automated decisions.

How to exercise your rights

Contact our Data Protection Officer at dpo@privemeet.com. We will respond within 30 days. If your request is particularly complex, we may extend this to 60 days (we will notify you of the extension within the first 30 days). There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.

You also have the right to lodge a complaint with your local supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.

10. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
  • No Sale of Personal Data: We do not sell personal information as defined by the CCPA and have not done so in the preceding 12 months.

To exercise your CCPA rights, contact us at privacy@privemeet.com or use the account deletion feature in Settings.

11. Cookies and Tracking Technologies

We use the following cookies and similar technologies:

Strictly Necessary Cookies

Required for authentication, session management, CSRF protection, and security. These cannot be disabled as the Service cannot function without them.

Legal basis: Contract performance

Preference Cookies

Store your language selection, locale, display preferences, and theme settings. These improve your experience but are not essential.

Legal basis: Legitimate interest / Consent

Analytics Cookies

Help us understand how users interact with the Service so we can improve it. Data is anonymized or pseudonymized where possible. These can be disabled through your browser settings.

Legal basis: Consent

We do not use third-party advertising cookies. We do not track you across other websites. We do not participate in any cross-site tracking or retargeting networks.

12. Children's Privacy

Privemeet is strictly for users aged 18 and older. We do not knowingly collect personal data from anyone under the age of 18. Age verification is performed during the registration process through date of birth confirmation and selfie verification.

If we become aware that we have collected personal data from a person under 18, we will take immediate steps to:

  • Delete all personal data associated with that account
  • Permanently terminate the account
  • Report the incident to relevant authorities where required by law

If you believe that a minor has created an account on our platform, please contact us immediately at safety@privemeet.com so we can take appropriate action.

13. Security Measures

We implement robust technical and organizational measures to protect your personal data in accordance with GDPR Article 32:

Technical Measures

  • All data transmitted between your device and our servers is encrypted using TLS 1.2+ / HTTPS
  • Data at rest is encrypted using AES-256 encryption
  • Photos are stored with access controls, not on publicly accessible URLs
  • Face-blurring technology protects your identity until you choose to reveal it
  • Phone numbers are used for authentication only and are never publicly displayed
  • Anti-screenshot and anti-download measures protect premium content
  • Watermarking on content to deter unauthorized distribution
  • Push notification tokens are stored securely and scoped to individual devices

Organizational Measures

  • Access to personal data is restricted to authorized personnel on a need-to-know basis
  • Staff with access to personal data receive data protection training
  • Regular security assessments and monitoring of our infrastructure
  • Data processing agreements in place with all sub-processors
  • Incident response procedures for security incidents

While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the competent supervisory authority (AEPD in Spain) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
  • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34. Notification will be sent via SMS, email, or in-app notification.
  • Provide details of the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address the breach.
  • Document the breach internally regardless of severity, including facts, effects, and remedial action taken.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or applicable law. When we make material changes:

  • We will update the "Last updated" date at the top of this page.
  • We will notify you through the Service, by SMS to your registered phone number, or by other appropriate means at least 14 days before the changes take effect.
  • Where changes affect processing based on consent, we will request renewed consent where required by law.

Your continued use of the Service after the effective date of any changes constitutes your acknowledgment of the updated policy. Previous versions of this policy are available upon request.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:

Privemeet

General privacy inquiries: privacy@privemeet.com

Data Protection Officer: dpo@privemeet.com

Safety and child protection: safety@privemeet.com

General support: support@privemeet.com

We aim to respond to all legitimate requests within 30 days. If your request is particularly complex or you have made multiple requests, we may need up to 60 days, in which case we will notify you within the initial 30-day period.

Terms of Service·Back to Privemeet