Data Protection Impact Assessment (DPIA)

1. Introduction and Legal Basis

This Data Protection Impact Assessment (DPIA) has been conducted in accordance with Article 35 of the General Data Protection Regulation (GDPR). A DPIA is required when processing operations are likely to result in a high risk to the rights and freedoms of individuals.

1.1 Why This DPIA Is Required

Our dating platform meets multiple criteria that trigger the requirement for a DPIA:

• Automated decision-making including profiling: Our matching algorithm automatically suggests potential partners based on personality assessments and preferences
• Large-scale processing of special categories of personal data: We process information about sexual orientation, religious beliefs, and health status (provided voluntarily by users)
• Systematic monitoring: We track user activity, interactions, and behavior patterns to improve matching quality and detect suspicious activity
• Biometric data processing: We use AI-powered photo and video verification to detect faces and verify user authenticity

2. Description of Processing Operations

This section describes the processing operations that require heightened scrutiny under GDPR:

3. Necessity and Proportionality Assessment

We have assessed whether the processing operations are necessary and proportionate to achieve our legitimate aims:

3.1 Necessity

• Matching Algorithm: Essential to the core purpose of the dating platform. Without compatibility scoring, users would have no basis for finding suitable partners beyond superficial criteria.
• Photo Verification: Necessary to combat the widespread problem of fake profiles, catfishing, and scams in online dating. Builds user trust and platform safety.
• Activity Tracking: Required to detect and prevent abuse, harassment, and platform manipulation. Protects vulnerable users from predatory behavior.
• Special Category Data: Necessary for values-based matching. Religion, health habits, and lifestyle choices significantly impact relationship compatibility. Users voluntarily provide this information to find compatible partners.

3.2 Proportionality

• Data Minimization: We only collect data directly relevant to matching and safety. We do not collect financial information (except for payments), employment history, or other non-dating data.
• Retention Limits: Compatibility scores cached for 30 days, then recalculated. User data deleted within 30 days of account deletion request.
• User Control: Users can hide special category fields, disable tracking features (e.g., 'Last Active'), and export or delete all their data at any time.
• No Cross-Platform Tracking: We do not track users outside our platform or share data with third-party advertisers.
• Transparency: All processing operations disclosed in Privacy Policy. Users informed about AI moderation, photo verification, and algorithmic matching.

4. Risk Assessment

We have identified and assessed the following risks to user rights and freedoms:

5. Mitigation Measures and Safeguards

We have implemented the following technical and organizational measures to mitigate identified risks:

5.1 Technical Safeguards

• End-to-end encryption: All data in transit uses TLS 1.3. Data at rest encrypted via Supabase (AES-256).
• Row-Level Security (RLS): Database policies ensure users can only access their own data and matched users' profiles.
• Photo watermarking: Considering implementation of visible watermarks on photos to deter screenshot sharing.
• Two-factor authentication (2FA): Optional 2FA available for all users to prevent account takeover.
• Rate limiting: API endpoints protected against brute force attacks and abuse (Upstash Redis).
• Content Security Policy (CSP): Prevents XSS attacks and unauthorized script execution.
• Automatic logout: Sessions expire after 7 days of inactivity.
• AI content moderation: All messages and photos scanned for explicit content, harassment, and scams (OpenAI API).
• DDoS protection: Vercel infrastructure provides automatic DDoS mitigation.
• Regular security audits: Quarterly penetration testing and vulnerability scans planned.

5.2 Organizational Safeguards

• Data Protection Officer: Stefan Krebs appointed as DPO to oversee GDPR compliance.
• Privacy by Design: All new features undergo privacy impact assessment before deployment.
• Access controls: Admin access restricted to specific IP addresses and logged for audit trail.
• Employee training: All team members complete GDPR and data protection training annually.
• Incident response plan: Documented procedure for data breach notification within 72 hours.
• Data Processing Agreements: Signed DPAs with all third-party processors (Google, Supabase, PayPal, OpenAI).
• Data retention policy: Automatic deletion of user data 30 days after account closure.
• Regular DPIA reviews: This DPIA will be reviewed annually and whenever processing operations change.
• User reporting: Users can report suspicious profiles, inappropriate content, or data concerns via in-app reporting.
• Transparency: Privacy Policy, Terms, Cookie Policy, and this DPIA publicly available.

5.3 User Rights and Controls

• Right to access: Users can export all their data (profile, messages, photos) in JSON format via settings.
• Right to rectification: Users can edit their profile information at any time.
• Right to erasure: Account deletion permanently removes all user data within 30 days.
• Right to restriction: Users can hide special category fields or disable activity tracking features.
• Right to data portability: Export function provides machine-readable JSON format.
• Right to object: Users can object to automated decision-making by using manual filtering instead of algorithm.
• Right to withdraw consent: Users can withdraw consent for special category data processing by hiding those fields.
• Right to complain: Users informed of their right to lodge complaints with Swiss FDPIC (Federal Data Protection and Information Commissioner).

6. Data Protection Officer Consultation

In accordance with Article 35(2) GDPR, we have consulted our Data Protection Officer (DPO) during the preparation of this DPIA.

DPO Recommendations

• Implement photo watermarking to deter screenshot sharing (timeline: 6 months)
• Conduct third-party penetration testing (timeline: 3 months)
• Establish quarterly algorithmic fairness audits to detect bias
• Create clear user documentation explaining how the matching algorithm works
• Implement 'Report a Problem' feature for users to dispute automated decisions
• Consider implementing screenshot detection (if technically feasible)
• Establish regular training for admin staff on GDPR and data protection
• Review Data Processing Agreements with third-party processors annually

7. Approval and Review

Review Schedule

This DPIA will be reviewed and updated in the following circumstances:

• Annually (next review: October 2026)
• When new processing operations are introduced (e.g., new AI features, data sharing)
• When existing processing operations change significantly (e.g., new third-party processors)
• Following a data breach or security incident
• If new risks are identified through monitoring or user complaints
• When GDPR guidance or regulations are updated

8. Conclusion

This DPIA has identified and assessed the data protection risks associated with our dating platform's core processing operations. While certain operations (automated matching, biometric verification, special category data processing) carry inherent risks, we have implemented comprehensive technical and organizational safeguards to mitigate these risks to an acceptable level. The DPO has reviewed and approved this assessment. We are committed to ongoing monitoring and improvement of our data protection practices.