Privacy Policy

1. Introduction

This Privacy Policy describes how we collect, use, and protect your personal information when you use our dating platform.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

• Account information (name, email, date of birth, location)
• Profile information (photos, bio, interests, hobbies, lifestyle preferences)
• Personality quiz responses (80-question personality assessment)
• Messages and interactions with other users
• Payment information (processed securely by PayPal)
• Feedback and support requests

2.2 Automatically Collected Information

We automatically collect certain information when you use our Service:

• Usage data and analytics (pages visited, features used, time spent)
• Device information (device type, operating system, browser)
• IP address and approximate location data
• Cookies and similar tracking technologies

2.3 Special Categories of Personal Data (Art. 9 GDPR)

With your explicit consent, we process special categories of personal data that require heightened protection:

• Sexual orientation and gender identity (required for matching)
• Photos (may contain biometric data such as facial features)
• Health data (optional: weight, height, resting heart rate, body type, dietary preferences)
• Religious or philosophical beliefs (optional: religiosity level)

Legal basis: Art. 6(1)(a) GDPR (Explicit consent) + Art. 9(2)(a) GDPR (Explicit consent for special categories). You can withdraw consent at any time by deleting your account or removing specific data from your profile.

3. How We Use Your Information

We use your personal data for the following purposes, based on specific legal grounds under GDPR:

• To provide and improve our services - Legal basis: Art. 6(1)(b) GDPR (Contract performance)
• To match you with compatible users using our personality-based algorithm - Legal basis: Art. 6(1)(b) GDPR (Contract performance) + Art. 6(1)(a) GDPR (Consent for special categories)
• To process payments and manage subscriptions - Legal basis: Art. 6(1)(b) GDPR (Contract performance)
• To moderate content and ensure user safety using AI tools - Legal basis: Art. 6(1)(f) GDPR (Legitimate interest in maintaining platform safety)
• To send service notifications and updates - Legal basis: Art. 6(1)(b) GDPR (Contract performance)
• To send marketing communications (with your consent) - Legal basis: Art. 6(1)(a) GDPR (Consent)
• To analyze usage and improve the platform - Legal basis: Art. 6(1)(f) GDPR (Legitimate interest in product improvement)
• To comply with legal obligations and respond to legal requests - Legal basis: Art. 6(1)(c) GDPR (Legal obligation)

3.1 Automated Decision-Making and Profiling (Art. 22 GDPR)

We use automated decision-making in the following ways:

Personality Matching Algorithm

Our platform uses an automated personality-based matching algorithm that analyzes your personality quiz responses to calculate compatibility scores with other users. This algorithm determines which profiles are shown to you and in what order.

Your Rights

Regarding automated decision-making, you have the right to:

• Obtain human intervention: Request manual review of matching decisions
• Express your point of view: Contact us to discuss how matches are determined
• Contest the decision: Request recalculation or adjustment of compatibility scores
• Opt out: Use manual search features instead of algorithm-based suggestions

Legal basis: Art. 6(1)(b) GDPR (Necessary for contract performance). The algorithm is essential to providing our matching service, which is the core functionality you signed up for.

4. Information Sharing and Data Processors

We do not sell your personal information. We share your information only as necessary to operate our Service:

4.1 Other Users

Your profile information, photos, and messages are shared with other users as part of the dating service functionality.

4.2 Third-Party Service Providers (Data Processors)

We work with trusted service providers who process data on our behalf under strict contractual obligations:

• Supabase (USA) - Database hosting, authentication, file storage - Standard Contractual Clauses (SCC)
• PayPal (USA) - Payment processing and subscription management - Standard Contractual Clauses (SCC)
• Google Cloud Vision (USA) - AI-powered photo verification and moderation - Standard Contractual Clauses (SCC)
• OpenAI (USA) - AI content moderation for messages and profiles - Standard Contractual Clauses (SCC)
• Resend (USA) - Transactional email delivery (notifications, password resets) - Standard Contractual Clauses (SCC)
• Vercel (USA) - Web hosting and content delivery - Standard Contractual Clauses (SCC)
• Sentry (USA) - Error tracking and performance monitoring - Standard Contractual Clauses (SCC)

4.3 Legal Obligations

We may disclose your information to law enforcement, regulatory authorities, or other third parties when required by law, court order, or to protect our legal rights and the safety of our users.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests. Below are the specific retention periods for different types of data:

You can request deletion of your account and personal data at any time from your account settings or by contacting us at info@lovas.ch. We will process deletion requests within 30 days, subject to legal retention requirements.

6. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and Swiss Federal Act on Data Protection (FADP), you have the following rights:

• Right of Access (Art. 15 GDPR): Request a copy of your personal data
• Right to Rectification (Art. 16 GDPR): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17 GDPR): Request deletion of your data ("right to be forgotten")
• Right to Restriction (Art. 18 GDPR): Request limitation of processing in certain circumstances
• Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format (JSON or CSV)
• Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7(3) GDPR): Withdraw consent for special categories or marketing at any time
• Right to Lodge a Complaint: File a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) if you believe your rights have been violated

6.1 Data Export Feature (Automatic Right)

To exercise your right to data portability, you can export your personal data directly from your account settings at any time. Visit Settings > Privacy > Export Your Data and your export will be generated automatically. No approval is required—this is your legal right under Art. 20 GDPR. You can download your data in JSON or CSV format. Exports are available for 7 days after generation and can be requested once every 30 days for security purposes.

6.2 How to Exercise Your Rights

To exercise any of these rights, please contact us at info@lovas.ch or use the Data Export feature in your account settings. We will respond to your request within 30 days as required by GDPR.

7. Security Measures

We take the security of your personal data seriously and implement comprehensive technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction.

7a. Data Breach Notification (Art. 33-34 GDPR)

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we are committed to transparency and will notify you promptly in accordance with GDPR requirements.

8. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect information from children.

9. International Data Transfers

As a Switzerland-based company, we process data primarily in Switzerland. However, some of our service providers are located in third countries, particularly the United States of America (USA).

9.1 Safeguards for Third-Country Transfers

When transferring personal data to the USA or other third countries, we ensure appropriate safeguards are in place as required by Art. 46 GDPR and the Swiss Federal Act on Data Protection (FADP):

Transfer Mechanisms:

• Standard Contractual Clauses (SCC): We have executed EU Standard Contractual Clauses with all USA-based service providers (Supabase, PayPal, Google, OpenAI, Resend, Vercel, Sentry)
• Adequacy Decisions: We monitor and comply with any adequacy decisions issued by the European Commission or Swiss Federal Council
• Additional Safeguards: Our processors implement technical and organizational measures to ensure data protection standards equivalent to GDPR

9.2 USA-Based Processors

The following processors are located in the USA and process your data under Standard Contractual Clauses: Supabase (database, auth, storage), PayPal (payments), Google Cloud Vision (photo verification), OpenAI (content moderation), Resend (emails), Vercel (hosting), Sentry (error tracking).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes.

11. Contact Us

For privacy-related questions or to exercise your rights, please contact us at info@lovas.ch

11.1 Data Protection Officer

Our Data Protection Officer is responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. You can contact our Data Protection Officer directly: