Privacy Policy

Effective: - Version 1.1
Privacy-first Consent-led

This Privacy Policy explains how Heartstead collects, uses, stores, and protects your information when you use the Service. It is written to reflect the features currently available in the application. It is general information, not legal advice.

On this page 1. Who we are 2. What we collect 3. How we use data 4. Legal bases 5. Photos and privacy 6. Cookies 7. Sharing and processors 8. International transfers 9. Retention 10. Your rights 11. Children 12. Security 13. Changes 14. Contact

1) Who we are

Heartstead is the controller for the personal data processed through this Service. If you need help with a privacy request, please contact us.

2) Information we collect

  • Account and profile data: email, phone, name, gender, age, location, relationship preference, marital status, education, occupation, languages, motivations, bio, values, and interests.
  • Photos and media: user-uploaded images, moderation status, and visibility settings such as private, approved-only, public-to-matches, and public.
  • Usage and security telemetry: IP address, device and browser details, page visits, profile opens, timestamps, and abuse-prevention logs.
  • Relationship actions: interests, matches, photo access requests, and messages when messaging is available through an accepted interest, an active match, or granted photo access.
  • Verification: contact verification and optional identity-verification materials if you choose to submit them.

3) How we use your information

  • Provide and personalize profile, browse, matching, messaging, and photo-access features.
  • Operate safety features such as moderation, verification review, fraud prevention, rate limiting, and abuse investigation.
  • Enforce privacy controls such as profile visibility, photo visibility, and access-request decisions.
  • Send service communications such as verification messages, interests, message notifications, and policy updates.
  • Comply with law and enforce our Terms of Service.

4) Legal bases (GDPR / UK GDPR)

  • Contract: to operate the Service you ask us to provide.
  • Legitimate interests: security, fraud prevention, product improvement, and moderation.
  • Consent: for optional actions you choose, such as identity verification submissions or requests involving private photo access.
  • Legal obligation: when we must comply with applicable law or lawful requests.

5) Photos, privacy, and moderation

  • Visibility controls: photos may be private, approved-only, public-to-matches, or public depending on account settings and moderation state.
  • Access approval: some photo access is unlocked only after a user grants access or another permitted connection path allows it.
  • Moderation: photos are reviewed through internal admin workflows and human moderation. If automated moderation is added later, this policy will be updated.

6) Cookies and similar technologies

Heartstead currently relies on essential cookies and similar storage for sign-in, session continuity, security, and basic product behavior. The current site does not provide a fully separate in-app consent manager for optional analytics or marketing cookies. If optional categories are introduced later, this policy and the site controls will be updated together.

Current cookie position
  • Essential cookies and local storage support authentication, session state, and core privacy controls.
  • Heartstead does not sell personal information.
  • If you have a privacy request, including a regional opt-out request, please contact us directly.
Contact us about privacy

7) Sharing and processors

We do not sell your personal information. We share data only with service providers needed to run the Service, such as:

  • Authentication: Users.Life sign-in services.
  • Notifications: email and service-notification providers used for transactional messages.
  • Storage and database providers: infrastructure used to store application data and approved photos.
  • Internal moderation and admin tooling: used to review verification and policy issues.

8) International transfers

If data is transferred internationally, we use appropriate safeguards required by applicable law.

9) Data retention

  • Account and profile data: kept while the account remains active, then deleted or retained only as required by policy or law.
  • Messages, interests, and access requests: retained while accounts remain active and then deleted or anonymized according to operational policy.
  • Security telemetry and moderation logs: retained only as long as needed for security, audit, or abuse-prevention purposes.

10) Your rights

Depending on your region, you may be able to request access, correction, deletion, restriction, objection, or data portability.

  • You can update profile data and many privacy settings inside the app.
  • For broader privacy requests, account deletion requests, or data-access requests, please contact us.

Use the contact page for privacy requests that are not yet fully self-serve.

11) Children

Heartstead is for adults 18 and older only. If you believe a child has provided us personal data, contact us so we can investigate and remove it.

12) Security

  • We use encryption in transit, access controls, audit logging, and other technical and organizational safeguards appropriate to the Service.
  • Only authorized personnel should access moderation or verification data.

13) Changes to this Policy

We may update this Privacy Policy from time to time. If the changes are material, we will post an updated effective date and use reasonable efforts to notify active users.

14) Contact

Questions or requests? Contact Us