Privacy Policy

1. Introduction

lovento ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our dating service.

By using lovento, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, date of birth, gender
• Profile Information: Photos, bio, interests, occupation, education, location
• Enhanced Profile Data: Pet preferences, favorite books, music taste (Spotify data if connected)
• Communications: Messages, chat content, customer support inquiries
• Payment Information: Credit card details (processed securely by third-party payment processors)
• Verification Data: Government-issued ID for photo verification (optional)

2.2 Information Collected Automatically

• Usage Data: Swipes, likes, matches, message activity, time spent on app
• Device Information: IP address, browser type, operating system, device identifiers
• Location Data: GPS coordinates, city, region (with your permission)
• Cookies: Session cookies, preference cookies, analytics cookies
• Log Data: Access times, pages viewed, actions taken

2.3 Sensitive Personal Data

We may collect sensitive data including sexual orientation, racial or ethnic origin, and religious beliefs only with your explicit consent. You may choose not to provide this information, but it may limit matching capabilities.

3. How We Use Your Information

We use your personal data for the following purposes:

• Matching Algorithm: To suggest compatible matches based on preferences and behavior
• Service Delivery: To provide, maintain, and improve our dating service
• Communication: To send messages, notifications, and updates about your account
• Safety & Security: To detect fraud, prevent abuse, and ensure platform safety
• Content Moderation: To review content for compliance with Community Guidelines
• Analytics: To understand usage patterns and improve user experience
• Marketing: To send promotional emails (you can opt out anytime)
• Legal Compliance: To comply with legal obligations and protect our rights

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Consent: You have given clear consent for us to process your data
• Contract: Processing is necessary to provide the service you requested
• Legitimate Interests: Processing is necessary for our legitimate business interests
• Legal Obligation: Processing is required by law

5. Data Sharing and Disclosure

5.1 Who We Share Data With

• Other Users: Your profile information is visible to other users as part of the matching service
• Service Providers: Cloud hosting (AWS/Supabase), payment processors (Stripe), analytics (Google Analytics)
• AI Services: Content moderation APIs (Azure AI, OpenAI) - data is processed securely
• Law Enforcement: When required by law or to protect rights and safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets

5.2 What We DON'T Do

6. Your Privacy Rights

6.1 GDPR Rights (EU Users)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing of your data
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Withdraw Consent: Withdraw consent at any time

6.2 CCPA Rights (California Users)

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of sale of personal information
• Right to deletion of personal information
• Right to non-discrimination for exercising rights

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Most data deleted within 30 days of account deletion
• Legal Requirements: Some data retained longer for legal compliance (e.g., transaction records for 10 years)
• Backup Systems: Data in backups deleted within 90 days
• Anonymized Data: May be retained indefinitely for analytics

8. Data Security

We implement industry-standard security measures to protect your data:

• End-to-end encryption for messages
• HTTPS/SSL encryption for data transmission
• Secure cloud infrastructure with regular security audits
• Access controls and authentication mechanisms
• Regular security updates and patches
• Employee training on data protection

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

• Notify affected users within 72 hours (GDPR requirement)
• Notify relevant supervisory authorities as required by law
• Provide details about the breach and steps taken to mitigate harm
• Offer guidance on protecting your information

10. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure adequate protection through:

• EU-US Data Privacy Framework compliance
• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission

11. Cookies and Tracking

We use cookies and similar tracking technologies:

• Essential Cookies: Required for the service to function (cannot be disabled)
• Analytics Cookies: Help us understand usage patterns (can be disabled)
• Preference Cookies: Remember your settings (can be disabled)

You can control cookies through your browser settings. Note that disabling cookies may limit functionality.

12. Third-Party Services

We integrate with third-party services:

• Spotify: Music integration (if you connect your account)
• Payment Processors: Stripe for secure payment processing
• Cloud Services: Supabase for data storage
• Analytics: Google Analytics for usage statistics

These services have their own privacy policies. We are not responsible for their data practices.

13. Children's Privacy

Our service is NOT intended for anyone under 18 years old. We do not knowingly collect data from minors. If we learn that we have collected data from someone under 18, we will delete it immediately.

14. AI and Automated Decision-Making

We use AI for:

• Matching Algorithm: Suggests compatible matches based on your profile and behavior
• Content Moderation: Automatically detects inappropriate content
• Spam Detection: Identifies and blocks spam or scam accounts

You have the right to object to automated decision-making and request human review.

15. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the app. Your continued use after changes constitutes acceptance.

16. Contact Us

For privacy-related questions or to exercise your rights:

17. Supervisory Authority

If you are located in the EU/EEA, you have the right to lodge a complaint with your local data protection authority.