1. Introduction

This Privacy Policy applies to the Geml dating platform (the "Service"), operated by Geml, Inc. ("Geml," "we," "us," or "our"). This policy describes:

• What personal information we collect and why
• How we use, store, and protect your information
• Your rights regarding your personal data
• How to contact us with privacy questions or concerns

By using Geml, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

We collect several types of information to provide and improve our Service:

2.1 Account Information

When you create a Geml account, we collect:

• Basic profile data: Email address, name, date of birth, gender identity
• Profile content: Photos, audio recordings, written profile text
• Verification data: Video verification recording and identity verification information
• Preferences: Dating preferences, including age range, location preferences, and relationship goals

2.2 Location Data

To provide local matches, we collect your general location (city and region). We do not track your real-time location or precise GPS coordinates. Location is used only to:

• Match you with people in your geographic area
• Provide city-specific waitlist information
• Understand regional service demand

2.3 Video Chat Data

• Date, time, and duration of video chats
• Connection quality metrics
• Conversation analytics (speaking time balance, engagement indicators)

Video chat content itself is ephemeral and not stored.

2.4 Usage Analytics

We use Plausible.io, a privacy-focused analytics service, to understand how people use our Service. We collect:

• Pages visited and features used
• Time spent on different sections
• Device type and browser information
• Referral sources (how you found Geml)

Plausible.io does not use cookies and does not track users across websites. All data is aggregated and anonymized.

2.5 Match Ratings and Feedback

Your ratings and feedback are core to our matching algorithm and learning system:

• Profile ratings: How you rate potential matches
• Post-date feedback: Your assessment of match quality and conversation experience

2.6 Payment Information

We use Stripe to process payments. We do not store your full credit card information on our servers. Stripe retains:

• Last 4 digits of your card
• Card expiration date
• Billing address

See Stripe's Privacy Policy for details on how they protect payment data.

2.7 Communications

When you contact us or interact with our Service, we collect:

• Email correspondence
• Customer support inquiries
• Survey responses and feedback
• In-app messages with matched users (encrypted)

3. How We Use Your Information

We use your information exclusively to provide, improve, and personalize the Geml experience:

3.1 Matching Algorithm

We use the Gale-Shapley stable matching algorithm (Nobel Prize-winning research) to pair you with compatible matches based on:

• Your preferences and dating goals
• Mutual compatibility indicators
• Geographic proximity
• Activity patterns and engagement

3.2 Service Delivery and Improvement

Your information helps us:

• Create and manage your account
• Facilitate video chats between matched users
• Process payments and manage subscriptions
• Provide customer support
• Improve matching quality through machine learning
• Develop new features based on usage patterns

3.3 Personalized Insights and Feedback

We analyze your conversation patterns to provide actionable feedback on:

• Speaking vs. listening balance
• Question quality and engagement
• Conversation topics and flow
• Areas for potential improvement

This analysis is algorithmic and designed to help you improve your dating success rate.

3.4 Communication

We may contact you for:

• Match notifications: When you receive a new match
• Service updates: Important changes to our Service or policies
• Feedback requests: Surveys to improve Geml
• Marketing (opt-in only): Tips, success stories, and product updates

You can opt out of marketing communications at any time via your account settings or unsubscribe links in emails.

3.5 Safety and Verification

To maintain a safe, authentic community, we use your information to:

• Detect and prevent fraud, spam, and abuse
• Enforce our Terms of Service
• Respond to reports of inappropriate behavior

4. Data Sharing

We share your information only in these limited circumstances:

4.1 With Matched Users

When you and another user are assessed to have sufficient mutual interest potential and are matched:

• Your profile (photos, audio, first name, and approximate distance) is displayed to your match
• After a successful video date, if you and your match are re-matched, a private group chat is enabled for both parties to continue meeting and share contact information when appropriate
• Your ratings of others remain private—only mutual matches are revealed

4.2 Service Providers

We work with trusted third-party companies that help us operate Geml:

• Stripe: Payment processing (PCI-DSS compliant)
• Google Cloud Platform: Cloud hosting and data storage
• Plausible.io: Privacy-focused analytics
• Twilio: Video chat infrastructure (with end-to-end encryption capabilities)
• SendGrid: Transactional email delivery

These providers are contractually obligated to protect your data and use it only for providing services to Geml.

4.3 Legal Compliance

We may disclose information if required by law or in response to:

• Valid legal requests (subpoenas, court orders)
• Government investigations
• Situations involving potential harm to individuals or public safety
• Enforcement of our Terms of Service

We will notify you of legal requests unless prohibited by law.

4.4 Business Transfers

If Geml is acquired, merged, or sold, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or uses of your personal information.

4.5 Aggregated Data

We may share anonymized, aggregated statistics that cannot identify individuals:

• Success rates and user demographics (for research or marketing)
• General platform usage trends
• Anonymized matching effectiveness data

5. Your Rights

You have significant control over your personal data:

5.1 Access Your Data

You can view and download your personal information at any time through your account settings. This includes:

• Profile information and photos
• Match history and preferences
• Conversation analytics and feedback

5.2 Correct or Update Information

You can edit your profile, preferences, and account information through the Geml app at any time. If you need help updating information, contact us at hello@geml.co.

5.3 Delete Your Account

You can delete your Geml account at any time. When you delete your account:

• Your profile is immediately removed from matching
• Your photos and personal information are deleted within 30 days
• Some data may be retained for legal compliance (e.g., payment records, abuse reports)
• Aggregated, anonymized data may be retained for analytics

5.4 Opt-Out of Communications

You can control what emails you receive:

• Unsubscribe from marketing emails via the link in any email
• Adjust notification preferences in account settings
• You'll still receive critical service notifications (e.g., match notifications, security alerts)

5.5 Object to Data Processing

You can object to certain uses of your data, such as:

• Marketing and promotional uses

6. Data Security

We take security seriously and implement industry-standard protections:

6.1 Encryption

• In transit: All data transmitted between your device and our servers uses TLS 1.3 encryption
• At rest: Sensitive data is encrypted using AES-256 encryption in our databases
• Messages: In-app messages between matched users are end-to-end encrypted

6.2 Access Controls

• Strict role-based access control for Geml employees
• Multi-factor authentication for all administrative accounts
• Regular security audits and penetration testing
• Logging and monitoring of all data access

6.3 Infrastructure Security

• Hosting on Google Cloud Platform with SOC 2 Type II compliance
• Regular security patches and updates
• Isolated database environments
• Automated backup systems with encryption

6.4 Your Role in Security

You also play a critical role in protecting your account:

• Use a strong, unique password
• Never share your login credentials
• Log out on shared devices
• Report suspicious activity immediately

If you believe your account has been compromised, contact us immediately at hello@geml.co.

7. Cookies and Analytics

7.1 Cookies We Use

Geml uses minimal cookies, only for essential functionality:

• Authentication cookies: To keep you logged in (required)
• Security cookies: To detect and prevent fraud (required)
• Preference cookies: To remember your settings (optional)

7.2 Analytics - Plausible.io

We use Plausible.io for website analytics. Unlike Google Analytics, Plausible:

• Does not use cookies
• Does not track users across websites
• Does not collect personal data
• Is fully GDPR, CCPA, and PECR compliant
• Stores all data in the EU

Learn more about Plausible's privacy-first approach at plausible.io/privacy.

7.3 Third-Party Cookies

When you use third-party services integrated into Geml (like Stripe for payments), those services may set their own cookies. We do not control these cookies. Please review:

• Stripe Cookie Policy

8. Data Retention

We retain your information only as long as necessary:

8.1 Active Accounts

While your account is active, we retain all profile and activity data to provide the Service and improve matching quality.

8.2 Deleted Accounts

When you delete your account:

• Immediate: Profile removed from all matching and search
• Within 30 days: Profile photos, audio, and personal details permanently deleted
• Within 90 days: Video chat metadata and analytics deleted
• Retained indefinitely: Aggregated analytics (anonymized), financial records (for tax/legal compliance), abuse reports (for safety)

8.3 Inactive Accounts

If you don't log in for 24 months, we may:

• Send you a reminder email
• Remove your profile from active matching
• Delete your account after 30 months of inactivity (with advance notice)

8.4 Legal Obligations

Some data must be retained to comply with legal requirements:

• Financial records: 7 years (tax law)
• Abuse reports: Indefinitely (safety and legal protection)
• IP logs for security incidents: Up to 1 year

9. GDPR and CCPA Compliance

9.1 GDPR Rights (European Users)

If you're in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under GDPR:

• Right to access: Get a copy of all personal data we hold
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing based on legitimate interests or direct marketing
• Right to withdraw consent: Withdraw consent at any time (where consent is the legal basis)
• Right to lodge a complaint: File a complaint with your local data protection authority

To exercise these rights, email hello@geml.co with "GDPR Request" in the subject line.

9.2 Legal Basis for Processing (GDPR)

We process your data under these legal bases:

• Contract performance: To provide the Service you signed up for
• Legitimate interests: To improve our Service, prevent fraud, ensure safety
• Consent: For marketing communications and optional features
• Legal obligations: To comply with laws and regulations

9.3 CCPA Rights (California Users)

If you're a California resident, you have rights under the California Consumer Privacy Act:

• Right to know: What personal information we collect, use, disclose, and sell (we don't sell data)
• Right to delete: Request deletion of your personal information
• Right to opt-out: Opt out of the "sale" of personal information (not applicable—we don't sell data)
• Right to non-discrimination: We won't discriminate against you for exercising your rights

To exercise these rights, email hello@geml.co with "CCPA Request" in the subject line. We may verify your identity before processing requests.

9.4 International Data Transfers

If you're outside the United States, your data may be transferred to and processed in the US. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adherence to Privacy Shield principles (where applicable)
• Encryption and security measures meeting international standards

10. Children's Privacy

Geml is intended for adults only. You must be at least 18 years old to use our Service.

We do not knowingly collect personal information from anyone under 18. If we discover that someone under 18 has provided us with personal information, we will:

• Immediately delete the account
• Remove all associated data
• Prevent future access

If you believe someone under 18 has created an account, please report it immediately to hello@geml.co.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

11.1 How We Notify You

When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Send you an email notification for material changes
• Display a prominent notice in the app for significant changes
• For major changes, request your explicit consent before they take effect

11.2 Your Continued Use

By continuing to use Geml after changes take effect, you accept the updated Privacy Policy. If you disagree with changes, you can delete your account.

12. Contact Us

We're here to answer your privacy questions and address your concerns.

For security issues or to report a data breach, please email hello@geml.co with "URGENT: Security Issue" in the subject line.