1. Who We Are (Data Controller) The App is operated by: Name: Pak Yu Wong Contact Email: otter.matching@gmail.com Contact Address: Innovation Centre, University of Exeter, United Kingdom Under the EU General Data Protection Regulation (GDPR), we act as the Data Controller of your personal data. 2. What Personal Data We Collect and Why To provide you with our matching and dating services, we collect and process the following categories of personal data: Data Category Specific Data Collected Purpose of Processing Legal Basis (GDPR) Account Information Email address, password (encrypted and stored via Firebase) To create and manage your account, enabling you to log in and use our services. Performance of a contract with you (Article 6(1)(b)). Profile Information Photos you upload To display your profile within the App, allowing other users to view and match with you. Performance of a contract with you (Article 6(1)(b)). Usage & Behavioral Data In-app activities such as swipes, matches, chat history, and interaction patterns To operate, maintain, and improve our services, provide personalized match suggestions, and analyze overall App usage. Our legitimate interest in providing and improving our services (Article 6(1)(f)). Important Notes: Your password is encrypted during transmission and storage (using Firebase services). We process your data only when we have a valid legal basis. 3. Social Media Sharing of Anonymized Statistics (Optional Consent) We may wish to share fully anonymized, aggregated statistics about general user behavior trends (for example, "X% of users prefer to send the first message") on our social media channels or for promotional purposes. Important: This sharing is entirely optional and will only happen if you actively and explicitly consent to it. What we share: Only aggregated numbers that combine data from many users. No individual user can be identified from these statistics. What we NEVER share: Your name, email, photos, specific chat content, or any information that could identify you personally. Your choice: You are not required to agree to this to use our App. Your decision will not affect your access to any features or services. To give your consent, you will see a separate pop-up or toggle within the App. You can change your mind at any time. 4. Your Consent Options Consent Type What It Means How to Give/Withdraw Required Consent Necessary for the App to function (e.g., storing your account data). You cannot use the App without agreeing to this. Given when you create an account. Optional Consent (Social Media Sharing) Allows us to share fully anonymized, aggregated statistics on social media for promotional purposes. This is not required to use the App. You will see a separate pop-up asking for your permission. You can also change your setting anytime in the App's Settings → Privacy section. 5. How to Withdraw Your Optional Consent You can withdraw your consent for social media sharing at any time, and it will not affect your ability to use the App. To withdraw: Open the App. Go to Settings → Privacy. Toggle off the option labeled "Allow sharing of anonymized statistics for promotional purposes." Once you toggle it off, we will immediately stop including your data in any future social media posts. This change takes effect within 24 hours. 6. Data Storage and Retention Storage Location: Your personal data is stored on secure cloud servers provided by Google Firebase. This may involve transferring your data to servers located outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses approved by the European Commission). Retention Period: We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. If you delete your account, we will delete or anonymize your data within 30 days, unless we are required to retain it for legal compliance. 7. Data Sharing and Disclosure We do not sell or rent your personal data to third parties. We may share your data only in the following limited circumstances: Service Providers: With trusted third-party service providers who perform services on our behalf, such as Firebase (hosting and authentication). These providers are contractually obligated to process your data only according to our instructions and in compliance with applicable data protection laws. Legal Compliance: If required by law, regulation, or legal process, we may disclose your data to competent authorities. Protection of Rights: To protect the security, rights, or property of our users, the public, or our company. 8. Your Rights (Under GDPR) If you are a resident of the European Union or the EEA, you have the following rights regarding your personal data: Right Description Right of Access You can request a copy of the personal data we hold about you. Right to Rectification You can request that we correct any inaccurate or incomplete data. Right to Erasure ("Right to be Forgotten") You can request that we delete your personal data under certain conditions. Right to Restrict Processing You can request that we limit the processing of your data. Right to Data Portability You can request a copy of your data in a machine-readable format. Right to Object You can object to our processing of your data based on our legitimate interests. Right to Withdraw Consent Where we rely on your consent, you can withdraw it at any time. To exercise any of these rights, please contact us at: otter.matching@gmail.com You also have the right to lodge a complaint with a supervisory authority in your country of residence. 9. Data Security We implement appropriate technical and organizational measures to protect your data against unauthorized access, accidental loss, or destruction. Our services rely on Firebase, which employs industry-standard security practices, including encryption. 10. Children's Privacy Our services are intended for individuals aged 18 or older. We do not knowingly collect personal data from individuals under this age. If you believe a minor has provided us with their data, please contact us at otter.matching@gmail.com. 11. Changes to This Privacy Policy We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the App. The "Last Updated" date at the top of this policy indicates when it was last revised. 12. Contact Us If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at: Email: otter.matching@gmail.com Address: Innovation Centre, University of Exeter, United Kingdom