Privacy Policy

1. Introduction

This Privacy Policy (the "Policy") describes how Reliable Communications s.r.o. (the "Company", "We") collects, uses, stores, and protects the personal data of Avatar Match platform users (the "Service", "Platform").

We take the protection of your personal data seriously and comply with the requirements of the European Union General Data Protection Regulation (GDPR).

2. What Data We Collect

While using the Service, we may collect the following categories of personal data:

2.1. Registration Data

• Email address
• First and last name
• Date of birth (to confirm 18+ age)
• Password (stored encrypted)
• Google OAuth authentication data (if used)

2.2. Profile Data

• Profile photos
• Biography and description
• Interests and hobbies
• Education and profession
• Communication languages
• Geolocation (city, country) — with your consent

2.3. Psychometric Data

• Personality test results (Big Five, 16PF)
• English language test results
• Psychological questionnaire responses
• AI personality and compatibility analysis
• Preferences and values

2.4. Interaction Data

• Chat message history (messages stored encrypted)
• Avatar simulation history
• Matching results with other users
• Compatibility scores
• Privacy and visibility settings
• Participation in events and projects

2.5. Technical Data

• IP address
• Device type and operating system
• Browser and version
• Cookies and similar technologies
• Activity logs
• Platform feature usage data

2.6. Payment Data

• Transaction history (via Stripe)
• Subscription and plan information
• Token usage
• Payment data (cards) processed exclusively by Stripe — we don't store card numbers

2.7. Verification Data (KYC)

• Identity documents (passport, ID)
• Verification photos (processed via iDenfy)
• Document authenticity verification results

3. How We Use Your Data

We use collected data for the following purposes:

3.1. Service Provision

• Creating and managing accounts
• Creating AI avatars based on psychometric data
• Finding compatible users (matching)
• Conducting virtual dating simulations
• Messaging between users
• Coordinating meetings and events

3.2. Service Improvement

• Analyzing feature usage for optimization
• Training AI models to improve matching accuracy
• Bug fixes and technical support
• Developing new features

3.3. Security

• Preventing fraud and abuse
• Protection from spam and malicious activity
• User identity verification (Trust Score)
• Legal compliance

3.4. Communication

• Sending important Service notifications
• Responding to support requests
• Informing about Policy or Agreement changes
• Marketing messages (with your consent, with opt-out option)

3.5. Billing and Payments

• Processing payments for tokens and subscriptions
• Managing invoices and refunds
• Preventing payment fraud

4. Legal Basis for Data Processing (GDPR)

In accordance with GDPR, we process your personal data on the following legal bases:

• Consent: You gave explicit consent for data processing (e.g., geolocation, marketing)
• Contract Performance: Processing necessary to provide the Service according to Terms of Service
• Legitimate Interests: Service improvement, security, fraud prevention
• Legal Compliance: Fulfilling legal obligations (e.g., financial record retention for 10 years)

5. How We Protect Your Data

We apply technical and organizational measures to protect your data:

5.1. Technical Measures

• Encryption: Data transmitted via secure HTTPS protocol (SSL/TLS)
• Storage Encryption: Sensitive data (passwords, messages) stored encrypted
• Firewalls: Server protection from unauthorized access
• Regular Audits: Infrastructure security checks
• Two-Factor Authentication: Available for additional account protection

5.2. Organizational Measures

• Data Access: Only authorized personnel with NDAs
• Staff Training: Employees trained in data protection principles
• Data Minimization: We collect only necessary data
• Retention Limitation: Data deleted upon account deletion or after retention period

5.3. Security Incidents

In case of personal data breach, we commit to:

• Notify supervisory authority within 72 hours
• Notify affected users without undue delay
• Take measures to minimize consequences
• Investigate and prevent recurrence

6. Data Sharing with Third Parties

We do not sell your personal data. However, we may share data with the following recipient categories:

6.1. Service Providers

• Stripe: Payment processing (PCI DSS certified)
• Firebase/Google Cloud: Hosting, database, authentication
• OpenAI / Anthropic: AI processing for avatar creation and simulations (data transmitted anonymized)
• iDenfy: Identity verification (KYC)
• SendGrid / Email providers: Sending email notifications

All service providers must comply with GDPR and process data only per our instructions.

6.2. Legal Requirements

We may disclose data if required:

• By court order or law enforcement request
• To protect Company and user rights and safety
• To comply with applicable law

6.3. International Transfers

Some service providers (e.g., Google, OpenAI) may process data outside EU. In such cases, we ensure:

• Use of EU standard contractual clauses
• Adequate data protection level
• GDPR compliance

7. Your Data Rights

Under GDPR, you have the following rights:

7.1. Right to Access

You can request a copy of all personal data we hold about you. Access provided free of charge.

7.2. Right to Rectification

You can correct inaccurate or incomplete data through profile settings or by contacting us.

7.3. Right to Erasure ("right to be forgotten")

You can request deletion of your data. We'll delete data within 30 days, except:

• Data required for legal obligations (e.g., financial records for 10 years)
• Data needed for legal claims
• Anonymized statistical data

7.4. Right to Restrict Processing

You can request temporary processing restriction in certain cases (e.g., when disputing data accuracy).

7.5. Right to Data Portability

You can request export of your data in machine-readable format (JSON) for transfer to another provider.

7.6. Right to Object

You can object to data processing for marketing purposes or based on legitimate interests.

7.7. Right to Withdraw Consent

If processing is based on consent, you can withdraw it anytime through profile settings.

7.8. Lodge a Complaint

You have the right to lodge a complaint with the Czech Republic data protection supervisory authority:

8. Cookies and Tracking Technologies

8.1. What Are Cookies

Cookies are small text files saved on your device when visiting the site.

8.2. Cookies We Use

• Essential Cookies: Necessary for Service operation (session, authentication, interface language)
• Functional Cookies: Remember your preferences (theme, settings)
• Analytics Cookies: Help understand how users use the Service (Google Analytics, if enabled)
• Marketing Cookies: Used only with your consent

8.3. Managing Cookies

You can:

• Manage cookies through browser settings
• Block all cookies (may disrupt Service functionality)
• Delete stored cookies
• Configure cookies through our consent banner (on first visit)

9. Children and Privacy

Our Service is intended for persons 18 years and older. We do not knowingly collect data from children under 18.

If you learn that a child has provided us with personal data, please contact us and we'll delete this data.

10. Data Retention

10.1. Retention Periods

• Active Account: Data retained until account deletion
• Inactive Account: After 24 months of inactivity, we notify about possible deletion
• Deleted Account: Most data deleted within 30 days
• Financial Records: 10 years (legal requirement)
• Security Logs: 12 months
• Anonymized Statistics: Indefinitely

11. Privacy Policy Changes

11.1. We may update this Policy when changing:

• Service functionality
• Data protection legislation
• Our data processing methods

11.2. For significant changes, we'll notify you by email 14 days before changes take effect.

11.3. Current version always available on this page with last update date.

12. Contact Information

If you have questions about our Privacy Policy or want to exercise your rights, contact us:

Response Time: We'll respond to your request within 30 days of receipt.