This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our mobile application, website, and related services (collectively, the “App”). By creating an account or using Evîn, you agree to this Privacy Policy.
1. Scope and Applicability
This Privacy Policy applies globally to all users of Evîn. It covers data collected through our App, website, or other platforms and complies with international data protection regulations, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).
2. Data We Collect
2.a Information You Provide
- Full name, date of birth, gender, and sexual orientation
- Email address and/or phone number
- Profile photos, bio, preferences, and interests
- Messages, chat history, and shared media
- Payment details (for premium features)
2.b Automatically Collected Information
- Device identifiers, IP address, operating system, and app version
- Usage data (profiles viewed, features used, interactions)
- Location data (with your permission) to show nearby users
- Cookies and tracking technologies for analytics and personalization
2.c Information from Third Parties
- Social media or sign-in providers (Google, Apple, META)
- Advertising and analytics partners
- Payment processors
2.d Facial Biometric Data Sensitive
What We Collect
- A selfie photo captured during registration
- A 128-dimensional mathematical representation (face embedding) of your facial features — stored as 512 bytes of encrypted binary data
How We Collect It
- Using your device’s camera during the registration process
- Face analysis is performed entirely on your device using Apple’s Vision framework. The resulting photo and face embedding are then uploaded to our secure servers for storage.
Why We Collect It
- To verify you’re a real person (anti-bot measure)
- To prevent fake accounts and scammers
- To improve platform safety and trust
- To maintain an authentic dating community
How We Process It
- Face detection uses Apple’s Vision framework (built into iOS)
- Only the final photo and mathematical embedding are uploaded to our secure servers
- Embeddings are stored as encrypted binary data (512 bytes)
- We do not use facial recognition for tracking, advertising, or any other purpose
- Face verification is performed once during registration only
Your Rights
- You can request deletion of your biometric data at any time
- Deleting your account will automatically delete all biometric data immediately
- Biometric data is retained for a maximum of 7 days from the date of verification
2.e Moderation and Safety Data
To operate the Report and Block tools described in our Terms of Use, we collect and process:
- Reports submitted by you: the reason category, free-text details, the user or message being reported, and the timestamp
- Users you block: a list of user IDs you have blocked and the timestamp of each block
- Acceptance of Community Guidelines: a timestamp confirming you accepted our Terms of Use before accessing user-generated content
This data is used exclusively for reviewing reported content within 24 hours, hiding blocked users from your feed, and enforcing our Community Guidelines. Moderation data is accessible only to authorized moderation staff and is never sold or used for profiling.
3. How We Use Your Data
We process your personal data to:
- Create and manage your Evîn account
- Match you with other users based on preferences and location
- Enable chat and communication features
- Operate our moderation tools and enforce our Community Guidelines
- Personalize and improve the App experience
- Detect and prevent fraud, spam, and security breaches
- Send updates, offers, and notifications (with your consent)
- Comply with legal obligations and regulatory requirements
3.a Biometric Data Usage Limitations
✓ We USE biometric data ONLY for:
- ✓ One-time verification during registration
- ✓ Preventing fake accounts and bots
- ✓ Platform safety and security
✗ We DO NOT use biometric data for:
- ✗ Tracking your activity across the app
- ✗ Advertising or marketing purposes
- ✗ Sharing with third parties
- ✗ Facial recognition or surveillance
- ✗ Re-verification on subsequent logins
- ✗ Matching or recommendations
3.b Third-Party Technologies
Apple Vision Framework: We use Apple’s Vision framework (built into iOS) to detect and analyze faces during registration. This processing happens entirely on your device and does not send data to Apple or any third party.
Firebase (Google Cloud): We use Firebase services for secure data storage, authentication, messaging, and serverless functions. All data is encrypted in transit and at rest. Firebase complies with GDPR and international data protection standards.
3.c App Store Privacy Disclosures
| Data Type | Purpose | Linked to You | Used for Tracking | Shared with 3rd Parties |
|---|---|---|---|---|
| Face Data (biometric identifier) | Fraud Prevention, Account Security, App Functionality | Yes | No | No |
4. Legal Bases for Processing (GDPR)
- Consent — for marketing, location sharing, cookies, and biometric data collection
- Performance of a contract — providing the Evîn service
- Legitimate interests — fraud prevention, moderation and community safety, and analytics
- Legal obligation — compliance with applicable laws
5. Sharing of Personal Data
We may share data only as necessary: with other users (according to your privacy settings), with service providers under strict confidentiality, with law enforcement where required by law, and during business transfers. We do not sell your personal data.
Biometric Data Sharing: We NEVER share your facial biometric data (photos or embeddings) with third parties. This data is stored securely in Firebase (Google Cloud) with encryption and is accessible only to you.
Moderation Data Sharing: Reports and block records are accessible only to authorized moderation staff and are never sold or shared with advertisers.
6. Location Data
Evîn uses your location (if you allow access) to display users near you. You can disable location access at any time through your device settings. If disabled, certain features may not function correctly.
7. Messages and Chat
Chats and messages between users are stored securely. To maintain a safe community, Evîn may automatically scan chats for violations of our Community Guidelines (e.g., spam, fraud, or illegal content). Private messages are not shared publicly.
If you report a message using the in-app Report button, the message content, chat ID, and the author’s user ID are included in the moderation record so our team can review the report within 24 hours.
8. Data Retention
We retain your personal data only as long as necessary: while your account remains active, as required by law, or to resolve disputes. Some anonymized data may be retained for analytics.
8.a Biometric Data Retention
How to Request Early Deletion:
- Delete your account: Profile → Settings → Delete Account
- Email us at info@evinapp.net to request deletion
- We will confirm deletion within 7 days of your request
8.b Moderation Data Retention
- Report and block records are retained for up to 24 months for abuse-pattern analysis, then anonymized or deleted
- Upon account deletion, your block list and records you submitted are deleted within 30 days
- Records involving serious violations may be retained longer where required by law
9. Data Security
We use industry-standard security measures including encrypted data transmission (SSL/TLS), secure storage and authentication, and regular security audits and access controls.
9.a Biometric Data Security
Storage
- Selfie photos: Firebase Storage (Google Cloud, europe-west1 region, Belgium) with encryption
- Face embeddings: Firebase Storage as encrypted binary files (512 bytes)
- Verification metadata: Firebase Realtime Database with access controls
Access & Encryption
- We do not access your face embeddings for any purpose other than verification
- All data encrypted in transit (HTTPS/TLS 1.3) and at rest (AES-256)
- Face embeddings are mathematical representations — not reversible to photos
- Strict access controls and user-specific security rules enforce privacy
While we strive to protect your data, no system is completely secure. You share information at your own risk.
10. Your Rights (GDPR & CCPA)
Depending on your jurisdiction, you may have the right to access, correct, or delete your data; restrict or object to processing; withdraw consent at any time; receive a copy of your data; and opt out of sale or sharing of personal data (California users).
Biometric Data Rights: Request access, request deletion at any time, withdraw consent (will prevent account creation), receive confirmation of deletion within 30 days.
Contact us at info@evinapp.net. We respond within 30 days (GDPR) or 45 days (CCPA).
11. Children’s Privacy
Evîn is strictly intended for users aged 18 years and older. We do not knowingly collect or process personal data from minors. If we learn that data from a minor has been collected, we will delete it immediately and report the incident to the appropriate authorities where required.
12. International Data Transfers
We ensure appropriate data protection safeguards (such as EU Standard Contractual Clauses) are implemented to protect your data wherever it is processed.
Biometric Data Location: Primary storage in Europe (europe-west1 region, Belgium). No biometric data is transferred outside the EU.
13. Cookies and Tracking Technologies
Evîn uses cookies and similar technologies to authenticate users, remember preferences, analyze usage, and improve performance. You can control or delete cookies via your device settings.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically. The latest version will always be available in the App and on our website. If we make material changes, we will notify you via email or in-app notification at least 30 days before changes take effect.
15. Contact Us
16. Jurisdiction and Governing Law
This Privacy Policy shall be governed by and interpreted in accordance with the laws of the European Union. Users located in other jurisdictions may be subject to local data protection laws in addition to this policy.
17. State-Specific Biometric Privacy Notices
For Illinois Users (BIPA)
We collect facial biometric identifiers (face embeddings) as described in Section 2.d. By creating an account, you provide written consent to this collection. Biometric data is automatically deleted within 7 days of verification, regardless of account status. Upon account deletion, any remaining biometric data is deleted immediately. Biometric data is collected solely for fraud prevention and account verification, not for commercial purposes.
For Texas Users (CUBI)
We collect biometric identifiers (facial geometry) for security and fraud prevention. This data is not sold or disclosed to third parties except as required by law. By creating an account, you consent to the collection and use of biometric identifiers as described in this policy.
For Washington Users
Biometric data is collected with your express consent during the registration process. We provide clear notice of the purpose, duration, and use of biometric data in this policy.
For California Users (CCPA/CPRA)
Facial biometric data is considered “sensitive personal information” under California law. We already limit biometric data use to account verification only. We do not sell or share your biometric data with third parties. Biometric data is automatically deleted within 7 days of verification and deleted immediately upon account deletion.
18. Compliance Certifications
| GDPR Compliance | |
|---|---|
| Legal basis for processing | Consent and legitimate interests |
| DPIA completed for biometric processing | Yes |
| International transfers | EU Standard Contractual Clauses |
| Right to erasure honored | Within 30 days |
| Apple App Store Compliance | |
|---|---|
| Privacy nutrition labels completed | Yes |
| Face data usage disclosed | Sections 2.d, 3, 3.a, 9.a |
| User consent before biometric collection | Yes — obtained during registration |
| Guideline 1.2 — in-app EULA, Report & Block, 24h moderation | Yes |
| Firebase / Google Cloud Compliance | |
|---|---|
| Data Processing Agreement (DPA) | In place |
| EU data residency | europe-west1 (Belgium) |
| Encryption at rest and in transit | Yes (AES-256 + TLS 1.3) |
19. Transparency Report
Updated quarterly.
| Metric | Value |
|---|---|
| Total users verified | [To be updated] |
| Verification success rate | [To be updated] |
| Fake accounts prevented | [To be updated] |
| Data deletion requests processed | [To be updated] |
| Reports received | [To be updated] |
| Average review time (target < 24h) | [To be updated] |
| Accounts terminated for violations | [To be updated] |
20. Frequently Asked Questions
21. Updates and Amendments
22. Your Consent
By using Evîn, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal data, including facial biometric data and moderation data, as described herein.
For Biometric Data: By creating an account, you provide explicit, informed consent for the collection and processing of your facial biometric data for the purposes stated in this policy.
Withdrawal of Consent: You may withdraw consent at any time by deleting your account. Biometric data is deleted within 7 days of verification or immediately upon account deletion, whichever comes first. All other personal data is deleted within 30 days.