Privacy Policy

Last Updated: May 20, 2026

HJDating ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the HJDating mobile application and related services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account Information: Phone number, name, date of birth, email address, and Apple ID (for sign-in).
  • Profile Information: Photos, gender, height, location (city and state), languages spoken, hair color, hair type, eye color, ethnicity, sexuality, clothing styles, school, employment status, workout frequency, hobbies, drink and smoke preferences, tattoo preferences, zodiac sign, pet information, partner qualities, search preferences, prompt answers, and a personal bio ("About Me").
  • Social Media Handles: Instagram handle, if you choose to share it.
  • "Top Song" Selection: If you choose to add a song to your profile, we store the Spotify catalog metadata for that track (track ID, track name, artist name, album name, and the URL of the album art image on Spotify's CDN). This metadata is selected by you from Spotify's public catalog; we do not stream or play the song through the app. See Section 1.3 for details on what is shared with Spotify.
  • Verification Data: A short video and a photo of your government-issued ID submitted during identity verification.
  • Survey Responses: Answers to compatibility surveys you complete within the app. We retain every survey attempt you complete (one per category at minimum) so you can revisit previous matches without retaking the survey; the most recent attempt per category drives the matching algorithm.
  • Legal Acceptance: When you accept our Terms of Service and Privacy Policy during onboarding, we record the timestamp of your acceptance, the version strings of the documents you accepted, the IP address of the accepting device, your device's User-Agent string, and a snapshot of your name, phone number, and email address at the moment of acceptance. This information is stored both on your user record and in a tamper-evident audit trail to prove informed consent — and so the consent record can be linked back to you for legal purposes even if your account is later deleted (see Section 4 on retention beyond deletion).
  • Communications: Messages you send to other users through the app, and any contact or support inquiries you submit to us.

1.2 Information Collected Automatically

  • Location Data: With your permission, we collect your approximate location (city/state level) and compute a geohash for matching purposes. We store latitude and longitude for geohash computation only — these are encrypted at rest with AES-256-GCM and never exposed in the API or to other users.
  • Usage Data: How you interact with the Service, including features used, profiles viewed, matches made, messages sent, login streak, and your last-active timestamp.
  • Popularity Ranking: A periodically-computed percentile reflecting how many likes your profile has received in the last 30 days relative to other users. This is shown on your own profile and is not exposed to anyone else without your action (e.g. you may choose to share it via the share-card feature).
  • Online Status: Whether you are currently active in the app. Visibility of this status to other users is tier-gated and can be restricted in Settings.
  • Device Information: Device token (for push notifications), device type, operating system version, and app version.

1.3 Information From / Shared With Third Parties

  • Apple: When you subscribe or make in-app purchases, Apple provides us with transaction identifiers to verify and manage your subscription. Apple Sign-In returns a stable user identifier and (on first sign-in only) your email address.
  • Apple Push Notification service (APNs): We send the message-text and notification metadata for each push you receive to APNs, which delivers it to your device.
  • Google AdMob: If you are on the Free plan, third-party advertisements are displayed within the app via Google AdMob. Google may collect device identifiers and usage data for ad personalization in accordance with Google's own privacy policy. You can manage ad personalization in your device settings.
  • Spotify: If you choose to add a "Top Song" to your profile, our backend queries the Spotify Web API (using Spotify's Client Credentials authentication — Spotify does not see your identity) to retrieve catalog metadata for the track you select. Additionally, when any user views a profile that has a Top Song attached, that viewer's app fetches the album art image directly from Spotify's content-delivery network (i.scdn.co); as a result, Spotify's CDN observes the viewer's IP address and User-Agent string at the time of that image fetch. We do not send your account identifier, profile fields, or other personal information to Spotify. Use of Spotify's catalog is subject to Spotify's Terms and Privacy Policy.
  • Amazon Web Services (AWS): Our backend, databases, and media storage are hosted on AWS. AWS may process the data as a service provider strictly on our behalf and does not use it for any independent purpose.
  • SMS Provider: We use a third-party SMS gateway to deliver the one-time codes used to verify your phone number at sign-in. The gateway sees your phone number and the code message only for the purpose of delivery.

2. How We Use Your Information

  • Provide and Improve the Service: To create and manage your account, display your profile, facilitate matches, enable messaging, and improve app features.
  • Matching: To suggest potential matches based on your profile, preferences, location, and survey responses.
  • Safety and Moderation: To detect and prevent fraud, harassment, fake profiles, underage use, and other violations of our Terms of Service.
  • Communications: To send you push notifications (matches, messages, likes), service announcements, and promotional messages (which you can opt out of).
  • Analytics: To understand usage patterns and improve the Service. We use aggregated, de-identified data for analytics whenever possible.
  • Legal Obligations: To comply with applicable laws, regulations, or legal processes.

3. How We Share Your Information

We do not sell your personal data, and we do not share it with advertisers (other than the ad-personalization data Google AdMob collects on the Free tier, as described in Section 1.3).

  • With Other Users: Your profile information (name, photos, bio, preferences, "Top Song" if you set one, and other profile fields) is visible to other users as part of the matching experience. Your phone number and exact location are never shared with other users. Your email address is never shared with other users.
  • Service Providers: We use trusted third-party services as described in Section 1.3 — hosting and storage (Amazon Web Services), push notifications (Apple Push Notification service), payment processing (Apple In-App Purchase), SMS delivery, music metadata (Spotify, when you select a Top Song), and free-tier advertising (Google AdMob). These providers only access data necessary to perform their services.
  • Safety and Legal: We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect the safety of our users, the public, or our rights.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Retention and Deletion

  • Active Accounts: We retain your data for as long as your account is active.
  • Account Deletion: When you delete your account, we soft-delete your profile immediately (it becomes invisible to other users). All personal data, photos, messages, matches, survey responses, and associated records are permanently purged from our systems within 30 days of deletion.
  • Verification Data: ID photos and verification videos are deleted promptly after the verification review is complete.
  • Backups: Residual copies in encrypted backups are overwritten within the normal backup rotation cycle (no more than 90 days).
  • Tamper-Evident Audit Records (Retained Beyond Deletion): Certain audit records are retained permanently, even after account deletion, because they are required to prove informed consent, document moderation actions, and comply with legal obligations. These records include: (a) legal acceptance audit rows recording each time you accepted the Terms of Service and Privacy Policy — including the timestamp, the version of each document, the IP address, the User-Agent, and a snapshot of your name / phone / email at the moment of acceptance (so the row remains queryable for legal lookups after your account is gone), (b) moderation audit logs for any reports submitted against the account, warnings, suspensions, or bans, (c) support audit logs documenting actions taken by our support staff regarding your account, and (d) banned identifier records when an account is terminated for policy violations (to prevent re-registration). These records are minimized — they do not contain your profile content, photos, messages, or location data — but the identifiers and metadata necessary to authenticate the record are kept.
  • Banned Accounts: If your account is banned for a violation of our Terms of Service, your profile is soft-deleted following the same 30-day window, but your phone number and/or Apple ID identifier is retained on a banlist indefinitely to prevent re-registration. The ban reason, banning admin, and timestamp are retained on the moderation audit log.

5. Your Rights

5.1 All Users

  • Access: You can view all of your profile data within the app at any time. You may also request a full export of your data in machine-readable format.
  • Correction: You can update your profile information at any time through the app.
  • Deletion: You can delete your account from within the app. Deletion is processed immediately with full data purge within 30 days.
  • Notification Preferences: You can manage which push notifications you receive in the app settings.

5.2 California Residents (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request that we delete the personal information we have collected about you (subject to certain exceptions).
  • Right to Opt-Out of Sale: We do not sell your personal information, so this right does not apply. However, if this ever changes, we will provide an opt-out mechanism.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at the email address below or use the in-app account deletion feature.

5.3 GDPR-Ready Provisions (EEA Users)

Although HJDating is currently available only in the United States, we have designed our data practices with GDPR principles in mind for future expansion:

  • Lawful Basis: We process your data based on your consent (account creation), contractual necessity (providing the Service), and our legitimate interests (safety and fraud prevention).
  • Data Portability: You may request a machine-readable copy of your personal data.
  • Right to Erasure: You may request deletion of your personal data, which we honor through our account deletion process.
  • Right to Object: You may object to processing based on legitimate interests.
  • Data Protection Officer: For any GDPR-related inquiries, please contact us using the information below.

6. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Column-level encryption (AES-256-GCM) of precise latitude and longitude values.
  • Deterministic HMAC-SHA256 fingerprinting of phone numbers so the database can verify uniqueness without storing plaintext after the encryption rollout is complete.
  • Secure authentication with phone-based OTP and Apple Sign-In, with token revocation and refresh-token reuse detection.
  • Rate limiting, input sanitization, and injection detection on all API endpoints.
  • Regular security monitoring and incident detection with multi-channel alerting.
  • Restricted access to personal data by authorized personnel only.
  • Append-only database triggers on audit tables so consent records and moderation history cannot be silently modified or deleted by the application.

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Children's Privacy

HJDating is intended for users who are 18 years of age or older. We do not knowingly collect information from anyone under 18. If we discover that a user is under 18, we will immediately terminate their account and delete their data. If you believe a minor is using our Service, please contact us immediately.

8. Third-Party Links

The Service may contain links to third-party websites or services (such as the App Store or social media platforms). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make a material change, we will increment the version string stored alongside your acceptance record; on your next launch of the app you will be prompted to re-review and re-accept the updated Privacy Policy before you can continue using the Service. Non-material clarifications and typo fixes may be made without a re-acceptance prompt. The "Last Updated" date at the top of this page always reflects the most recent revision.

10. Contact Us

If you have questions about this Privacy Policy or your data, please contact us: