User Privacy Policy

1. Minimum age: You must be at least eighteen (18) years old to use the User side of Smize. If we learn a User is under 18 years, we will block the account and take appropriate steps.

2. Territory: Global sign-ups are technically allowed; core Indian features (certain matching/event functions) may not work outside India. Outside India you may still purchase features and exchange messages, subject to local law.

We collect only what is necessary to provide a safe, functional service. Below is an explicit schedule.

C1. Account & Profile

• Data: Name; Date of Birth; Gender (display optional); Sexual orientation (optional, never shown); minimum two (2) profile photos; Bio; Interests; Languages; Lifestyle fields (drink/smoke/diet); optional College/Work; optional Spotify connect (favourite song playback on profile).

• Source: You.

• Purpose: Create and display your profile; enable discovery, matching, and social features.

• Retention: While your account is active. On deletion, we delete these items immediately, except for data we must retain by law (see C8/C9) and the verification reference ID (see C5) for up to 90 days.

C2. Login, Device & Safety Signals

• Data: Phone and/or email; OTP; device details (OS, model), device/advertising identifiers; anti-fraud and session integrity signals; registered device(s) for safe logins.

• Source: You and your device.

• Purpose: Secure login; prevent account misuse; detect fraudulent access.

• Retention: While active; limited security logs retained for legitimate safety and compliance needs.

C3. Photos, Liveness & NSFW Safety (on-device first)

• Data: Liveness/face-action checks and NSFW checks are performed on your device before upload; we store verification outcomes (e.g., “verified”, “re-check needed”), not raw biometric templates from these checks.

• Purpose: Deter impersonation/scams; reduce abusive or sexual content exposure when blocked by a recipient.

• Retention: Verification outcomes persist while reasonably necessary for platform safety; profile photos you approve are stored to show on your profile.

C4. Location (Foreground-Only)

• Data: Precise location once at app start (foreground-only); no background tracking. We store coordinates/city necessary for proximity matching and event relevance.

• Purpose: Show nearby profiles/events; improve relevance and safety.

• Retention: Stored while your account is active and refreshed on app start.

C5. Video & Government-ID Verification (for events & advanced safety)

• Video verification: stored until you delete your account + 90 days (helps deter impersonation).

• Government-ID verification: performed via a Verification Partner. We store only the partner’s verification reference ID (no copy of your ID image or number).

• DOB mismatch: If your app DOB and ID DOB differ, you must correct the app DOB to proceed with events.

• Under-age: If we discover you are under 18 years, we block your account; you may appeal via support if you think there was an error.

C6. Communications (Chats & Support)

• Data: Matches, one-to-one/group chats, and support tickets. Messages are encrypted in transit (moving from one place to another) and encrypted at rest (stored in database).

• Explicit retention rule: We retain only the last two hundred and fifty (250) messages per chat on our servers for performance/safety.

• Media: Media shared in chats is encrypted at rest (stored in database) and accessible only to participants; we do not scan allowed (opt-in) media for content classification.

• Support messages: Cleared forty-five (45) days after the ticket is marked completed.

• Purpose: Enable chats; reduce spam/abuse; provide support.

C7. Purchases, Features, Credits & Event Interactions

• Data: Feature/pack purchases; credits earned/used (credits are usable only for in-app features and cannot be used for event bills or external services); payment status from Payment Partners/App Stores; event selections; bookings; QR check-ins and attendance.

• Purpose: Deliver paid features; handle credits; manage bookings, entry verification, attendance, and refunds where applicable.

• Retention: Transaction/attendance records retained as required for accounting, taxation, disputes, and fraud prevention.

C8. Diagnostics & Analytics

• Data: Crash logs, performance metrics, aggregated usage analytics, and reliability indicators.

• Purpose: Maintain stability, detect bugs, and improve performance.

• Retention: Kept only as long as needed for operations, then deleted or anonymised.

C9. Marketing & Ads

• Data: Your marketing preferences (email/SMS/push); basic ad-delivery and interaction logs; non-sensitive demographic and in-app context (e.g., age band, city, general interests, feature usage). We do not use your contact details or chat content for ad targeting.

• Purpose: To show in-app advertisements on Smize that may be targeted based on your demographics and in-app context. You cannot opt out of in-app ads. You can opt out of Smize’s own direct marketing (emails/SMS/push) at any time in the app. We do not share any user data with any third party that wants to run ads on Smize, and we do not permit third parties to collect your personal data for their own advertising purposes via Smize.

• Retention: Ad-delivery and interaction logs are retained only for the period necessary for operations, fraud prevention, measurement, and legal compliance, after which they are deleted or anonymised. Your marketing preferences are kept until you change them or delete your account.

• No sale / no sharing for ads: We do not sell Personal Data. We do not share any user data with third parties to run ads on Smize or for their independent advertising purposes.

• Camera: profile photos; video verification; optional media sharing.

• Microphone: voice messages/calls in chats.

• Photos/Media Library: choose and share images/video.

• Location (Precise, Foreground-Only): showing profiles, proximity-based matching and event relevance at app start.

• Notifications: OTPs, account and feature updates, booking and safety alerts.

• App-tracking transparency / Advertising ID: with your platform consent where applicable; used to limit fraud and measure legitimate ads.

• Contacts/Address Book: not collected (we do not request or process your address book).

You can deny or later revoke permissions in OS settings; certain features will not work without them.

E1. Wingman (AI-assisted chat)

• Consent & scope (on-demand only): All Smize users consent at account creation to the on-demand operation of Wingman. If either participant enables Wingman for a chat, Wingman may read the text messages in that chat only when the enabling user explicitly asks for a suggestion. Outside those requests, Wingman does not access the chat.

• What is read: Wingman reads only a limited, recent set of text messages necessary to generate the requested suggestion. It does not access media, attachments, or other non-text content.

• Processing model (fire-and-forget): Processing is ephemeral. Wingman does not store chat messages, does not build user profiles from them, and does not use your chats to train or improve general models. Where we use contracted AI services, they act under our instructions and are not permitted to retain or train on your data.

• Output & control: Wingman returns a suggested reply for you to review, edit, send, or ignore. Once Wingman is turned on for a chat, it cannot be disabled for that chat; however, no data is accessed unless you explicitly ask for a suggestion. To stop processing, simply stop requesting suggestions (or close/delete the chat or your account).

• Security: Chat text remains encrypted in transit and at rest. Wingman access occurs only during your on-demand requests and only for the limited messages needed to generate that response.

E2. NSFW control

• Default: NSFW is blocked by default.

• When blocked: outbound media from a sender may be prevented using on-device checks (no data leaves your device) on the sender’s device (before the media is delivered to you).

• When allowed: if you explicitly allow NSFW, we do not scan such media for classification.

We share data only as needed, under confidentiality and security obligations:

1. Processors (contracted service providers) for: OTP/email delivery, secure cloud storage of media, hosting/database, analytics/crash, maps/geocoding, fraud-prevention, notifications, and Payment/Verification functions. Some may be outside India.

2. Service Providers (Synergy Partners): for a booked Event, we show your profile photo, name, age (where a minimum-age check is relevant), and group/slot strictly for entry/safety. Their access is limited to that Event and must not be used for marketing without your explicit consent.

3. Corporate and legal: mergers/acquisitions; lawful requests from authorities/courts; to protect Users, Service Providers, or our rights; to enforce our Terms; and to prevent fraud or abuse.

4. Never sold: We do not sell Personal Data.

We may store/process data in India and outside India (for example, email services in AP-S-1, storage in the EU, databases in AP-S-1). We use contractual/technical safeguards, least-privilege access, and encryption. By using Smize, you consent to such transfers to the extent permitted under Indian law. If the Government of India restricts transfers to any jurisdiction, we will comply.

1. Our measures: encryption in transit and at rest; access controls and key management; secure coding and periodic reviews; fraud and abuse monitoring; incident response. If a cyber incident occurs, we will follow Indian reporting norms (including notifying authorities/users where required, and reporting to CERT-In without undue delay in line with current guidance) and take remedial steps.

2. Your measures:

• Keep your device, SIM, email account, and OTP codes secure.

• Immediately tell us via in-app support if you lose your phone, your device is stolen, your SIM/email is compromised, or you suspect unauthorised access.

• Use OS-level protections (screen lock, PIN/biometric).

• Understand that loss or theft of your device or compromise of your email/SIM can allow unauthorised access to your Smize account and messages. We are not responsible for losses arising from such external compromises beyond our reasonable control; however, we will help you secure your account once notified.

• Profile & account data: retained while your account is active. On account deletion, profile/account fields are deleted immediately except:

• Verification reference ID (from the ID partner): retained for up to 90 days for audit/abuse prevention.

• Records we must keep by law (e.g., transaction ledgers, tax, dispute logs).

• Messages: rolling retention of the last 250 messages per chat; older messages are purged.

• Media in chats: encrypted at rest; accessible only to participants; purged according to storage lifecycle policies consistent with the above message rule.

• Support tickets: all ticket conversations are deleted 45 days after the ticket is marked completed.

• Video verification: stored until you delete your account.

• Purchases/transactions & event attendance: retained for statutory accounting/tax periods and to resolve disputes/chargebacks.

• Diagnostics/analytics logs: retained only as long as necessary for operations, then deleted or anonymised.

• Deactivation: if you are inactive for 14 days, your account may be flagged as deactivated (not deleted). Logging back in re-activates it.

Where retention periods overlap with legal preservation needs (e.g., a reported incident or legal request), we may preserve specific records until the matter is resolved.

• Access/Correct: View and edit key profile fields in the App; raise a ticket to access/correct other data.

• Withdraw consent: Turn off features (e.g., Wingman, marketing) in settings; withdrawing consent is as easy as giving it.

• Deletion: You can delete your account in settings (note: you may need to clear pending event requests or disputes first). We will delete, retain, or anonymise data as described in Section I.

• Report & Appeal: Report users/content in-app. We acknowledge within 48 hours and aim to resolve within 15 days. If you are banned, you may appeal; a human will review.

• Grievance escalation: Email the Grievance Officer (details in contact section). You may also approach relevant statutory bodies/courts in India.

The User side of Smize is for adults only—eighteen (18) years and above. We do not knowingly process children’s data. If we learn a child is using Smize, we will block the account and take appropriate steps.

The App may contain links to third-party websites/apps. Their privacy practices are not governed by this Policy. Review their privacy notices before sharing your data. We are not responsible for losses arising from your use of external services. E.g., but not limited to Spotify Account Connect, Ad external links.

You must provide accurate information and keep it up to date, especially Date of Birth (for 18+ eligibility and event participation). We may request re-verification where we believe information is inaccurate or to protect the community.

• We may change, update, or replace this Policy at any time without prior notice, except where Indian law requires advance notice or consent.

• We will always publish the updated Policy in the App/website, update the “Effective date,” and, for material changes, provide a clear in-app notice (and/or email).

• If a change materially affects how we use your data or your rights, we will give prominent notice and, where required by law, seek your fresh consent before applying that change to you.

• Your choice: After we publish an update, you can review it and decide whether to continue. Using Smize on or after the new Effective date means you accept the updated Policy. If you do not agree, you may stop using Smize and delete your account at any time; we will then handle your data as described in the retention/deletion section.

• For transactions already in progress (e.g., an event you booked), the version in force at the time of that transaction may continue to apply where legally appropriate.

Entity/Controller (Data Fiduciary): ODD NINE, PL No. 71A, SR No. 16/2, Sukhsagar Nagar, Katraj, Pune, Maharashtra, 411046

Support: In-app ticketing for users; non-users may write to hello@smizedating.com

Grievance Officer & Data Protection Contact: Om Dahitule, omdahitule@oddnine.com, address as above

Governing Law & Forum: Laws of India; exclusive jurisdiction of Courts at Pune