Privacy Policy — Tangled

Overview

We value your privacy. This Policy describes the personal data we collect about you when you use Tangled, why we collect it, how we use and share it, and the rights and choices available to you.

At a glance
Controller	Tangled ("we", "us") — operator of tangled.app and our mobile applications.
Scope	This Policy covers our websites, apps, and services that link to it.
Legal bases	Consent, contract necessity, legitimate interests, compliance with legal obligations (see Legal bases).
Contact	Use in‑app Help or our website form. For privacy requests, see Your rights.

This overview is a summary and does not replace the full details below.

TL;DR (Key Points)

We collect account, profile, usage, and purchase data to run Tangled.
Your messages are not shared with advertisers. We don’t sell personal information.
You control visibility, notifications, and can export or delete your data.
Safety tooling (reports, blocks, anti‑abuse) protects the community.
Regional rights (EEA/UK, India, California) are available—see Regional Addenda.

This is a high‑level summary. For details, continue below or jump to Glossary.

Data We Collect

Data you provide

Account details (e.g., name, email, phone, date of birth, gender, preferences).
Profile content (bio, photos, interests, hometown, and other optional fields).
User content and actions (likes, matches, messages, reports, feedback).
Purchases (plan, transaction identifiers; note: app‑store payments are processed by Apple/Google).
Support communications and identity verification information where applicable.

Data collected automatically

Usage and device information (app version, device model/OS, language, crash logs, diagnostics).
Log and interaction data (pages/screens viewed, features used, session timestamps).
Approximate location (from IP or device settings, with your permissions).
Cookies and similar technologies on web (see Cookies & Tracking).

Data from others

App stores, payment processors, analytics/security providers.
Reports from other users (e.g., safety or policy violations).
Partners and service providers, where allowed by law.

Optional device permissions

With your permission, the app may access certain device features to enable functionality. You can change these anytime in your device settings.

Permission	Purpose	Control
Location	Show nearby profiles and improve relevance. We use approximate location by default; precise location only when you enable it.	Device settings > App permissions
Camera / Photos	Let you take/upload profile photos and verify identity where offered.	Device settings > App permissions
Notifications	Send alerts about matches, messages, and account activity.	In‑app: Settings > Notifications
Contacts (optional)	Help you find people you may know (feature off by default and processed per this Policy).	Device settings > App permissions

Sensitive data we do not seek

We do not ask you to provide sensitive categories such as government identifiers, financial account numbers, health records, or biometric templates for advertising. If you choose to share sensitive information in your profile or messages, you do so at your own discretion and subject to this Policy.

How We Use Your Data

Purpose	Examples
Provide and operate the Service	Create/maintain your account and profile; deliver core features like discovery, likes, matches, messages.
Personalise and improve	Recommend profiles; adjust features; measure performance; fix bugs and prevent crashes.
Safety, moderation, and integrity	Detect, investigate, and prevent fraud, spam, abuse, and violations of our policies.
Payments and subscriptions	Process purchases; manage entitlements; handle refunds per channel policies.
Communications	Respond to support requests; send service messages (e.g., security, policy changes).
Marketing (with controls)	Send optional tips, offers, and updates you can opt out of anytime.
Legal and compliance	Comply with law, enforce terms, and protect our users and our rights.

Data Sharing

Service providers who help us operate (hosting, analytics, security, support). They are bound by contracts to protect your data.
Payment processors and app stores for purchases, billing, and refunds.
Safety and legal — to comply with law, respond to lawful requests, or protect users and the Service.
Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We do not sell your personal information. We also do not share your messages with advertisers.

Legal Bases (EEA/UK where applicable)

Contract

To provide requested services (account, matching, messaging, purchases).

Consent

For things like push notifications, precise location, marketing emails, or optional analytics when required.

Legitimate interests

To keep the service safe and useful (e.g., anti‑fraud, product improvement) while balancing your rights.

Legal obligation

For tax, accounting, and compliance record‑keeping.

Consent standards: Where processing relies on consent (for example, analytics or marketing on web), consent must be freely given, specific, informed, and signified by an unambiguous affirmative action (no pre‑ticked boxes). You may withdraw consent at any time via settings or by contacting us; withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Cookies & Tracking

We use cookies and similar technologies to improve and secure our Service, measure usage, and remember preferences. For detailed information about our use of cookies and how to manage them, please see our Cookies Policy.

Just‑in‑time Notices

When an action involves new or sensitive data, we present a concise prompt explaining what’s collected and why (e.g., enabling precise location, uploading a face photo for verification, opting into marketing emails). You’ll be able to accept, reject, or change settings later.

Location: A popup explains uses (nearby relevance) before enabling precise location.
Camera/Photos: A prompt clarifies photo use and visibility before upload.
Marketing: Opt‑in checkboxes and unsubscribe links are provided.

These notices are part of our layered privacy approach and do not replace the full Policy.

International Transfers

Your data may be processed in countries other than your own. Where we transfer personal data internationally, we use recognised safeguards (for example, standard contractual clauses, adequacy decisions, consent, or other mechanisms prescribed by law) and take steps to protect your information consistent with this Policy.

Data Retention

We keep personal data only as long as necessary for the purposes set out in this Policy, including providing the Service, complying with legal obligations, resolving disputes, and enforcing agreements.

Account data — kept while your account is active and for a reasonable period after deletion for fraud prevention and dispute resolution.
Messages and interactions — retained per our operational needs and safety obligations.
Billing records — retained per tax and accounting laws.

We retain personal data only for as long as necessary for the purposes described, or as required by law. When no longer needed, we delete or de‑identify data in line with our retention schedule. You may request deletion as described in Your Rights, subject to legal and safety obligations.

Retention Schedule (Summary)

Data	Default Retention	Notes
Account & profile	Active account + grace period	Short grace window for recovery; then deletion or anonymisation.
Messages	Operational need	Retained to support safety, abuse investigations, and product functionality.
Logs/diagnostics	Rolling window	Used to improve reliability and detect issues; older data aggregated or deleted.
Billing/records	Per law	Tax and accounting laws may require longer retention.
Reports/appeals	Per safety/legal	Kept as needed to ensure platform integrity and legal compliance.

Data Security

We use administrative, technical, and organisational measures designed to protect your information. No system is 100% secure; you are responsible for maintaining the secrecy of your credentials and for using in‑app safety features.

Children

The Service is intended for adults (18+). We do not knowingly collect personal data from children. Where applicable law requires parental involvement, we will obtain verifiable parental or guardian consent before processing a child’s data. We do not engage in behavioural advertising directed to children.

Marketing Choices

Opt out of marketing emails via the unsubscribe link or in settings.
Control push notifications via device settings or in‑app controls.
Manage cookies via browser settings (see Cookies & Tracking).

Your Rights

Depending on your location, you may have rights to access, correct, delete, or transfer your data, and to object to or restrict certain processing. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Right	What it means
Access	Request a copy of your personal data.
Rectification	Ask us to fix inaccurate or incomplete data.
Deletion	Request deletion subject to legal and safety exceptions.
Portability	Receive your data in a portable format where applicable.
Objection/Restriction	Object to or limit processing in certain circumstances.
Withdraw consent	Where processing is based on consent, you can withdraw it at any time.

To exercise rights, use in‑app Help or the website form. We may request information to verify your identity.

Data Categories & Uses (Matrix)

Category	Examples	Primary Uses	Legal Bases	Typical Retention
Account	Name, email, phone, DOB	Log in, age gating, security	Contract; Legitimate interests	Life of account + a limited period
Profile	Bio, photos, interests, hometown	Discovery, matches, user experience	Contract; Consent (where required)	Until removed or account deletion
Usage	Events, diagnostics, device	Improve features, reliability, safety	Legitimate interests	Rolling windows per ops needs
Payments	Transaction IDs, plan	Billing, entitlements, refunds	Contract; Legal obligation	As required by tax/accounting law
Safety	Reports, blocks, risk signals	Moderation, fraud/abuse prevention	Legitimate interests; Legal obligation	Per safety/legal requirements
Comms	Support emails, tickets	Customer support, service notices	Contract; Legitimate interests	Operational windows

Automated Decisions

We use automated systems to support features like discovery and safety. We also use manual review, particularly for safety and moderation. You can contact us if you have questions about how automation affects your experience.

Do Not Track & Signals

Your browser may send Do Not Track or similar signals. Because there is no common industry standard, we do not respond to DNT signals. Where applicable laws recognise Global Privacy Control (GPC) signals, we will honour them for relevant processing, particularly for restricting sale/sharing or targeted advertising as defined by applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide reasonable notice as required by law. Your continued use of the Service after changes take effect constitutes acceptance.

Contact

In‑app: Use the Help option from settings.
Web form: Submit a request via our website’s support page.
Legal notices: Include your name, registered email, and relevant order IDs. Mark as “Privacy Request”.

We aim to acknowledge most privacy requests within a reasonable timeframe; response times may vary.

Your Controls & In‑App Settings

Profile visibility: Choose what to show on your profile; edit or remove information anytime.
Discovery preferences: Adjust distance, age, interests, and other filters.
Safety & blocking: Report, mute, or block accounts. Reports include metadata needed to investigate.
Notifications: Manage push, email, and in‑app alerts.
Data choices: Access export/download tools (where available) and request deletion.

Exact menu names may vary across platforms and versions.

Account Deletion & Data Export

Delete: Go to Settings > Account and choose Delete account. This begins a staged deletion process. Some limited data may be retained for fraud prevention, safety, or legal requirements (see Data Retention).
Export: Where available, request a copy of your data via Settings > Privacy or by contacting us through Help.
Recovery period: We may keep a short grace period before permanent deletion to allow recovery if the request was accidental.

Data Protection & Security Practices

Encryption in transit for data exchanged with our servers.
Access controls and least‑privilege policies for staff with audited access.
Segregation of production and test environments; no use of production message content for public demos.
Routine backups and continuity planning.
Vulnerability management, logging, and monitoring to detect abuse.

While we take appropriate measures, no method of transmission or storage is completely secure.

Data Breach & Notifications

In the event of a data incident affecting your personal information, we will investigate and notify you and/or regulators as required by applicable law, including information about steps you can take to protect yourself.

Law Enforcement & Legal Requests

We review requests for user information to ensure they comply with applicable law. We require a valid legal process (e.g., court order, subpoena) unless we have a good‑faith belief that disclosure is necessary to prevent imminent harm. We may challenge requests we believe are overbroad or inappropriate.

Business Customers & Data Processing Addendum

If you use Tangled for business purposes under a separate agreement, our Data Processing Addendum (DPA) may apply to our handling of personal data as a processor on your behalf. The DPA includes subject matter, duration, nature and purpose of processing, types of personal data and categories of data subjects, and processor obligations.

Where there is a conflict between this Policy and a signed DPA, the DPA governs for processor activities.

Third‑Party Partners (Categories)

Category	Examples of use
Hosting & infrastructure	Run our apps and store data reliably.
Analytics & diagnostics	Understand feature usage, crash reports, performance.
Security & fraud prevention	Detect suspicious activity and protect accounts.
Payments & app stores	Process transactions, manage subscriptions, handle refunds.
Customer support tools	Manage tickets and respond to your requests.
Marketing (opt‑in)	Send optional tips and offers subject to your settings and consent where required.

We contractually require service providers to protect personal data and use it only for the services we request.

Sub‑processors & Partners (Expanded)

We work with reputable providers to deliver the Service. Below are typical categories and example functions. A detailed, occasionally updated list may be provided in‑app or on our website.

Category	Example Functions	Data Types
Cloud hosting	Compute, storage, content delivery	All data necessary to operate the Service
Analytics	Performance, feature usage	Usage/diagnostics; limited identifiers
Security	Abuse detection, anti‑spam	Risk signals, IP, device data
Payments	Transactions, subscriptions	Order/transaction identifiers
Support	Ticketing, communications	Contact details, ticket content
Marketing (opt‑in)	Email delivery, analytics	Email, engagement metrics

All providers are bound by contracts to use data only for the requested services and to implement appropriate safeguards.

Regional Addenda

India

For users in India, we process personal data consistent with the Digital Personal Data Protection Act, 2023 and rules made thereunder, as applicable. You may use our grievance channels listed in Contact. We will address verifiable requests within reasonable timelines.

EEA/UK

Where EU/UK data protection laws apply, see Legal Bases and Your Rights. You may also have the right to lodge a complaint with your local supervisory authority.

California

California residents may have rights under the CCPA/CPRA, including to know, delete, correct, and opt out of certain sharing. We do not sell personal information. Use the channels in Your Rights to submit a verifiable request.

Governance, Contacts & Representatives

Data Protection Officer (DPO): Contact available via in‑app Help or privacy web form (subject: “DPO”).
Email (privacy): privacy@tangled.app
Email (grievance): grievance@tangled.app
India Grievance Officer: Available via in‑app Help or privacy web form (subject: “Grievance”). We aim to acknowledge within statutory timelines.
EEA/UK Representative: If applicable, details will be provided in‑app or on our website.

We may update representative information over time; the latest details will be reflected in‑app or on our website.

Definitions & Glossary

Personal data: Information that identifies or can reasonably be linked to an identified or identifiable person.
Processing: Any operation performed on personal data, such as collection, storage, use, sharing, or deletion.
Controller: The entity that determines the purposes and means of processing personal data.
Service: Tangled’s websites, mobile apps, and related services.

Data Minimisation & Storage Principles

Purpose limitation: We only collect data necessary for discovery, matching, messaging, safety, and payments.
Minimisation: Optional fields are clearly marked. You can remove most profile fields at any time.
Pseudonymisation & aggregation: Where feasible, we replace direct identifiers with tokens and analyse trends on aggregated data.
Access limitation: Role‑based access; least‑privilege by default; audited admin actions.
Storage location: Hosted in reputable cloud regions with appropriate safeguards and failover design.

Cross‑Border Compliance

Where personal data is transferred internationally, we use recognised safeguards and comply with local laws.

Region	Safeguards	Notes
EEA/UK	Standard Contractual Clauses (SCCs) and supplementary measures	Vendor diligence and risk assessments are part of onboarding.
India	Transfers aligned with the Digital Personal Data Protection Act, 2023, as applicable	We review government guidance and apply required approvals where applicable.
Other	Contractual protections and technical/organisational controls	We assess laws and practices of destination countries.

AI, Recommendations & Profiling

We use automated systems to rank, recommend, and keep the platform safe. These systems analyse profile attributes, interactions, and signals to improve relevance and reduce harmful content.

Matching & discovery: Ranking models sort potential matches based on your preferences and signals.
Safety: Models and rules flag risky content or behaviour for review; human moderation is used where appropriate.
Your choices: You can change discovery preferences and report unwanted content to influence future results.
Transparency: Contact us if you have questions about how these systems influence your experience.

Account Recovery, Backups & Archival

Recovery window: Limited grace periods may allow restoring an account after deletion is requested.
Backups: Encrypted backups exist to ensure continuity; restore operations follow strict access controls.
Logs: Operational logs and security records are kept for reliability and abuse detection within rolling windows.
Irreversibility: After grace periods and backup cycles complete, deleted content is not expected to be recoverable.

User‑Generated Content

Ownership: You retain rights to content you submit, subject to our Terms.
Visibility: Profile fields and photos you choose to make public may be visible to other users as designed.
Prohibited content: Content that violates our guidelines may be restricted, removed, or escalated.
Safety actions: Reports and moderation may require us to preserve related data while an investigation is ongoing.

Record of Processing & Audits

We maintain internal records describing categories of data, processing purposes, recipients, retention, and security measures. We periodically review access, configurations, and vendor controls as part of our risk management programme.