Him? - A Safe Space for Women to Date Smarter

Controller: Him Dating App Ltd.

1. What we collect

Account & profile: name/alias, email, age confirmation, preferences.

Content: posts, comments, tags/flags, alerts, limited metadata (timestamps, IDs).

Media: uploads first land in a private quarantine store; we run safety checks before publication.

Device/usage: IP, device/OS, app version, diagnostics, crash logs.

Payments: handled by Apple/Google; we receive tokens/receipts, not card numbers.

Identity verification (if enabled): we use a third‑party ID verification vendor; we receive a pass/fail token and minimal metadata. We do not store raw ID images unless required and then for the shortest possible period.

2. Why we process (legal bases)

Contract (Art. 6(1)(b)): provide the Platform.

Legitimate interests (Art. 6(1)(f)): safety; fraud prevention; analytics; product improvement.

Consent (Art. 6(1)(a)): optional features, marketing communications.

Legal obligation (Art. 6(1)(c)): Online Safety Act duties; IWF reporting for suspected CSAM.

Reference:www.ofcom.org.uk

3. Safety & moderation

We use hash‑matching (e.g., Microsoft PhotoDNA, IWF), automated content‑safety models (e.g., AWS Rekognition) and human moderation to detect illegal/harmful content. Confirmed CSAM is reported to the IWF; we may preserve minimal evidence as required by law.

Reference:www.ofcom.org.uk

4. Sharing

Processors: Supabase (hosting), cloud infrastructure providers, analytics, IDV vendor, email provider, only as necessary under DPAs.

Authorities: IWF, police, courts when legally required.

No sale of personal data.

5. International transfers

If we transfer data outside the UK/EEA, we rely on UK Addendum to SCCs, adequacy decisions, or other lawful mechanisms.

6. Security

Encryption in transit and at rest, private buckets with pre‑signed URLs, least‑privilege access, key rotation, WAF, rate limiting, logging/alerting, regular security reviews and third‑party pen‑tests. We do not rely on "screenshot blocking" for privacy; it is not a security control.

Reference:BBC News Feeds

7. Retention

We retain the minimum necessary and delete/anonymise when no longer needed. Verification artefacts (if any) are deleted on a short schedule unless we must preserve under a lawful request.

8. Your rights

Access, rectification, erasure, restriction, objection, portability, withdraw consent. You may complain to the ICO.

9. Breaches

If a personal‑data breach creates risk to individuals, we will notify the ICO within 72 hours (where feasible) and inform affected users without undue delay as required.

Reference:ICO

10. Children

18+ service only.

11. Changes

We will notify material changes.

Your Key Rights Under UK GDPR

Right to access your data

Right to rectification

Right to erasure

Right to restrict processing

Right to object

Right to data portability

Right to withdraw consent

Right to complain to ICO

Contact Us About Privacy

Privacy queries: [privacy@talkabouthim.uk]

General privacy questions and requests

Him? Privacy Policy