Darlivo — Privacy Policy

1. Introduction

Welcome to Darlivo (“Darlivo,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our global dating platform on Android, iOS, and web (the “App”). If you do not agree with this Policy, please do not use the App.

Scope: This policy applies to the Darlivo app, website, and related services. For additional safety details, see our CSAE Policy and Terms of Use.

2. Information we collect

2.1 Information you provide

Account registration: Name, email, phone number, date of birth, gender, profile photos, interests.
Profile & content: Bios, posts, stories, photos, videos, and content shared in chats, live rooms, and games.
Payments: Billing details and transaction history (e.g., coins, gifts, boosts, subscriptions) via providers such as PayPal, eSewa, or Khalti.

2.2 Usage & analytics

App activity: Screens viewed, features used, searches, clicks, session length.
Interactions: Messages, calls, gifts sent/received, wallet movements, leaderboards.
Device & diagnostics: IP address, device model, OS version, identifiers, mobile network, crash logs.

2.3 Third-party tools

Firebase / Supabase: Realtime, storage, analytics, and logging.
LiveKit / Jitsi: Voice/video connectivity diagnostics for calls and streams.
Payment processors: Billing, fraud checks, and settlements under their policies.
Advertising & measurement (web): We may use services such as Google Ads/AdSense and tag managers on the website for reach and analytics.

3. Face Data & Biometric Information

3.1 What we collect

When you choose to verify your profile, we collect a one-time selfie image and, during verification, a short liveness video clip (3–5 seconds) and related capture metadata (e.g., timestamp, device type). We do not collect or store face geometry, faceprints, or persistent biometric templates. Any similarity or liveness scores are computed transiently and are not retained.

3.2 How we use face data

Account verification & safety: Confirm that a real person is creating/using the account and display a “Verified” badge.
Trust & abuse prevention: Prevent impersonation, duplicate accounts, and spam; re-verify on unusual activity.
Support & disputes: Resolve verification disputes and support safety reviews.
Never for ads or tracking: We do not use face data for advertising, profiling, or cross-app tracking, and we do not sell face data.

3.3 Sharing & service providers

We do not sell or otherwise share face data with third parties. We may provide access to vetted service providers acting on our instructions and on our behalf (e.g., cloud hosting and storage). These providers are bound by contractual and technical safeguards and may not use face data for their own purposes. Face data may be hosted in the Supabase project region we selected, currently Singapore (ap-southeast-1).

3.4 Retention & deletion

Raw verification media (selfies/liveness clips): Retained only for the time necessary to complete verification and for audit/security purposes, and deleted within 30 days after the verification decision or upon account deletion, whichever occurs first.
Verification outcomes (badge status/timestamps): Retained with your account while it is active and deleted within 30 days after account deletion.
Fraud/abuse exceptions: Where legally required or for active fraud investigations, limited items may be retained for up to 12 months before permanent deletion.

3.5 Your choices & requests

You may decline verification; however, some features may require a verified profile. You can request access to or deletion of your face data at any time by contacting us at [email protected]. If you delete your account, we delete associated face data as described above.

3.6 Technology clarification

The app uses the device camera for capture and does not use Apple’s TrueDepth or Face ID APIs to collect or store face geometry.

4. How we use information

Provide & operate: Authentication, profiles, chats, streams, calls, games, purchases.
Personalize: Recommendations for matches, content, boosts, and gifts.
Communicate: Transactional messages, customer support, and—where permitted—marketing.
Safety & integrity: Moderation, abuse prevention, spam detection, and policy enforcement.
Analytics & improvements: Performance, feature usage, research, and debugging.

5. Legal bases for processing (GDPR)

Consent: For optional features and marketing where required (including face verification).
Contract: To deliver the services you request (e.g., account, purchases).
Legitimate interests: Safety, fraud prevention, analytics, and improvement (balanced against your rights).
Legal obligation: To comply with laws and lawful requests.

6. Sharing & disclosures

Service providers: Hosting, analytics, payments, communications, support.
Business partners: With your choice to join co-branded activities or promotions.
Legal & safety: To comply with law, protect rights, or prevent harm.
Corporate transactions: In mergers, acquisitions, or reorganizations, subject to safeguards.

7. Data retention

Active accounts: Retained while necessary to provide services.
Inactive accounts: Accounts with no login for 24 months may be deleted or anonymized unless a longer period is required by law.
Transactions: Billing records are typically retained for at least 7 years for tax and compliance.

8. Your privacy rights

Depending on your location, you may have rights to access, portability, rectification, deletion, restriction, objection, and to withdraw consent (e.g., for marketing). You may also lodge a complaint with a data protection authority.

To exercise your rights, contact [email protected]. If you are a California resident, you may request information about our data practices and opt out of certain sharing as applicable to the web experience.

9. Security

We use administrative, technical, and physical safeguards to protect information, including:

Encryption: HTTPS/TLS and encryption of key data where applicable.
Access controls: Role-based access and multi-factor authentication for staff tools.
Testing & reviews: Security assessments, logging, and vulnerability management.

No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10. Children’s privacy

Darlivo is for users 18+. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us and we will delete it promptly.

11. International data transfers

Your data may be processed in countries outside your residence. Where required, we use lawful transfer mechanisms such as Standard Contractual Clauses and adequacy decisions.

12. Cookies & tracking technologies

On the web, we may use cookies, SDKs, and similar technologies to operate, measure, and improve the service.

Essential: Sign-in and security.
Preferences: Language, theme, and settings.
Analytics: Usage measurement and diagnostics.
Advertising (site only): Ad delivery and reach.

You can manage cookies in your browser settings. Some features may not work if certain cookies are disabled.

13. Third-party links

Our App and website may link to third-party services. Their privacy practices are governed by their own policies. Review those policies before sharing information.

14. Changes to this policy

We may update this Privacy Policy to reflect changes in practices or law.
Material updates will be posted here with a new effective date and, where appropriate, notice in-app or by email.
Your continued use after updates constitutes acceptance.

15. Contact

Darlivo Privacy Team
Email: [email protected]
Address: Kathmandu, Nepal

16. Key definitions

“Personal data” means information that identifies or can reasonably be linked to a person.
“Processing” means operations performed on personal data (e.g., collecting, storing, using, sharing).
“Service providers” are vendors that process data on our behalf under contract.