Soulfirst

Join The Beta

Soulfirst

Privacy Policy

Effective date: January 27, 2026 • Last updated: January 27, 2026 • Version: 1.2

  1. Introduction

    SoulFirst (“we”, “us”, “our”) respects your privacy and is committed to protecting personal data. This Privacy Policy explains how SoulFirst collects, uses, stores, transfers, and deletes personal data when you use the SoulFirst mobile application and related services (the “Service”).

    SoulFirst processes personal data in accordance with:
    • EU General Data Protection Regulation (GDPR),
    • UK GDPR (where applicable),
    • and Apple App Store Review Guidelines regarding privacy, tracking, and biometrics.

    By using SoulFirst, you agree to the terms of this Privacy Policy.

    2. Data Controller Information

    Data Controller:
    SoulFirst
    Stationsplein 45
    3013 AK Rotterdam
    The Netherlands

    Privacy Contact: SoulFirst.tech@gmail.com

    3. Categories of Personal Data We Collect

    We may collect and process the following categories of data:

    3.1 Account & Profile Information
    • email address
    • username or nickname
    • age confirmation (18+)
    • gender and preferences
    • city/region (optional)
    • interests, lounges, punchlines, bios
    • settings

    3.2 User Photos & Face Data
    • profile photos
    • optional selfie/liveness verification images

    We do not perform facial recognition matching and do not use photos for advertising or AI training.

    3.3 Biometric Geometry (Optional)

    If you choose to complete liveness/age verification, biometric geometry may be processed solely to:
    • verify age eligibility (18+),
    • detect spoof attempts,
    • prevent fraud,
    • confirm liveness.

    Verification selfies are never visible to other users.

    3.4 User Content & Interactions
    • messages
    • matches and likes
    • blur-to-reveal steps
    • token/boost usage
    • reports and blocks
    • support conversations

    3.5 Device & Usage Data
    • device type and OS
    • app version
    • IP address (approximate)
    • crash/error logs
    • product interaction events
    • app telemetry and SDK data

    3.6 Payment Data

    For subscriptions or tokens:
    • transaction timestamps
    • product tiers
    • currency and region

    We never receive full card numbers; these remain with payment processors.

    4. How We Use Photos, Face Data & Biometrics (Apple Compliant)

    To comply with Apple App Store Review Guidelines (including 5.1.1, 5.1.2, 5.1.5):

    4.1 Collection

    SoulFirst collects face photos only when:
    • you upload a profile photo; or
    • you optionally complete liveness/age verification.

    4.2 Purpose of Use

    Face photos and biometric geometry are used exclusively to:
    • display the user’s profile within the app,
    • enable the blur-to-reveal mechanic,
    • verify age and liveness,
    • prevent fake/spoofed accounts,
    • maintain platform safety.

    We do NOT use face/biometric data for:
    • facial recognition matching,
    • surveillance or tracking,
    • targeted advertising,
    • profiling,
    • AI/ML training.

    4.3 Storage

    Photos and verification data are stored securely using:
    • TLS encryption in transit,
    • encryption at rest,
    • secure cloud and/or verification providers.

    Verification selfies are not shared with other users.

    4.4 Retention

    Retention periods:
    • profile photos: retained until replaced or account deletion
    • verification images: retained only as long as necessary for verification and limited audit, then deleted within 30 days, unless legally required otherwise

    4.5 Deletion & User Control

    Users may at any time:
    ✔ delete or replace profile photos
    ✔ decline/skip verification
    ✔ request deletion of verification data
    ✔ delete their entire account

    Requests: SoulFirst.tech@gmail.com

    Verification data is removed from active systems and backup systems within 30 days, unless legally required otherwise.

    4.6 No Selling / No Unrelated Sharing

    SoulFirst does not sell, rent, broker, or transfer biometric or face data to:
    • advertising platforms
    • data brokers
    • analytics firms
    • unrelated third parties

    5. Lawful Bases for Processing (GDPR)

    We rely on the following lawful bases:
    Contract: operating accounts, messaging, purchases
    Legitimate Interests: fraud prevention, safety, security, analytics
    Legal Obligation: financial and tax compliance
    Consent: biometrics, marketing communications
    Consent may be withdrawn at any time.

    6. Why We Process Data (Purposes)

    We process data to:
    • operate the SoulFirst platform
    • show and match user profiles
    • enable blur-to-reveal experiences
    • ensure 18+ eligibility
    • prevent fraud and abuse
    • enable messaging and social interactions
    • process payments and subscriptions
    • provide support
    • comply with legal and regulatory duties

    7. Data Sharing

    We may share data with service providers who support the platform:
    • hosting and cloud providers
    • verification providers
    • analytics and crash reporting
    • payment processors
    • customer support tools
    • fraud and security services

    Face photos and verification selfies are never shared with other users.

    We do not sell personal data.

    8. International Data Transfers

    If data is transferred outside the EEA/UK, SoulFirst uses:
    • EU Standard Contractual Clauses (SCCs)
    • supplementary safeguards where required

    9. Retention Schedule
    • account & profile: retained for account life
    • profile photos: until removed by user
    • verification data: max 30 days
    • financial records: 7 years (legal)
    • logs/analytics: 12–24 months
    • safety logs: as required for compliance/security

    10. User Rights (GDPR)

    Users may request:
    • access,
    • rectification,
    • erasure,
    • restriction,
    • data portability,
    • objection,
    • consent withdrawal.

    Requests: SoulFirst.tech@gmail.com

    You may also contact your local supervisory authority.

    11. Age Restrictions

    SoulFirst is strictly 18+.
    We do not knowingly process data from minors.

    12. Cookies & Tracking

    We may use cookies and SDKs for:
    • essential app functions
    • security
    • authentication
    • analytics
    • product improvement

    Where required, we request consent.

    13. Marketing Communications

    We may send:
    • functional communications (security, receipts, account issues)
    • optional marketing (with opt-out)

    14. Security Measures

    We apply:
    • encryption (in transit & at rest),
    • access controls,
    • fraud detection,
    • liveness checks,
    • infrastructure monitoring.

    No system is 100% secure, but we apply industry-standard security practices.

    15. Third-Party Websites

    Links to external websites operate under their own privacy policies. We are not responsible for external privacy practices.

    16. Changes to This Policy

    We may update this Privacy Policy.
    The latest version will always be available in the app and on our website.

    17. Contact

    For privacy questions or requests:

    SoulFirst
    Stationsplein 45
    3013 AK Rotterdam
    The Netherlands
    Email: SoulFirst.tech@gmail.com