Privacy Policy
Effective date: 27 November 2025 • Last updated: 27 November 2025 • Version: 1.0
Who we are (Controller)
SoulFirst is the data controller for the SoulFirst service.
Address: Stationsplein 45, 3013 AK Rotterdam, Netherlands
Privacy & Safety: SoulFirst.tech@gmail.com
Supervisory Authority (NL): Autoriteit Persoonsgegevens
1) Data We Collect
- Account & Profile: email, display name, age confirmation (18+), gender/preferences, city/region (optional), Lounge selection, Punchline, interests, settings.
- Verification: live-selfie (liveness/age check). This verification selfie is never visible to other users.
- Content & Activity: messages, likes, tokens/boost usage, unblur progress, reports/blocks, support interactions.
- Device & Usage: device/OS/app version, IP (approximate location), language, crash/error logs, cookies/SDK events, UTM parameters.
- Payments: purchase amount, tier, currency, timestamps. We receive tokens/receipts from payment processors, never full card numbers.
- Optional/with consent: surveys, beta feedback, marketing preferences.
Special category data (biometrics)
Verification may process facial geometry. We use it only for liveness/age/fraud prevention, only with explicit consent, and delete according to retention rules.
2) Why We Use Your Data (Legal Bases)
- Provide the Service (contract): accounts, chats/unblur, Lounges, purchases.
- Safety & integrity (legitimate interests and legal obligation): verification, fraud prevention, moderation, security logs.
- Improve & troubleshoot (legitimate interests): analytics, crash reports, feature measurement.
- Marketing (optional): product updates and early-access invites (consent where required).
- Compliance (legal obligation): tax/financial records, responding to legal requests.
- Biometrics (explicit consent): liveness/age checks only.
3) How We Share Data
We share data only with vendors who support the operation of SoulFirst:
Hosting/CDN, verification partners, payment processors, analytics/crash reporting, support/email services, fraud/security systems.
We do not sell personal data.
We never share your verification selfie with other users.
4) International Transfers
If data is transferred outside the EEA/UK, we use EU Standard Contractual Clauses (SCCs) and additional safeguards where required.
5) Retention
- Account & content: retained for the life of your account; deleted/anonymized within 30–90 days after deletion (backups may persist briefly).
- Verification (biometrics): deleted within 30 days after completion.
- Payments/financial records: up to 7 years (legal obligation).
- Safety logs/reports: retained as necessary for security, moderation or legal compliance.
6) Your Rights (GDPR)
You may request Access, Rectification, Erasure, Restriction, Object, Portability, or Withdraw consent.
You can submit requests via SoulFirst.tech@gmail.com. Identity verification may be required.
You may also file a complaint with the Autoriteit Persoonsgegevens.
7) Safety, Moderation & Reporting
SoulFirst uses automated and manual review to detect spam, abuse and safety risks.
For urgent concerns email SoulFirst.tech@gmail.com. We aim to review high‑priority reports within 24 hours (not guaranteed).
8) Children
SoulFirst is strictly 18+. We do not knowingly process data of minors.
9) Cookies & Tracking
We use cookies/SDKs for essential functions, security, analytics and product improvement.
Where required, we request consent.
10) Communications & Marketing
We send functional emails (account, security, receipts).
Marketing emails (if subscribed) can be opted out via settings or email footer.
11) Security
We apply encryption in transit, access controls, monitoring and other industry‑standard safeguards. No system is 100% secure.
12) Third‑Party Links & Plugins
External sites have their own privacy policies.
13) Changes to This Policy
We may update this Policy. Major changes will be notified in‑app or via email.
Contact
SoulFirst
Stationsplein 45, 3013 AK Rotterdam, Netherlands
Privacy & Safety: SoulFirst.tech@gmail.com