Privacy Policy

Privacy-first infrastructure for every Dahlia match.

Your identity, biometrics, and chat history stay protected behind layered encryption, regional compliance controls, and transparent user controls.

Effective date Nov 2, 2025
Last updated Nov 2, 2025
Privacy inbox privacy@dahlia.app
Data we collect Biometric consent Exercise your rights

Biometric guardrails

Faceprints exist only to fight fraud and are isolated from advertising or recommendation systems.

Review biometric handling →

User rights

Download, correct, or delete your data with GDPR, CCPA, and regional response windows.

Jump to your controls →

Effective Date: November 2, 2025

Dahlia Mobile Application Privacy Policy

This Privacy Policy explains how Dahlia (the “App,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal information. By using our App, you explicitly consent to the collection, use, and disclosure of your personal information, including sensitive and biometric data, as described in this policy.

1. Personal Data Collected

We collect the following categories of data directly from you:

Category of Personal Information Specific Data Elements Collected
Identity & Contact Data Name, Email Address, Date of Birth, Gender, Sexual Orientation, Mobile Phone Number.
Profile & Preference Data Text provided for your profile description, interests, match preferences (age, distance, etc.).
Sensitive Personal Data (Explicit Consent Required) Information regarding your sexual orientation and potentially your racial or ethnic origin (if volunteered).
Usage & Interaction Data Logs of your swipes, matches, chat messages, feature usage, and purchase history.
Geolocation Data Precise location data (via GPS) to enable matching, with your explicit permission.

2. Mandatory Biometric Data and Image Verification

This section outlines the mandatory collection and processing of your Biometric Data, which is a “Special Category of Personal Data” under the GDPR. Use of the App is conditional upon your explicit consent to this processing.

2.A Biometric Data Collection

Data Category Purpose of Collection Legal Basis
Facial Geometry / Faceprint (Biometric Data) Extracted from your live video selfie and compared against your profile photos to verify that you are the person in the photos and to prevent fraud. Explicit Consent (GDPR Article 9(2)(a)) and Contractual Necessity (providing a secure service).
Uploaded Photos & Video Used for the creation of the facial geometry template and for screening against prohibited content (e.g., nudity, deepfakes). Explicit Consent and Contractual Necessity.

2.B Biometric Data Retention and Destruction

We retain your facial geometry template only for as long as your account is active to maintain continuous profile verification. We securely delete and destroy your Biometric Data within thirty (30) days of your account closure.

3. Behavioral Monitoring and Public Ranking (Profiling)

We use Artificial Intelligence (AI) to monitor all user interactions and create a Behavioral Trust Score (BTS) for every user. This score is a form of profiling that has a significant effect on your visibility and matching opportunities on the platform.

3.A How the Behavioral Trust Score (BTS) Affects You

  • Public Display: Your BTS (displayed as a numerical score or a trust badge) will be visible to other users on your profile.
  • Ranking & Matching: The BTS is the primary algorithm factor used to rank your profile in other users' discovery feeds. A lower BTS will directly result in lower visibility and fewer match opportunities.

3.B Legal Basis for Automated Decision-Making (GDPR Article 22)

The determination of your BTS, and the resulting public display and ranking effect, constitutes Automated Decision-Making with a similarly significant effect on your access to our services. We base this processing on the following conditions:

  1. Contractual Necessity (GDPR Art. 22(2)(a)): The BTS is a fundamental component of the Dahlia service, required to fulfill our contract with you (Terms of Service) by delivering a curated, high-trust user environment.
  2. Explicit Consent (GDPR Art. 22(2)(c)): By accepting this Privacy Policy and the Terms of Service, you provide Explicit Consent to the automated processing and profiling that generates your BTS and affects your ranking.

3.C Right to Human Review and Inactivity Monitoring

  • Bad Rank Change Notification and Review: If your Behavioral Trust Score (BTS) drops by a significant, pre-defined margin, you will immediately receive a direct in-app message notification informing you of the rank change. This message will include an easy, one-click option to “Request Human Review” by our Trust & Safety Team.
  • Inactivity Monitoring: Our AI constantly monitors your app access and engagement. If your account is deemed inactive (e.g., no logins for 30 consecutive days), your profile will be automatically hidden from all discovery feeds to ensure active users are shown only active matches.

4. User Rights and Control

You have the following rights over your personal data:

Right Description How to Exercise
Right to Access You can request a copy of the personal information we hold about you. Via the “Download My Data” tool in Settings.
Right to Rectification You can correct or complete inaccurate personal data. Directly via your Profile Settings.
Right to Erasure (“Right to be Forgotten”) You can request we delete your personal data. This will result in account closure. Via the “Delete Account” button in Settings.
Right to Withdraw Consent You can withdraw consent for any processing based on consent (including for Biometric Data). Note: Withdrawing consent for mandatory data will require account termination. Contacting us via the details in Section 7.
Right to Human Review You have the right to request a manual review of any major negative change in your BTS. By clicking the “Request Human Review” link in the in-app rank change notification.

5. Data Sharing and Disclosure

We do not sell or share your personal data (including Sensitive Personal Information or Biometric Data) to third parties for monetary consideration or cross-context behavioral advertising.

We may share your data with the following categories of recipients:

  • Service Providers: Third-party vendors who provide services on our behalf (e.g., cloud hosting, payment processing, fraud detection, analytics). These providers are contractually prohibited from using your data for any purpose other than providing services to us.
  • Other Users: Your profile information, photos, approximate location, and Behavioral Trust Score (BTS) are shared with other users to facilitate matching.
  • Legal & Safety: To comply with legal obligations (subpoenas, court orders), or to protect the vital interests, safety, and security of Dahlia, our users, or the public.

6. Data Retention & Deletion

  • Profile & match data: Retained while your account is active and up to 24 months after deletion for fraud prevention, accounting, and legal obligations.
  • Biometric templates: Destroyed immediately after verification completes or within 24 hours of account deletion, whichever occurs first.
  • Chats & moderation records: Stored for 36 months so we can investigate safety complaints and comply with lawful requests.

You may request deletion in the app or by emailing privacy@dahlia.app. Verified requests are processed within 30 days (or faster if required by law) and we will confirm when complete.

7. International Transfers & Vendors

We operate from the United States and use processors such as Google Cloud Platform, Firebase, Stripe, and Sentry. When personal data leaves your region, we rely on Standard Contractual Clauses, intragroup agreements, and vendor audits (e.g., SOC 2, ISO 27001) to ensure equivalent safeguards.

8. Automated Decision-Making & Human Review

The Behavioral Trust Score (BTS) and fraud systems influence match visibility, queue placement, and account status. Inputs include verification status, responsiveness, safety reports, and ghost/unmatch rates. You can request a manual review of BTS outcomes or moderation actions by contacting appeals@dahlia.app; we will share meaningful information about the logic involved and issue a human determination.

9. Cookies, SDKs, and Analytics

We use:

  • Google Analytics 4 (Measurement ID: G-YG5C019YE8): Tracks web usage and marketing attribution.
  • Firebase SDKs: Provide crash reporting, push messaging, and experiments inside the mobile apps.
  • Stripe/App Store receipts: Enable payments, fraud prevention, and tax compliance.

You can disable cookies via browser settings, reset advertising IDs on mobile, or adjust analytics opt-outs under Settings → Privacy.

10. Children’s Privacy

Dahlia is for adults 18+ only. We do not knowingly collect information from minors. If we learn we hold data about someone under 18, we delete it and revoke access.

11. Security & Incident Response

Safeguards include TLS encryption, database encryption at rest, least-privilege access, employee background checks, and continuous vulnerability scanning. If a breach compromises your information, we will notify you and regulators without undue delay, outlining remediation steps.

12. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you through the App or by email before the change becomes effective. Your continued use of the App after the effective date of the revised policy constitutes your acceptance of the terms.

13. Contact & Regional Representatives

If you have any questions about this Privacy Policy, your rights, or our data handling practices, please contact us:

Dahlia Dating Technologies, Inc.
500 2nd Street, San Francisco, CA 94107
Email: privacy@dahlia.app
EU/UK Representative: GDPR Agents Ltd., 160 City Road, London EC1V 2NX, United Kingdom