Privacy Policy

Effective date: [EFFECTIVE DATE]

This Privacy Policy explains how Eros App AI (“Eros”, “we”, “us”, “our”) collects, uses, and shares personal data when you use the Eros mobile app or visit our website at erosapp.ai (together, the “Service”). It is written to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable privacy laws.

If anything in this policy is unclear, write to us at privacy@erosapp.ai and we will explain.

1. Who we are

Eros App AI is the controller of the personal data described in this policy. The Service is operated from the Netherlands. We do not currently have a registered legal entity; once we incorporate, this section will be updated to name the operating entity, its registered address, and any EU representative appointed under Article 27 of the GDPR.

Contact for privacy questions: privacy@erosapp.ai

2. What data we collect

We collect only the data we need to operate the Service. The categories below match the actions you take in the app.

2.1 Account registration

Email address
Phone number (verified via SMS during onboarding)
Password (hashed; we never see the plain text)
Sign-in provider identifier (if you sign in with Apple or Google)
Date of birth (to verify you are 18 or older)

2.2 Profile content

Display name and a short bio
Photos you upload to your profile
Answers you give in our questionnaire (values, lifestyle, what you are looking for)
Priorities you assign to each questionnaire dimension

2.3 Location

Approximate location (city level), derived either from a coordinate you share once at onboarding or from a city you type in. We do not collect a continuous GPS feed and we do not track your movement in the background.

2.4 Device and technical data

Device model, operating system version, and app version (for crash and compatibility diagnostics)
IP address (used at the moment of the request; see Section 4 for retention)
Push notification token (so we can send notifications you have opted in to)
Crash diagnostics (stack traces, breadcrumbs, captured by our error reporting provider; see Section 5)

2.5 Usage data

Matches you receive, accept, reject, and message
Conversation activity (timer state, date proposals, content of messages)
Photo reveal events (whether you chose to reveal a photo on a match)
In-app moderation actions (reports you make, reports made against you)

2.6 Payment data

We do not collect or store payment card details. Subscriptions are billed by Apple (App Store) or Google (Play Store), and we receive a subscription identifier and entitlement status from our subscription management provider. See Section 5 for the sub-processor.

2.7 Waitlist (website only)

Email address you submit on erosapp.ai
A SHA-256 hash of your IP address combined with a private salt (so we can count unique signups for abuse detection without retaining the raw IP)
The user-agent string of the browser used to sign up
The source page within our site (currently always “landing”)

3. Why we collect it (legal bases)

We rely on the following legal bases under Article 6 of the GDPR:

Performance of a contract (Article 6(1)(b)) — to operate the Service, match you with other people, deliver messages, process subscriptions, and honour your account preferences. Without this data the Service cannot function.
Legitimate interests (Article 6(1)(f)) — to detect and prevent abuse, enforce our Terms of Service, secure our infrastructure, debug crashes, and improve safety. Our interest is balanced against your privacy: we minimise what we collect and never use this data for advertising or profiling.
Consent (Article 6(1)(a)) — for purposes that require an explicit choice from you. These include push notifications, precise location at onboarding, and your photos being processed for automated content moderation. You can withdraw consent at any time in the app’s settings, and withdrawal does not affect processing that already happened.
Legal obligation (Article 6(1)(c)) — when we must process data to comply with a court order, a regulator’s request, or applicable tax or consumer-protection rules.

For sensitive data such as photos (which can reveal ethnicity or religious practice) we additionally rely on your explicit consent under Article 9(2)(a).

4. How long we keep it

We keep personal data only for as long as it is needed.

Category	Retention
Active account	While your account exists
Account deletion (you delete)	30-day soft-delete window during which you can recover the account, followed by hard deletion
Account suspension (we suspend)	12 months after suspension, then hard deletion unless an investigation is open or law requires longer
Match and conversation records	Tied to the active account lifetime; deleted with the account
Crash diagnostics	90 days
Server logs (including raw IPs)	30 days
Hashed waitlist IP	Up to 12 months from signup, then deleted
Payment / subscription identifiers	While the subscription is active and for the period required by tax law (typically 7 years in the Netherlands)

When we delete data, we remove it from production databases and from operational backups within 90 days. Encrypted point-in-time snapshots may linger for a short period as part of routine disaster-recovery rotation; we do not restore deleted accounts from those snapshots.

5. Sub-processors

We use the following third-party processors to deliver parts of the Service. Each of them is bound by a Data Processing Agreement that requires them to act only on our instructions and to maintain appropriate security.

Sub-processor	What we share	Where they process	Why
Amazon Web Services (AWS) — S3	Your uploaded photos	Stockholm, Sweden (eu-north-1)	Photo storage
Amazon Web Services (AWS) — Rekognition	Your uploaded photos (only at the moment of upload)	Stockholm, Sweden (eu-north-1)	Automated moderation (detecting prohibited content)
Anthropic	Anonymised, aggregated questionnaire snippets and match-pair traits (no name, no photo, no contact info)	United States	Generating the short narrative shown on a match
Twilio	Phone number and a one-time verification code	United States and EU	SMS verification at signup
RevenueCat	An anonymised user identifier and your subscription identifier	United States	Managing subscriptions across Apple and Google
Sentry	Crash stack traces, breadcrumbs, device identifiers	EU (Frankfurt)	Crash reporting and error monitoring
Expo Application Services (Push)	Your push notification token and the notification payload	United States	Delivering push notifications
Apple — Sign in with Apple	Authentication exchange (handled by Apple)	Global Apple infrastructure	Federated sign-in option
Google — Sign in with Google	Authentication exchange (handled by Google)	Global Google infrastructure	Federated sign-in option
Cloudflare	Website traffic metadata (used by Cloudflare’s privacy-preserving analytics), the encrypted waitlist row, and a hashed IP	Global Cloudflare network, with the D1 database held in the EU when available	Hosting erosapp.ai, serving the waitlist endpoint, DDoS protection

We may add or change sub-processors over time. We will update this list and, where the change materially affects you, notify you in-app or by email before the change takes effect.

6. International transfers

Some of our sub-processors are headquartered in the United States. When your data is transferred outside the European Economic Area (EEA), we rely on the European Commission’s Standard Contractual Clauses (the 2021 modules) and on the recipient’s certification under the EU–US Data Privacy Framework where applicable. We do not transfer personal data to jurisdictions without an adequacy decision or appropriate safeguards.

If you would like a copy of the safeguards in place for a specific sub-processor, write to privacy@erosapp.ai.

7. Your rights

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with comparable rules, you have the following rights:

Access (Article 15) — ask for a copy of the personal data we hold about you.
Rectification (Article 16) — ask us to correct inaccurate or incomplete data.
Erasure (Article 17) — ask us to delete your data. You can do this yourself from the app’s Settings → Delete account.
Restriction (Article 18) — ask us to pause processing in specific circumstances (for example, while we resolve a dispute).
Portability (Article 20) — ask for a copy of the data you have given us in a machine-readable format.
Objection (Article 21) — object to processing based on legitimate interests, in which case we will stop unless we have overriding grounds.
Withdrawal of consent — withdraw any consent you previously gave. We will stop the relevant processing; previous processing remains lawful.
Complaint — lodge a complaint with your supervisory authority. In the Netherlands this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

To exercise any of these rights, write to privacy@erosapp.ai. We will respond within 30 days. We do not charge a fee unless the request is manifestly unfounded or excessive.

To make the right to portability (Article 20) easy to exercise without contacting us, the mobile app provides a self-service export. Open the app and tap Settings → Export my data. We will generate a single JSON file containing the data you have given us (your account, profile, questionnaire, photos as time-limited download links, matches, conversations, notifications, subscription state, and any support tickets or reports you have filed) and save it to your Files app. The export is rate-limited to one request per 24 hours per account to prevent abuse.

8. How we secure your data

We treat security as an ongoing engineering practice, not a one-time checkbox. Specifically:

All traffic between your device and our servers is encrypted in transit with TLS 1.2 or higher.
Photos are stored in a private object storage bucket; the app fetches them through short-lived signed URLs and never via a public URL.
Passwords are hashed with bcrypt.
Access to production systems is gated by per-engineer credentials and hardware-backed multi-factor authentication.
We follow a least-privilege IAM policy for all sub-processor credentials.
We monitor for unusual access patterns through our error and observability tooling.

No system is perfectly secure. If a breach occurs that is likely to put your rights at risk, we will notify you and the relevant supervisory authority without undue delay and in any event within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR.

9. Cookies and similar technologies

The Eros website (erosapp.ai) does not use any third-party advertising cookies, tracking pixels, or analytics SDKs that set cookies. Cloudflare may set a single first-party cookie (__cf_bm or similar) for the sole purpose of distinguishing real visitors from automated bots; this is a security-only cookie and not used for tracking.

The Eros mobile app does not use third-party cookies.

We do not run advertising. We do not sell personal data, and we do not share personal data with third parties for their own marketing purposes.

10. Children’s privacy

Eros is intended for adults only. You must be 18 years of age or older to use the Service. We do not knowingly collect personal data from anyone under 18.

If we learn that an account belongs to someone under 18, we will close it and delete the associated data. If you believe a person under 18 has created an account, please notify us at privacy@erosapp.ai so we can investigate.

11. Automated decision-making and profiling

We use automated systems to:

Generate a short narrative about what two people might have in common (using questionnaire excerpts; the result is shown to both people, not used to “score” a match);
Screen uploaded photos for content that violates our policies (using AWS Rekognition’s standard moderation labels); and
Score and rank potential matches based on the answers both people gave to our questionnaire.

These systems produce recommendations, not binding decisions. A flagged photo is reviewed by a person before any account action is taken. A match score does not block anyone from being shown to you; it only orders the queue. If you believe an automated decision has affected you unfairly, you can ask a human to review it by writing to privacy@erosapp.ai.

12. Marketing

We do not currently send marketing emails. If we do in the future, you will have to opt in expressly and you will be able to unsubscribe from the footer of every message we send.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make a material change, we will notify you in the app and update the “Effective date” at the top of this page. Continuing to use the Service after the effective date means you accept the updated policy.

Earlier versions of this policy will be archived and are available on request.

14. Contact

For privacy questions, data-subject requests, or to report a possible breach, write to privacy@erosapp.ai.

For general questions, write to hello@erosapp.ai.

For security disclosures, write to security@erosapp.ai. Please see our public security policy for our coordinated-disclosure terms.