This Privacy Policy explains what personal data Nice2Meechu ("we", "us", "the Service") collects, why, how long we keep it, who we share it with, and the rights you have. It applies worldwide. If you are in the EEA/UK, Brazil, California, or another jurisdiction with extra rights, those are listed below.
1. Data we collect
- Account & profile: email address, Google account ID, name, profile picture URL (from Google OAuth); first name, codename, age, city, language, vibes, avatar emoji.
- Location: the city you choose plus optional approximate latitude/longitude derived from your IP, browser geolocation, or the map preview.
- Content you create: recorded intro video, transcript, chat messages, swipe actions, signature image, community-rules acceptance.
- Biometric data (special category): a single still frame extracted from your intro video is sent to OpenAI's content-safety vision model to verify there is a single human face and no prohibited content. The image is not stored after the check.
- Device & log: IP address, user agent, timestamps of requests, cookies.
- Analytics: Google Analytics 4 events (page views, important milestones like clicking a sign-up button) — only if you accept the cookie banner.
2. Why we use it (lawful bases)
- To run the Service (GDPR Art. 6(1)(b) — contract).
- To keep users safe via AI face-check and human review of reports (Art. 6(1)(f) — legitimate interests; Art. 9(2)(a) — explicit consent for biometric processing, given via the Community Rules screen).
- To comply with legal obligations such as responding to law-enforcement requests, CSAM reporting, and DSA notices (Art. 6(1)(c)).
- To improve the Service via aggregated analytics (Art. 6(1)(a) — consent).
3. Who we share data with (subprocessors)
- Google (OAuth sign-in, Analytics)
- OpenAI (content-safety face check, live translation, demo-video generation)
- Komoot / OpenStreetMap (geocoding via Photon)
- Cloudflare (CDN & DNS)
- MongoDB Atlas (managed database)
- Emergent (hosting & platform)
We do not sell personal data. We do not transfer data to advertisers.
4. International transfers
Some subprocessors are located in the United States. Where required by law, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.
5. Retention
- Account, profile, videos, messages: kept until you delete your account.
- Reports & moderation logs: kept up to 2 years after creation.
- Analytics events: GA4 default (up to 14 months) unless you withdraw consent.
6. Your rights
- Access — request a copy of your data (use the in-app "Download my data" button on your Profile, or submit a privacy request).
- Erasure — tap "Delete my account" inside the app; we wipe your profile, videos, messages, matches and sessions immediately.
- Rectification — edit your profile any time.
- Portability — request a JSON export of your data.
- Withdraw consent — clear cookies / revoke the analytics consent any time.
- Lodge a complaint with your local supervisory authority (e.g., your country's data-protection regulator).
7. Children
The Service is not for users under 13. Users between 13 and 17 must have a parent/guardian's permission where required by local law. We rely on self-declared age at signup and may take additional verification steps. If we learn we have collected data from a child under 13, we delete it.
8. AI disclosure
Some intro videos and profiles in the feed are AI-generated personas created with OpenAI Sora 2, clearly labelled "AI demo" on the card. They exist to seed the experience and may auto-match with you. They do not represent real people.
9. Safety & illegal content
To report suspected child sexual abuse material (CSAM), terrorism, immediate harm, or any DSA-actionable content, submit a safety report or use the in-app Report button.
10. Changes
We will notify you in-app and via the email on file before material changes take effect.