Privacy Policy

Privacy policy

We respect your privacy and are committed to protecting it through our compliance with this privacy policy ("Policy"). This Policy describes the types of information we may collect from you or that you may provide ("Personal Information") on the flirtyapp.com website ("Website"), "Flirty" mobile application ("Mobile Application"), and any of their related products and services (collectively, "Services"), and our practices for collecting, using, maintaining, protecting, and disclosing that Personal Information. It also describes the choices available to you regarding our use of your Personal Information and how you can access and update it.

This Policy is a legally binding agreement between you ("User", "you" or "your") and FLIRTY LTD ("FLIRTY LTD", "we", "us" or "our"). If you are entering into this Policy on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this Policy, in which case the terms "User", "you" or "your" shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this Policy, you must not accept this Policy and may not access and use the Services. By accessing and using the Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

Table of contents

  1. Automatic collection of information
  2. Collection of personal information
  3. Third-party services we use
  4. Use and processing of collected information
  5. Payment processing
  6. Managing information
  7. Disclosure of information
  8. Retention of information
  9. Transfer of information
  10. Region specific notices
  11. How to exercise your rights
  12. Cookies
  13. Data analytics
  14. Privacy of children
  15. Do not sell my personal information
  16. Do Not Track signals
  17. Advertisements
  18. Social media features
  19. Email marketing
  20. Push notifications
  21. Links to other resources
  22. Information security
  23. Data breach
  24. Changes and amendments
  25. Acceptance of this policy
  26. Contacting us

Automatic collection of information

When you open the Website or use the Mobile Application, our servers automatically record information that your browser or device sends. This data may include information such as your device's IP address and location, browser and device name and version, operating system type and version, language preferences, the webpage you were visiting before you came to the Services, pages of the Services that you visit, the time spent on those pages, the information you search for on the Services, access times and dates, and other statistics.

Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding the usage and traffic of the Services. This statistical information is not otherwise aggregated in such a way that would identify any particular User of the system.

Collection of personal information

You can access and use the Services without telling us who you are or revealing any information by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the features offered on the Services, you may be asked to provide certain Personal Information (for example, your name and email address).

We receive and store any information you knowingly provide to us when you create an account, publish content, make a purchase, or fill any forms on the Services. When required, this information may include the following:

  • Account details (such as user name, unique user ID, password, etc)
  • Contact information (such as email address, phone number, etc)
  • Basic personal information (such as name, country of residence, date of birth, etc)
  • Sensitive personal information (such as ethnicity, religious beliefs, mental health, etc)
  • Geolocation data of your device (such as latitude and longitude)
  • Photos and videos that you upload to your profile
  • Audio recordings when you send voice messages
  • Messages and content you share with other users
  • Certain features on the mobile device (such as contacts, calendar, gallery, camera, microphone, etc)
  • Any other materials you willingly submit to us (such as articles, images, feedback, etc)

Some of the information we collect is directly from you via the Services. However, we may also collect Personal Information about you from other sources such as social media platforms, public databases, third-party data providers, and our joint partners. Personal Information we collect from other sources may include demographic information, such as age and gender, device information, such as IP addresses, location, such as city and state, and online behavioral data, such as information about your use of social media websites, page view information and search results and links.

You can choose not to provide us with your Personal Information, but then you may not be able to take advantage of some of the features on the Services. Users who are uncertain about what information is mandatory are welcome to contact us.

Biometric Data (Device-Based Only)

For sensitive actions like data exports and account deletion, we may request biometric verification (Face ID, Touch ID, or fingerprint authentication). Important notes:

  • Biometric data never leaves your device
  • We only receive a "verified" or "not verified" response from your device's operating system
  • We do not collect, store, or process your actual biometric data
  • This verification is handled entirely by your device's operating system (iOS or Android)
  • Email verification is always available as an alternative if biometric authentication is unavailable or fails
  • You can choose to skip biometric verification and use email verification instead

Session Management & Active Devices

To enhance your account security and give you control over your login sessions, we track active sessions across devices. This allows you to view and manage where you're logged in and remotely log out from devices if needed.

Information We Collect Per Session:

  • Device Information: Device type (e.g., iPhone 14 Pro), operating system version (e.g., iOS 17.2), and app version
  • Location Data (IP-based): Approximate location (city and country) derived from your IP address at login. We do not store your raw IP address - only a cryptographic hash (one-way encryption) for security purposes.
  • Session Activity: Login timestamp and last active timestamp
  • Session Identifier: A unique identifier for each login session

How We Use Session Data:

  • Security Monitoring: Detect suspicious login activity (e.g., logins from unusual locations)
  • Account Protection: Send email notifications when you log in from a new device
  • User Control: Allow you to view all active sessions and remotely log out from specific devices
  • Fraud Prevention: Identify and prevent unauthorized access to your account

Your Session Management Controls:

  • View Active Sessions: Navigate to Settings → Support & Legal → Privacy Controls → Active Sessions to see all devices where you're logged in
  • Remote Logout: Log out from any specific device or all other devices at once
  • New Device Alerts: Receive email notifications when someone (including you) logs in from a new device
  • Session Expiry: Sessions automatically expire after 30 days of inactivity for your security

Data Retention:

  • Active session data is stored while you remain logged in on that device
  • Sessions are automatically deleted after 30 days of inactivity
  • When you manually log out, the session data for that device is immediately deleted
  • When you delete your account, all session data is permanently deleted
  • Session data is included in your data export (Settings → Support & Legal → Privacy Controls → My Data)

Privacy Safeguards:

  • No Raw IP Storage: We never store your actual IP address. We only store a one-way cryptographic hash that cannot be reversed to determine your IP.
  • City-Level Only: Location is limited to city and country - we do not collect precise GPS coordinates for session management.
  • Secure Storage: All session data is stored in our encrypted Firebase Firestore database with access restricted to your user ID.
  • GDPR Compliant: You can export, view, and delete your session data at any time.

End-to-End Encrypted Messages

Certain messages in Flirty are protected by end-to-end encryption (E2EE). These messages are:

  • Encrypted on your device before being sent
  • Decrypted only on the recipient's device
  • Never decrypted on our servers
  • Cannot be read by Flirty, even if legally compelled

Important limitation: Because we cannot decrypt E2EE messages, they cannot be included in data exports from our servers. If you want to preserve these conversations, you must screenshot or copy them before deleting your account. Standard (non-encrypted) messages are included in data exports.

Third-party services we use

Flirty uses the following third-party services to provide, improve, and secure our Services. These service providers may process your Personal Information on our behalf:

Infrastructure & Backend Services

Google Firebase (Google LLC, USA) - We use Firebase services provided by Google for our core infrastructure:

  • Firebase Authentication - User account creation and login management
  • Cloud Firestore - Database storage for user profiles, messages, and app data
  • Firebase Storage - Storage for photos, videos, and other media files
  • Firebase Analytics - App usage analytics and user behavior tracking
  • Firebase Crashlytics - Crash reporting and app stability monitoring
  • Firebase Performance Monitoring - App performance tracking
  • Firebase Cloud Messaging - Push notification delivery
  • Cloud Functions - Server-side processing and automation
  • Firebase App Check - App security and abuse prevention

Firebase's privacy policy: https://firebase.google.com/support/privacy

Google's privacy policy: https://policies.google.com/privacy

Advertising Services

Google AdMob (Google LLC, USA) - We display personalized advertisements through Google's AdMob platform. AdMob may use cookies, device identifiers, and similar technologies to:

  • Show you relevant advertisements based on your interests
  • Measure advertisement performance and effectiveness
  • Prevent fraud and ensure ad quality
  • Provide aggregate reporting to advertisers

For users in the European Union, European Economic Area, and United Kingdom, we obtain consent for personalized advertising using Google's User Messaging Platform (UMP) in compliance with GDPR requirements.

Managing Ad Preferences:

  • iOS: Settings → Privacy → Advertising → Limit Ad Tracking
  • Android: Settings → Google → Ads → Opt out of Ads Personalization
  • In-app: Settings → Support & Legal → Privacy Controls → Ad Personalization

AdMob privacy policy: https://support.google.com/admob/answer/6128543

Communication Services

SendGrid (Twilio Inc., USA) - Transactional email delivery for:

  • Account verification and password reset emails
  • Important account notifications
  • Security alerts

SendGrid privacy policy: https://www.twilio.com/legal/privacy

Media Hosting & Processing

API.video (France) - Video storage, processing, and streaming services for:

  • Video uploads and storage
  • Video transcoding and optimization
  • Video streaming and delivery

API.video privacy policy: https://api.video/privacy-policy/

Payment Processing

Google Play Store (for Android) and Apple App Store (for iOS) - In-app purchase processing for premium subscriptions and features. We do not store or process your payment card details directly. All payment information is handled securely by Google and Apple in compliance with PCI-DSS standards.

International Data Transfers

These third-party services may process your Personal Information in the United States and other countries outside your country of residence. We ensure appropriate safeguards are in place for international data transfers, including:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Adequacy decisions where applicable
  • Compliance with GDPR, UK DPA, and other applicable data protection laws

Use and processing of collected information

We act as a data controller and a data processor when handling Personal Information, unless we have entered into a data processing agreement with you in which case you would be the data controller and we would be the data processor.

Our role may also differ depending on the specific situation involving Personal Information. We act in the capacity of a data controller when we ask you to submit your Personal Information that is necessary to ensure your access and use of the Services. In such instances, we are a data controller because we determine the purposes and means of the processing of Personal Information.

We act in the capacity of a data processor in situations when you submit Personal Information through the Services. We do not own, control, or make decisions about the submitted Personal Information, and such Personal Information is processed only in accordance with your instructions. In such instances, the User providing Personal Information acts as a data controller.

In order to make the Services available to you, or to meet a legal obligation, we may need to collect and use certain Personal Information. If you do not provide the information that we request, we may not be able to provide you with the requested products or services. Any of the information we collect from you may be used for the following purposes:

  • Create and manage user accounts
  • Deliver products or services
  • Improve products and services
  • Personalize your experience and match you with compatible users
  • Provide customer support and respond to inquiries
  • Process payments and transactions
  • Send administrative communications and service updates
  • Send marketing and promotional communications (with your consent)
  • Request user feedback and conduct surveys
  • Improve user experience and app performance
  • Post customer testimonials (with your permission)
  • Deliver targeted advertising (with appropriate consent)
  • Analyze usage patterns and trends
  • Detect, prevent, and address fraud, abuse, and security issues
  • Enforce terms and conditions and policies
  • Protect from abuse and malicious users
  • Respond to legal requests and prevent harm
  • Run and operate the Services

Processing your Personal Information depends on how you interact with the Services, where you are located in the world and if one of the following applies: (a) you have given your consent for one or more specific purposes; (b) provision of information is necessary for the performance of this Policy with you and/or for any pre-contractual obligations thereof; (c) processing is necessary for compliance with a legal obligation to which you are subject; (d) processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us; (e) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. We may also combine or aggregate some of your Personal Information in order to better serve you and to improve and update our Services.

We rely on user's consent as a legal base upon which we collect and process your Personal Information.

Note that under some legislations we may be allowed to process information until you object to such processing by opting out, without having to rely on consent or any other of the legal bases above. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Payment processing

In case of Services requiring payment, you may need to provide your credit card details or other payment account information, which will be used solely for processing payments. We use third-party payment processors ("Payment Processors") to assist us in processing your payment information securely.

Payment Processors adhere to the latest security standards as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. Sensitive and private data exchange happens over a SSL secured communication channel and is encrypted and protected with digital signatures, and the Services are also in compliance with strict vulnerability standards in order to create as secure of an environment as possible for Users. We will share payment data with the Payment Processors only to the extent necessary for the purposes of processing your payments, refunding such payments, and dealing with complaints and queries related to such payments and refunds.

Please note that the Payment Processors may collect some Personal Information from you, which allows them to process your payments (e.g., your email address, address, credit card details, and bank account number) and handle all the steps in the payment process through their systems, including data collection and data processing. The Payment Processors' use of your Personal Information is governed by their respective privacy policies which may or may not contain privacy protections as protective as this Policy. We suggest that you review their respective privacy policies.

Managing information

You are able to delete certain Personal Information we have about you. The Personal Information you can delete may change as the Services change. When you delete Personal Information, however, we may maintain a copy of the unrevised Personal Information in our records for the duration necessary to comply with our obligations to our affiliates and partners, and for the purposes described below. If you would like to delete your Personal Information or permanently delete your account, you can do so on the settings page of your account on the Services.

Disclosure of information

Depending on the requested Services or as necessary to complete any transaction or provide any Service you have requested, we may share your non-personally identifiable information with our contracted companies, and service providers (collectively, "Service Providers") we rely upon to assist in the operation of the Services available to you and whose privacy policies are consistent with ours or who agree to abide by our policies with respect to your information. We will not share any information with unaffiliated third parties.

Service Providers are not authorized to use or disclose your information except as necessary to perform services on our behalf or comply with legal requirements. Service Providers are given the information they need only in order to perform their designated functions, and we do not authorize them to use or disclose any of the provided information for their own marketing or other purposes.

We may also disclose any Personal Information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

In the event we go through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, your user account, and your Personal Information will likely be among the assets transferred.

Retention of information

We will retain and use your Personal Information for the period necessary to comply with our legal obligations, as long as your user account remains active, to enforce our Policy, resolve disputes, and unless a longer retention period is required or permitted by law.

Specific retention periods:

  • Active accounts: We retain your Personal Information for as long as your account is active and you continue using our Services.
  • Account deletion: When you request account deletion through Settings → Delete Account, the following process occurs:
    • Days 1-30 (Deactivation): Your account is deactivated and hidden from other users. During this period:
      • You can log back in at any time to cancel deletion (reactivates account automatically)
      • You can download your data from Settings
      • Your data remains in our systems but your profile is not visible to others
    • Day 30+ (Permanent Deletion): After 30 days of deactivation, your account and personal data (profile, photos, messages, location history, matches) are permanently deleted from our active systems
    • Some data may remain in secure backups for up to 60 days total (30 days deactivation + 30 days backup retention) for disaster recovery purposes, after which it is permanently erased
    • Downloading Your Data: You can download your data at any time from Settings → Support & Legal → Privacy Controls → My Data, either before deactivating your account or during the 30-day deactivation period by logging back in. We strongly recommend downloading your data if you want to keep a copy.
    • Minimal logs retained for legal purposes: After permanent deletion (Day 30+), we retain certain minimal technical and security logs for 12 months to comply with legal obligations, prevent fraud, and respond to law enforcement requests. This includes:
      • Account identifiers (anonymized user IDs)
      • Account creation and deletion timestamps
      • IP addresses associated with significant account actions
      • Records of abuse reports or violations
      • Payment transaction records (retained for 7 years as required by tax law)
      These logs cannot be used to reconstruct your profile, view your content, or identify you in normal operations. They are retained solely for legal compliance, fraud prevention, and security purposes under GDPR Article 6(1)(f) (legitimate interests).
    • Legal holds: If we receive a valid legal request (court order, subpoena, warrant) to preserve your data, we may be required to delay deletion to comply with legal obligations. We will inform you of such requests where legally permitted.
  • Legal compliance: Some information may be retained longer when required by law, such as:
    • Payment and transaction records: 7 years (tax and accounting requirements)
    • Legal disputes or investigations: Until resolution plus applicable limitation periods
    • Abuse reports and safety violations: Until reviewed and resolved
  • Analytics data: Aggregated and anonymized analytics data may be retained indefinitely for statistical purposes. This data cannot be used to identify you personally.
  • Marketing communications: If you unsubscribe from marketing emails, we retain your email address in our suppression list to ensure we don't contact you again.

Account Deletion Process

When you request to delete your account through Settings → Delete Account, the following detailed process occurs:

  1. Immediate Deactivation: Your profile is immediately hidden from discovery and other users cannot view your profile or send you messages
  2. 30-Day Grace Period: Your account enters a deactivated state for 30 days. During this time:
    • Your data is retained but inaccessible to other users
    • You can reactivate your account by simply logging back in
    • You can still request a data export
    • We will send reminder emails at 7 days and 1 day before permanent deletion
    • Your profile will not appear in discovery, matches, or search results
  3. Permanent Deletion (After 30 Days): Your account and associated data are permanently deleted, including:
    • Your profile information, photos, and videos
    • Your sent messages (except as noted below)
    • Your matches, likes, and preferences
    • Your location and activity history
    • Your discovery settings and filters

What happens to data visible to other users:

  • Messages you sent: Messages will remain visible to recipients (as this is their data) but your name and profile photo will be replaced with "[Deleted User]". We cannot delete messages from other users' inboxes as this would violate their data rights.
  • Photos in conversations: Photos you sent in messages are removed from all conversations
  • Match history: Other users will see "[Deleted User]" in their match history where you previously appeared
  • Reported content: Reports you made or reports made about you may be retained for safety and legal purposes with your personal identifiers anonymized

Data we may retain after deletion:

  • Anonymized analytics data that cannot identify you
  • Records required for legal compliance (e.g., payment records for tax purposes - retained for 7 years)
  • Data in encrypted backups for up to 60 days total (30 days deactivation + 30 days backup retention) before permanent removal
  • Information necessary to enforce our Terms of Service or protect against fraud (e.g., device identifiers to prevent banned users from creating new accounts)
  • Minimal logs (anonymized user ID hashes, timestamps) retained for 12 months for legal compliance and fraud prevention

Premium Subscriptions: If you have an active premium subscription, please note:

  • You must cancel your subscription through your device's app store (Apple App Store or Google Play Store) before account deletion
  • We do not have access to cancel app store subscriptions on your behalf
  • No refunds are provided for unused subscription time after account deletion
  • Subscription records are retained for 7 years for tax and accounting compliance as required by law
  • After account deletion, these records are anonymized but retained separately

Payment and Subscription Data

We retain payment and subscription records for accounting, tax, and legal purposes:

  • Active subscriptions: Records maintained while subscription is active
  • Cancelled subscriptions: Records retained for 7 years for tax compliance
  • Account deletion: Payment records are anonymized but retained as required by law

Subscription management is handled by your device's app store (Apple App Store or Google Play). To cancel a subscription, you must do so through your app store settings. We do not have access to your payment card details - these are handled exclusively by Apple, Google, and Stripe.

Data Anonymization

In certain cases, complete deletion of your data would negatively impact other users' experience or violate their data rights. In these situations, we anonymize your data instead of deleting it:

  • Messages to other users: We cannot delete messages from other users' inboxes (as this is their data), but we replace your identifying information with "[Deleted User]"
  • Safety reports: If you reported another user or were reported, these records may be retained for safety purposes with your personal identifiers anonymized to protect community safety while respecting your privacy
  • Abuse prevention: Device identifiers and hashed data may be retained to prevent banned users from creating new accounts and to maintain platform integrity
  • Analytics data: Aggregated usage statistics may be retained indefinitely in anonymized form for product improvement

Anonymization means your data can no longer be linked back to you as an identifiable individual. Anonymized data is not considered Personal Information under GDPR and other privacy laws.

We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

Transfer of information

Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. The transfer of your Personal Information to countries outside the European Union will be made only if you have explicitly consented to it or in the cases provided for by the GDPR and the UK DPA and will be processed in your interest.

You are entitled to learn about the legal basis of information transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard your information. If any such transfer takes place, you can find out more by checking the relevant sections of this Policy or inquire with us using the information provided in the contact section. Note that we are dedicated to ensuring the security of your personal data, adhering strictly to the guidelines outlined in our privacy notice and conforming to the applicable legal requirements.

Region specific notices

Out of respect for your privacy, we have implemented additional measures to comply with the obligations and rights associated with the collection of Personal Information as dictated by the laws governing the regions of our users.

Disclosures for residents of Australia

If you are a resident of Australia, you have certain rights in relation to your Personal Information based on the Australian Privacy Act 1988 ("Privacy Act 1988") that we comply with as part of our commitment to your privacy. This supplemental section, together with other relevant sections of the Policy, provides information about your rights and how to exercise them. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the Privacy Act 1988.

(a) Right to access and correct: You have the right to access Personal Information we hold about you. You also have the right to request corrections to your Personal Information if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

(b) Right to restrict processing: You can request that we stop or restrict the processing of your Personal Information in certain circumstances, such as when you contest the accuracy of your data.

(c) Right to data portability: You have the right to request the transfer of your Personal Information to a different service provider as long as it is technically possible to do so or directly to you.

(d) Right to not be subject to automated decision-making: You have the right to opt out of decisions based solely on automated processing of your Personal Information, particularly when these decisions have legal or similarly significant effects on you.

(e) Right to anonymity: You are generally able to use a pseudonym or remain anonymous when interacting with us. However, in some circumstances, you may have to provide certain Personal Information. For example, we may require Personal Information to assess your eligibility for a program or service. We will inform you if you are not able to remain anonymous or use a pseudonym when dealing with us.

Disclosures for residents of Brazil

If you are a resident of Brazil, you have certain rights in relation to your Personal Information based on the Brazilian General Data Protection Law ("LGPD") that we comply with as part of our commitment to your privacy. This supplemental section, together with other relevant sections of the Policy, provides information about your rights and how to exercise them. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the LGPD.

(a) Right to know and access: You have the right to confirm whether we process your Personal Information and, if so, access it. This ensures you are fully informed about the data we hold and how it's used.

(b) Right to correct: You have the right to correct Personal Information if you find any of it in our possession to be incorrect or outdated as we are committed to maintaining the accuracy and relevance of your Personal Information.

(c) Right to anonymize and block: You can request the anonymization or blocking of Personal Information that is unnecessary, excessive, or not processed in compliance with the LGPD.

(d) Right to data portability: You have the right to transfer your data to another service provider or product supplier, promoting your freedom to choose services without losing your data history.

(e) Right to delete: If we have processed your data based on consent, you can request its deletion, except where law requires or permits us to retain it.

(f) Right to information about third parties: You can ask about the third parties with whom we share your data, ensuring transparency in our data sharing practices.

(g) Right to information on consent denial: You have the right to be informed about the consequences of not providing consent to make informed decisions about the use of your Personal Information.

(h) Right to withdraw consent: You can withdraw your consent for data processing at any time to ensure control over your Personal Information.

(i) Right to review automated decisions: You can request a review of decisions made solely based on automated processing of your data to ensure fairness and accuracy in processes that significantly impact you.

Disclosures for residents of Canada

If you are a resident of Canada, you have certain rights in relation to your Personal Information based on the Personal Information Protection and Electronic Documents Act ("PIPEDA") that we comply with as part of our commitment to your privacy. This supplemental section, together with other relevant sections of the Policy, provides information about your rights and how to exercise them. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the PIPEDA.

(a) Right to access: You have the right to access the Personal Information we hold about you if you wish to review, verify, or correct your information.

(b) Right to correct: We strive to maintain the accuracy of your Personal Information and will promptly make necessary corrections when you identify inaccuracies in your data.

(c) Right to withdraw consent: You can withdraw your consent regarding the handling of your Personal Information at any time, subject to legal or contractual limitations.

(d) Right to complain: You have the right to file a complaint with the Privacy Commissioner of Canada if you feel your Personal Information is being handled in a way that violates PIPEDA.

(e) Right to challenge compliance: You can challenge our compliance with PIPEDA, including how we handle your Personal Information, consent, access requests, and how we respond to your correction requests.

(f) Right to know about breaches: You have the right to be notified in cases of a security breach involving your Personal Information that poses a real risk of significant harm.

Disclosures for residents of the EU/EEA and the UK

If you are a resident of the European Union ("EU"), the European Economic Area ("EEA"), or the United Kingdom ("UK"), you have certain rights in relation to your Personal Information based on the GDPR and the UK DPA that we comply with as part of our commitment to your privacy. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the GDPR and the UK DPA.

(a) Right to withdraw consent: You have the right to withdraw consent where you have previously given your consent to the processing of your Personal Information. To the extent that the legal basis for our processing of your Personal Information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

(b) Right to access: You have the right to learn if your Personal Information is being processed by us, obtain disclosure regarding certain aspects of the processing, and obtain a copy of your Personal Information undergoing processing.

(c) Right to rectification: You have the right to verify the accuracy of your information and ask for it to be updated or corrected. You also have the right to request us to complete the Personal Information you believe is incomplete.

(d) Right to object to the processing: You have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent. Where Personal Information is processed for the public interest, in the exercise of an official authority vested in us, or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection. You must know that, however, should your Personal Information be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn whether we are processing Personal Information for direct marketing purposes, you may refer to the relevant sections of this Policy.

(e) Right to restrict processing: You have the right, under certain circumstances, to restrict the processing of your Personal Information. These circumstances include: the accuracy of your Personal Information is contested by you and we must verify its accuracy; the processing is unlawful, but you oppose the erasure of your Personal Information and request the restriction of its use instead; we no longer need your Personal Information for the purposes of processing, but you require it to establish, exercise or defend your legal claims; you have objected to processing pending the verification of whether our legitimate grounds override your legitimate grounds. Where processing has been restricted, such Personal Information will be marked accordingly and, with the exception of storage, will be processed only with your consent or for the establishment, to exercise or defense of legal claims, for the protection of the rights of another natural, or legal person or for reasons of important public interest.

(f) Right to delete: You have the right, under certain circumstances, to obtain the erasure of your Personal Information from us. These circumstances include: the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure such as where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, to exercise or defense of legal claims.

(g) Right to data portability: You have the right to receive your Personal Information that you have provided to us in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance from us, provided that such transmission does not adversely affect the rights and freedoms of others.

(h) Right to complaint: You have the right to complain to a data protection authority about our collection and use of your Personal Information. If you are not satisfied with the outcome of your complaint directly with us, you have the right to lodge a complaint with your local data protection authority. For more information, please contact your local data protection authority in the EU or the EEA. This provision is applicable provided that your Personal Information is processed by automated means and that the processing is based on your consent, on a contract which you are part of, or on pre-contractual obligations thereof.

Disclosures for residents of New Zealand

If you are a resident of New Zealand, you have certain rights in relation to your Personal Information based on the New Zealand's Privacy Act 2020 ("Privacy Act 2020") that we comply with as part of our commitment to your privacy. This supplemental section, together with other relevant sections of the Policy, provides information about your rights and how to exercise them. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the Privacy Act 2020.

(a) Right to Access: You have the right to access your Personal Information that we hold, enabling you to review and understand the data we have about you for transparency and accuracy.

(b) Right to Correction: If your Personal Information is incorrect or outdated, you have the right to request its correction, ensuring that the information we hold is accurate and up-to-date.

(c) Right to Make a Complaint: If you believe your privacy rights have been breached, you have the right to make a complaint to a data protection authority.

(d) Right to Object to Automated Decision-making: You can object to decisions made solely on automated processing of your Personal Information that have significant effects on you, ensuring a fair and transparent decision-making process.

(e) Right to Data Portability: Where applicable, you have the right to request the transfer of your Personal Information to another service provider if technically possible or directly to you.

(f) Right to Anonymity and Pseudonymity: Where possible, you have the option to interact with us without revealing your identity or by using a pseudonym, offering flexibility and control over your personal engagement.

(g) Notification of Data Breaches: In the event of a data breach that may harm your privacy, we will notify you promptly, taking immediate steps to mitigate any potential impacts.

Disclosures for residents of the USA

If you are a resident of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Utah, or Virginia, you have certain rights and we aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information. This supplemental section, together with other relevant sections of the Policy, provides information about your rights and how to exercise them under the California Consumer Privacy Act and the California Privacy Rights Act (collectively, "CCPA"), the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CDPA"), the Delaware Online Privacy and Protection Act ("DOPPA"), the Iowa Consumer Data Protection Act ("ICDPA"), the Maryland Personal Information Protection Act ("PIPA"), the Utah Consumer Privacy Act ("UCPA"), the Virginia Consumer Data Protection Act ("VCDPA"), and any and all regulations arising therefrom. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the related state laws.

In addition to the rights as explained in this Policy, if you provide Personal Information as defined in the statute to obtain Services for personal, family, or household use, you have the right to submit requests related to your Personal Information once a calendar year. Note that there are circumstances when we may not be able to comply with your request such as when we are not able to verify your request or find that providing a full response conflicts with other legal obligations or regulatory requirements. You will be notified if it's the case.

(a) Right to know and right to access: You have the right to request certain information we have collected about you. Once we receive and confirm a verifiable request from you, we will disclose to you, to the extent permitted by law:

  • The specific pieces of Personal Information we hold about you.
  • The categories of sources from which Information about you is collected.
  • The purposes for collecting, selling, or sharing your Personal Information.

You have the right to request that the Personal Information is delivered in a format that is both portable and easily usable, as long as it is technically possible to do so.

(b) Right to correct: You have the right to request that we correct your inaccurate Personal Information taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information.

(c) Right to delete: You have the right to request deletion of your Personal Information.

(d) Right to opt-out of the sale and sharing: You have the right to opt-out of the sale of your Personal Information which may include selling, disclosing, or transferring Personal Information to another business or a third party for monetary or other valuable consideration.

(e) Right to consent to or limit the use of your sensitive personal information: You have the right to consent to the use of your Sensitive Personal information and to direct us to restrict its use and disclosure solely to what is essential for carrying out or delivering the Services in a manner reasonably anticipated by an average user, or for certain business objectives as specified by law. However, we do not use Sensitive Personal Information for any purposes other than those legally permitted or beyond the scope of your consent.

(f) Right to non-discrimination: You have the right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We may not, and will not, treat you differently because of your data subject request activity, and we may not and will not deny goods or Services to you, charge different rates for goods or Services, provide a different level quality of goods or Services, or suggest that we would treat you differently because of your data subject request activity.

(g) Shine the Light: California residents that have an established business relationship with us have the right to know how their personal information is disclosed to third parties for their direct marketing purposes under California's "Shine the Light" law, or the right to opt out of such practices.

To exercise any of your rights, simply contact us using the details below. After we receive and verify your request, we will process it to the extent possible within our capabilities.

How to exercise your rights

Any requests to exercise your rights can be directed to us through the contact details provided in this document. Please note that we may ask you to verify your identity before responding to such requests. Your request must provide sufficient information that allows us to verify that you are the person you are claiming to be or that you are the authorized representative of such person. If we receive your request from an authorized representative, we may request evidence that you have provided such an authorized representative with power of attorney or that the authorized representative otherwise has valid written authority to submit requests on your behalf.

You must include sufficient details to allow us to properly understand the request and respond to it. We cannot respond to your request or provide you with Personal Information unless we first verify your identity or authority to make such a request and confirm that the Personal Information relates to you.

Requesting a Copy of Your Data (Data Portability)

You have the right to request a copy of your Personal Information in a structured, commonly used, and machine-readable format (JSON format within a ZIP file). We offer two types of data exports to meet different needs:

Standard Export (Data Portability - GDPR Article 20):
Includes data you have directly provided to us in a portable, machine-readable format (JSON files within a ZIP archive):

  • Profile information (name, age, bio, dating preferences)
  • Photos and videos you've uploaded
  • Interests and settings you've selected
  • Contact information (email, phone number)
  • Messages you've sent (non-encrypted only)
  • Matches and likes history
  • Blocked users list

Complete Export (Right to Access - GDPR Article 15):
Includes everything in the Standard Export, plus additional data processed by our Services:

  • Activity logs (swipes, likes, profile views)
  • Location data history
  • Account activity and login history (IP addresses, timestamps)
  • Payment and subscription history (if applicable)
  • Reports you've submitted
  • Discovery preferences and settings
  • All metadata (timestamps, device information)

Important: End-to-end encrypted messages cannot be included in exports as they are encrypted on your device and cannot be decrypted by our servers. Please save important encrypted conversations before deleting your account.

How to request your data:

  1. Via Email: Send a data export request to privacy@flirtyapp.com with the subject line "Data Export Request" and specify which type of export you need (Standard or Complete)
  2. Via In-App Settings: Navigate to Settings → Support & Legal → Privacy Controls → My Data
  3. Verification: We will verify your identity using biometric authentication (Face ID/Touch ID) or email verification before processing your request
  4. Processing: Exports are generated in the background and typically completed within 24 hours (maximum 30 days as required by law)
  5. Delivery: We will email you a secure download link when your export is ready
  6. Download Window: Download links expire after 7 days for security reasons to ensure your data is not accessible indefinitely through a potentially compromised email account
  7. File Format: Your data will be delivered as a ZIP file containing JSON files for each data category, plus a README.txt file explaining the contents

Request Limitations

To prevent abuse and protect system resources, we limit data export requests to:

  • 1 data export per 30-day period (you can choose either Standard or Complete, but only one export per month)
  • Additional requests may be granted for legitimate reasons upon request to privacy@flirtyapp.com
  • There are no limitations on deletion requests or accessing/correcting your data through the normal app interface

Request Status and Tracking

When you submit a data access or deletion request, you will receive:

  • Immediate confirmation: In-app notification confirming your request was received
  • Email acknowledgment: Within 24 hours with a reference number
  • Email updates: Status updates as your request is processed
  • Completion notification: Email when your request is processed

Typical processing times:

  • Data exports: Usually completed within 24 hours, delivered via email with download link
  • Account deletion: Immediate deactivation, permanent deletion after 30 days
  • Other requests: Processed within timeframes specified in the region-specific sections (5-45 days depending on region)

Data Export After Account Deletion:
You can download your data at any time from Settings → Support & Legal → Privacy Controls → My Data. If you have deactivated your account (scheduled for deletion), you can log back in during the 30-day deactivation period to download your data. Once your account is permanently deleted (after the 30-day deactivation period), your data no longer exists in our systems and we cannot fulfill data export requests. We strongly recommend downloading your data before deactivating your account or during the 30-day deactivation window.

Opting Out of Data Collection

Analytics Tracking: You can limit analytics data collection:

  • iOS: Settings → Privacy & Security → Analytics & Improvements → Uncheck "Share iPhone Analytics" and "Share iCloud Analytics"
  • Android: Settings → Google → Data & Privacy → Web & App Activity → Turn off

Personalized Advertising: You can opt out of personalized ads:

  • iOS: Settings → Privacy & Security → Tracking → Toggle off "Allow Apps to Request to Track"
  • Android: Settings → Google → Ads → Delete advertising ID
  • In-app: Settings → Support & Legal → Privacy Controls → Ad Personalization

Push Notifications: You can disable push notifications at any time through your device settings or in-app notification preferences.

Marketing Communications: You can unsubscribe from marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us directly.

Cookies

Our Services use "cookies" to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. If you choose to decline cookies, you may not be able to fully experience the features of the Services.

We may use cookies to collect, store, and track information for security and personalization, to operate the Services, and for statistical purposes. For further information on the cookies we collect and their purpose, see our cookie policy. Please note that you have the ability to accept or decline cookies. Most web browsers automatically accept cookies by default, but you can modify your browser settings to decline cookies if you prefer.

Types of cookies we use:

  • Essential cookies: Required for basic app functionality and security
  • Analytics cookies: Help us understand how users interact with our app (Google Analytics, Firebase Analytics)
  • Advertising cookies: Used to deliver personalized advertisements (Google AdMob)
  • Preference cookies: Remember your settings and preferences

Cookie duration: Cookies may be session-based (deleted when you close the app) or persistent (stored for up to 365 days).

Data analytics

Our Services use third-party analytics tools that use cookies, web beacons, device identifiers, or other similar information-gathering technologies to collect standard internet activity and usage information. The information gathered is used to compile statistical reports on User activity such as how often Users visit our Services, what pages they visit and for how long, feature usage patterns, user engagement metrics, and technical performance data.

Analytics services we use:

  • Firebase Analytics (Google LLC) - App usage tracking, user behavior analysis, crash reporting, and performance monitoring
  • Google Analytics for Firebase - User demographics, interests, and in-app behavior
  • Firebase Crashlytics - Crash reporting and stability analytics
  • Firebase Performance Monitoring - App performance metrics

We use the information obtained from these analytics tools to:

  • Monitor and improve app performance and stability
  • Understand how users interact with features
  • Identify and fix bugs and technical issues
  • Personalize your experience
  • Develop new features based on user needs
  • Generate aggregate statistical reports (no individual identification)

Analytics data is typically retained for 26 months before being automatically deleted or anonymized.

Privacy of children

We do not knowingly collect any Personal Information from children under the age of 18. If you are under the age of 18, please do not submit any Personal Information through the Services. If you have reason to believe that a child under the age of 18 has provided Personal Information to us through the Services, please contact us immediately at privacy@flirtyapp.com to request that we delete that child's Personal Information from our Services.

Our Services are intended only for users who are 18 years of age or older. During account creation, we require users to provide their date of birth and verify that they meet the minimum age requirement. Accounts that do not meet this requirement are immediately rejected and any associated data is deleted.

We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through the Services without their permission. We also ask that all parents and legal guardians overseeing the care of children take the necessary precautions to ensure that their children are instructed to never give out Personal Information when online without their permission.

We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar laws worldwide. If we discover that we have inadvertently collected Personal Information from anyone under 18, we will delete that information immediately.

Do not sell my personal information

You have the right to choose not to have your Personal Information sold or disclosed by contacting us. Upon receiving and verifying your request, we will cease the sale and disclosure of your Personal Information. Be aware, however, that opting out of data transfers to our third parties might affect our ability to provide certain Services you have signed up for. We reserve the right to reject opt-out requests in certain situations as permitted by the CCPA, such as when the sale of Personal Information is required for us to fulfill legal or contractual duties.

Important note: We do not sell your Personal Information for monetary compensation. We may share information with service providers as necessary to operate our Services, but these are service relationships, not data sales.

Do Not Track signals

Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from users who use or visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform. As a result, the Services are not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this Policy, we limit our use and collection of your Personal Information. For a description of Do Not Track protocols for browsers and mobile devices or to learn more about the choices available to you, visit internetcookies.com

Advertisements

We display online advertisements through Google AdMob and may share aggregated and non-identifying information about our users that we or our advertisers collect through your use of the Services. We do not share personally identifiable information about individual users with advertisers without your explicit consent.

How advertising works:

  • We use Google AdMob to display advertisements in our app
  • AdMob may collect device information, usage data, and ad interaction metrics
  • For EU/EEA/UK users, we obtain consent for personalized advertising through Google's User Messaging Platform (UMP)
  • Non-personalized ads may still be shown if you do not consent to personalized advertising

Managing your advertising preferences:

  • iOS: Settings → Privacy & Security → Tracking → Disable tracking; Settings → Privacy → Advertising → Limit Ad Tracking
  • Android: Settings → Google → Ads → Opt out of Ads Personalization or Reset advertising ID
  • In-app: Settings → Support & Legal → Privacy Controls → Ad Personalization

We may also permit certain third-party advertising partners to collect and use data about User activities on the Services. These companies may deliver ads that might place cookies and otherwise track User behavior for the purpose of delivering targeted advertising.

If you would like more information about your choices to opt-in or opt-out of this data collection, please visit:

Social media features

Our Services may include social media features, such as the Facebook and Twitter buttons, Share This buttons, etc (collectively, "Social Media Features"). These Social Media Features may collect your IP address, what page you are visiting on our Services, and may set a cookie to enable Social Media Features to function properly. Social Media Features are hosted either by their respective providers or directly on our Services. Your interactions with these Social Media Features are governed by the privacy policy of their respective providers.

We may also allow you to connect your Flirty account with social media accounts (such as Facebook, Instagram, Google) for authentication or profile enhancement purposes. When you connect a social media account:

  • We may access basic profile information (name, profile photo, email) from that platform
  • We do not post to your social media accounts without your explicit permission
  • You can disconnect social media accounts at any time through Settings
  • Data sharing is governed by both our privacy policy and the social media platform's privacy policy

Email marketing

We offer electronic newsletters to which you may voluntarily subscribe at any time. We are committed to keeping your email address confidential and will not disclose your email address to any third parties except as allowed in the information use and processing section or for the purposes of utilizing a third-party provider to send such emails. We will maintain the information sent via email in accordance with applicable laws and regulations.

We use SendGrid (Twilio Inc.) to send transactional emails such as account verification, password resets, and important service notifications. These are essential communications required for the operation of your account and cannot be unsubscribed from while your account is active.

In compliance with the CAN-SPAM Act, all emails sent from us will clearly state who the email is from and provide clear information on how to contact the sender. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us at privacy@flirtyapp.com. However, you will continue to receive essential transactional emails related to your account and services.

Push notifications

We offer push notifications to which you may also voluntarily subscribe at any time. To make sure push notifications reach the correct devices, we use Firebase Cloud Messaging (FCM), a third-party push notifications provider who relies on a device token unique to your device which is issued by the operating system of your device. While it is possible to access a list of device tokens, they will not reveal your identity, your unique device ID, or your contact information to us or our third-party push notifications provider.

Types of push notifications we send:

  • New messages from matches
  • New match notifications
  • Profile activity alerts
  • Important account and security notifications
  • App updates and feature announcements

We will maintain the information sent via push notifications in accordance with applicable laws and regulations. If, at any time, you wish to stop receiving push notifications, you can:

  • Adjust your device notification settings (Settings → Notifications → Flirty)
  • Adjust in-app notification preferences (Settings → Notifications)
  • Disable specific notification types while keeping others enabled

The Services contain links to other resources that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other resources or third parties. We encourage you to be aware when you leave the Services and to read the privacy statements of each and every resource that may collect Personal Information.

Information security

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in our control and custody.

Security measures we employ:

  • Encryption: All data transmitted between your device and our servers is encrypted using industry-standard protocols. Personal Information stored in our databases is also encrypted.
  • End-to-end message encryption: Private messages between users are protected with end-to-end encryption. This means only you and your chat partner can read message contents - we cannot access them.
  • Secure authentication: User passwords and authentication credentials are secured using industry-standard hashing and encryption methods.
  • Secure storage: On mobile devices, sensitive data is stored using your device's built-in secure storage with biometric protection when available.
  • App verification: We use security measures to verify that requests to our servers come from authentic app instances and not malicious sources.
  • Regular security assessments: We conduct regular security reviews and vulnerability testing.
  • Access controls: We maintain strict access controls and authentication requirements for our systems.
  • Data minimization: We collect only the information necessary to provide our Services.

However, no data transmission over the Internet or wireless network can be guaranteed to be 100% secure. Therefore, while we strive to protect your Personal Information, you acknowledge that (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity, and privacy of any and all information and data exchanged between you and the Services cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.

As the security of Personal Information depends in part on the security of the device you use to communicate with us and the security you use to protect your credentials, please take appropriate measures to protect this information. We recommend:

  • Using a strong, unique password for your Flirty account
  • Enabling biometric authentication if available on your device
  • Keeping your device operating system and Flirty app updated
  • Not sharing your account credentials with anyone
  • Being cautious about accessing your account on public Wi-Fi networks
  • Logging out when using shared devices

Data breach

In the event we become aware that the security of the Services has been compromised or Users' Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities.

In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the User as a result of the breach or if notice is otherwise required by law. When we do, we will:

  • Send you an email notification to the email address associated with your account
  • Provide information about what data was affected
  • Explain what steps we are taking to address the breach
  • Recommend actions you can take to protect yourself

Notification timeline:

  • EU/EEA/UK users (GDPR): Within 72 hours of becoming aware of the breach
  • California users (CCPA): Without unreasonable delay
  • Other users: As required by applicable law or within a reasonable timeframe

We maintain an incident response plan and conduct regular security assessments to minimize the risk of data breaches. If you suspect unauthorized access to your account, please contact us immediately at security@flirtyapp.com.

Changes and amendments

We reserve the right to modify this Policy or its terms related to the Services at any time at our discretion. When we do, we will revise the updated date at the bottom of this page, post the new version on our website, and update the policy within the mobile application.

How we notify you of changes:

  • Update the "Last Updated" date at the bottom of this policy
  • Post a notice in the app for significant changes
  • Send an email notification for material changes that affect your rights
  • Require re-acceptance for substantial changes to data processing practices

An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your Personal Information in a manner materially different than what was stated at the time your Personal Information was collected.

We encourage you to review this Policy periodically to stay informed about how we are protecting your information. If you do not agree with any changes to this Policy, you should discontinue using the Services and delete your account.

Acceptance of this policy

You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Services and submitting your information you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to access or use the Services. This Policy forms part of the Terms of Service agreement between you and FLIRTY LTD.

Contacting us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below:

Privacy Inquiries:
Email: privacy@flirtyapp.com
Subject line: "Privacy Inquiry" or "Data Request"

Data Protection Officer:
Email: policy@flirtyapp.com

Security Issues:
Email: security@flirtyapp.com
For urgent security concerns only

General Support:
Email: support@flirtyapp.com
Contact form: https://flirtyapp.com/contact-us/

Company Information:
FLIRTY LTD
Company Registration: [Your company registration number]
Registered Address: [Your registered business address]

Response timeframes:

  • General privacy inquiries: Within 5 business days
  • Data subject access requests (GDPR): Within 30 days
  • California consumer requests (CCPA): Within 45 days
  • Security incidents: Immediate acknowledgment, full response within 24 hours

We will attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by applicable data protection laws.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority:

This document was last updated on January 15, 2025

Version: 2.0