How Ndolo Protects Your Data

1. Who We Are

Ndolo ("we," "our," or "us") is a dating application designed for the African diaspora community. Our platform helps people connect with others who share their cultural heritage, values, and background.

This Privacy Policy applies to the Ndolo mobile application available on iOS and Android (the "App") and our website at ndolo.app (the "Site"). By using Ndolo, you agree to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide Directly

When you create or update your Ndolo profile, we collect:

• Account details: Name, email address, date of birth, and password.
• Profile information: Gender, photos (up to 6), bio, height, body type, marital status, children, zodiac sign, languages spoken, and what you're looking for.
• Cultural & heritage information: Country of origin, tribe or ethnic group, religion, diaspora status, current city and country. This heritage data is the core of our matching algorithm — we collect it only with your explicit consent.
• Preferences: Preferred age range, gender, distance, discovery mode (Local, Heritage, or Global Diaspora), preferred countries and tribes for matching.
• Messages and media: Text messages, photos, voice recordings, GIFs, and videos exchanged in chats. Voice introductions attached to your profile.
• Icebreaker messages: Pre-match direct messages you send or receive, including associated coin transaction records.
• Verification photos: If you choose to verify your profile, we collect a selfie for comparison against your profile photos.
• Payment information: When you purchase coins or a premium subscription, payment is processed by our third-party payment provider. We do not store full card numbers.
• Reports and communications: If you contact support or file a report about another user, we retain those communications.

2.2 Information Collected Automatically

• Location data: With your permission, we collect your approximate GPS coordinates to calculate distances to other users and power location-based discovery. You can disable this in your device settings at any time.
• Device information: Operating system, device type, app version, push notification token, and unique device identifiers.
• Usage data: Which screens you visit, features you use, swipe history, and in-app activity timestamps. This helps us understand engagement and improve the product.
• Last active status: The timestamp of your most recent app activity, used to display "last seen" information to potential matches. You can hide this in your privacy settings.
• Log data: IP addresses, crash reports, and error logs collected for security and debugging purposes.

2.3 Information from Third Parties

If you sign in via a third-party service (e.g., Sign in with Apple, Google) we receive your name and email address from that provider. We do not receive or store your third-party passwords.

3. How We Use Your Information

We use the information we collect to:

• Provide and improve the App: Power the matching algorithm, display your profile to compatible users, and enable you to send and receive messages.
• Personalize your experience: Rank potential matches by heritage score, location, and activity to surface the most relevant profiles in your discovery feed.
• Process transactions: Deduct coins when you send icebreakers, process premium subscription payments, and maintain your transaction history.
• Send notifications: Alert you to new matches, messages, and activity in the App. You can manage notification preferences in your device settings.
• Safety and moderation: Review reports, investigate violations of our Terms of Service, take action against abusive accounts, and protect the community.
• Analytics and research: Understand how features are used, measure the performance of the matching algorithm, and prioritize future improvements.
• Legal compliance: Fulfill our legal obligations, respond to lawful requests from authorities, and enforce our agreements.

3.1 Heritage & Cultural Data

Information about your country of origin, tribe, religion, and diaspora status is sensitive. We use this data exclusively to power the heritage matching algorithm. We do not use it to make eligibility decisions, target advertising, or share it with advertising partners. This data is always stored encrypted at rest.

4. How We Share Information

We do not sell your personal data. We share information only in the following limited circumstances:

4.1 With Other Users

Your public profile (name, photos, bio, age, cultural identity, interests) is visible to other users in the discovery feed. Your location is never shared as a precise coordinate — only a general distance (e.g., "12 km away") is displayed. Messages you send are visible only to the recipient.

4.2 Service Providers

We share data with trusted third-party service providers who help us operate the App, under strict confidentiality agreements:

• Supabase: Database hosting, authentication, real-time messaging, and file storage (profile photos, voice messages).
• Expo / EAS: App build and distribution services.
• Payment processors: To handle coin purchases and premium subscriptions. They are independently PCI-DSS compliant.
• Analytics providers: Anonymized or aggregated usage statistics only.
• Apple / Google: Push notification delivery infrastructure.

4.3 Legal Requirements

We may disclose your information when required by applicable law, regulation, legal process, or governmental request — or to protect the rights, property, or safety of Ndolo, our users, or the public.

4.4 Business Transfers

If Ndolo is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services.

• Account data: Retained until you delete your account.
• Chat messages: Stored until deleted by you in-app (for "Delete for Me") or by either party (for "Delete for Everyone"). View-once media is automatically deleted after being opened.
• Icebreaker messages: Retained for 90 days after the match is created or until the account is deleted.
• Transaction history: Coin and payment records are retained for 7 years for financial record-keeping compliance.
• Safety records: Reports and associated data related to abuse, harassment, or violations may be retained beyond account deletion for safety purposes.
• Verification photos: Deleted within 30 days of verification review completion.

When you delete your account, we initiate deletion of your profile, photos, messages, and heritage data within 30 days, except where retention is required for legal or safety reasons.

6. Your Rights & Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate profile information directly in the App at any time.
• Deletion: Delete your account (and most associated data) from your Profile settings, or by emailing privacy@ndolo.app.
• Portability: Request an export of your data in a portable format.
• Restriction: Request that we limit how we use your data in specific circumstances.
• Objection: Object to certain processing, including direct marketing.
• Withdraw consent: Revoke location access or notification permissions at any time through your device settings.

6.1 Visibility Settings

You can control the following directly within the App:

• Pause your discovery profile (make yourself invisible to new people)
• Hide your "last seen" / online status
• Block specific users from seeing your profile or contacting you

7. Security

We take the security of your data seriously. We employ industry-standard measures including:

• TLS encryption for all data in transit between the App and our servers.
• Encryption at rest for all database records, including sensitive heritage data.
• Row Level Security (RLS) on our database, ensuring users can only access their own data.
• Secure, server-side RPC functions for sensitive operations (coin transactions, match creation) that cannot be bypassed client-side.
• No direct client access to the database — all reads and writes are authenticated and authorized server-side.

No method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately at security@ndolo.app.

8. International Data Transfers

Ndolo serves users globally, including across Africa and the African diaspora. Your data may be processed in countries outside your country of residence, including the United States, where our infrastructure providers are located.

Where we transfer data from the EEA to countries that the European Commission has not deemed to provide adequate protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs).

9. Children's Privacy

Ndolo is intended exclusively for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a user under 18, we will delete that account and its associated data immediately.

If you believe a minor has created an account, please report it to safety@ndolo.app.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via an in-app notification and update the "Last Updated" date at the top of this page. Your continued use of Ndolo after changes take effect constitutes your acceptance of the revised policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• 📧 Email: privacy@ndolo.app
• 🌐 Website: ndolo.app
• 📮 Mail: Ndolo, Privacy Team, [Your Business Address]