Privacy Policy

1. Controller and Applicability

This Privacy Policy applies to users of TwistMeet accessing our services from Hong Kong, mainland China, and other regions worldwide.

Data Controller: TwistMeet

Contact Information:

• Email: [email protected]

2. Information We Collect

We collect the following categories of personal information to provide and improve our services:

2.1 Account Information

• Phone number (required for account creation and authentication)
• System username (automatically generated unique identifier)
• Password (encrypted and stored securely)
• Preferred language setting
• Account status

2.2 Profile Information

• Display username (your chosen name shown to other users)
• Emoji icon
• Date of birth (used to calculate age and zodiac sign)
• Bio description
• Gender
• Relationship status
• Living district (Hong Kong districts)
• Occupational status
• Education level
• MBTI personality type (optional, display-only)
• Zodiac sign (auto-calculated from birthday)
• Interests (multiple interests can be selected)

2.3 Device Information

• Device identifier (unique device ID)
• Push notification tokens
• Device operating system (iOS or Android)
• Device model
• Device language
• App version
• IP address
• Timezone

2.4 Messages and Communication

• Text messages sent through the app
• Images shared in conversations
• Voice messages
• Message timestamps and read status

2.5 Match Data

• Recommended profile results and ranking data
• Likes, invitations, and responses
• Match history and records
• Heartbeat requests and responses
• Daily match attempts
• Match preferences (age range, gender preference, etc.)
• Daily leave tracking

2.6 Reports and Moderation

• User reports against other users
• Report descriptions
• Evidence images uploaded with reports
• Report status and admin notes

2.7 Usage and Analytics

• App activity and interactions
• Login history and streaks (for achievements)
• Feature usage statistics
• Crash reports and error logs

2.8 Notifications

• Notification preferences
• Notification history
• Push notification delivery status

2.9 Subscriptions, Rewards, AI, and Advertising

• Active plan, subscription status, billing period, auto-renew status, and refund or revocation status
• Store purchase identifiers and purchase events from Apple App Store or Google Play
• Quota usage for likes, candidate lists, heartbeats, date invitations, saved openers, and AI generations
• Reward point balances, redemption history, redeem-code usage, trial grants, and boost credits
• AI bio request inputs, including selected language, tone, optional prompt, selected interests, and optional profile context
• AI reply request inputs, including recent chat context, optional prompt, language or locale, and selected tone
• Advertising eligibility, ad display, click, and impression data for Free-user banner ads

3. Purpose of Collection and Use

We use your personal information for the following purposes:

3.1 Service Provision

• Create and manage your account
• Authenticate your identity
• Provide recommended profiles based on your interests, gender preference, age, location, and other profile signals
• Display selected profile information to other users before a mutual match is created
• Enable communication between matched users after mutual choice
• Deliver push notifications
• Track and display achievements

3.2 Matching and Communication

• Generate and rank recommended profiles based on your preferences and compatibility signals
• Manage likes, invitations, responses, match creation, and match expiration
• Facilitate messaging and communication after a match is created
• Manage match expiration and extensions (heartbeat system)
• Track daily match attempts and limits

3.3 Safety and Moderation

• Review and process user reports
• Enable block lists and safety warnings
• Detect spam, scams, harassment, and other policy violations
• Enforce community guidelines
• Prevent fraud and abuse
• Ensure platform safety

3.4 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Maintain records for audit purposes
• Protect our rights and prevent illegal activities

3.5 Service Improvement

• Analyze usage patterns to improve app functionality
• Fix bugs and technical issues
• Develop new features
• Optimize matching algorithms based on anonymized preference and usage data

3.6 AI, Subscriptions, Rewards, and Advertising

• Generate optional AI-assisted profile bio suggestions and chat reply suggestions when you request them
• Enforce separate monthly AI generation quotas for bio suggestions and chat reply suggestions
• Manage paid plans, trials, cancellations, refunds, entitlement status, and quota resets
• Manage daily check-in reward points, reward redemptions, redeem codes, and boost credits
• Show banner ads to Free users and keep paid plans ad-free where applicable
• Measure registration and app activity for product analytics and advertising attribution where allowed

4. Legal Bases for Processing

4.1 For Users in Hong Kong

We comply with the Personal Data (Privacy) Ordinance (PDPO) of Hong Kong. We collect, process, and use your data:

• For purposes directly related to the service you requested
• With your consent where required
• To fulfill our contractual obligations
• To comply with legal obligations
• For legitimate business interests (service improvement, security)

4.2 For Users in Mainland China

We comply with the Personal Information Protection Law (PIPL) of the People's Republic of China. We process your data based on:

• Your explicit consent
• Contractual necessity (to provide the service you requested)
• Legal obligations
• Legitimate interests (with proper safeguards)

For sensitive personal information, we obtain your separate, explicit consent before processing.

5. Data Sharing and Third-Party Services

5.1 Third-Party Service Providers

We may share limited data with trusted third-party platforms and infrastructure providers that help us operate, secure, and improve the service. These providers include categories such as:

• Authentication and notification platforms: Services from providers such as Google and Apple that support phone verification, account security, and push notifications.
• App marketplace and billing platforms: Services from providers such as Apple and Google that support subscription purchases, transaction validation, cancellation, refund, renewal, and entitlement reconciliation.
• AI model and cloud infrastructure platforms: Services from providers such as Alibaba AI-related platforms that support optional AI bio suggestions and AI chat reply suggestions when you choose to use those features.
• Analytics, attribution, and advertising support platforms: Services that help us understand app performance, measure registration and campaign activity where allowed, and show ads to Free users while keeping paid plans ad-free where applicable.
• Messaging, database, and hosting infrastructure providers: Services that help us deliver messages, store app data, host backend systems, and keep the service available.

5.2 Data Sharing Practices

• We do not sell your personal information to third parties
• We only share data with service providers necessary to operate the service
• All third-party service providers are contractually obligated to protect your data
• We require third parties to comply with applicable data protection laws

5.3 Data Encryption

• Data in transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
• Data at rest: Sensitive data stored in our databases is encrypted
• Messages: Messages are encrypted in transit and at rest using our messaging infrastructure. To maintain platform safety, automated systems may analyze message content and metadata to detect spam, scams, harassment, and other policy violations as described in our Terms of Service

6. Data Retention and Deletion

6.1 Retention Periods

We retain your personal information for the following periods:

• Active Account Data: Retained while your account is active and for 30 days after account deletion
• Profile Information: Deleted immediately upon account deletion
• Messages: Deleted immediately upon account deletion or match termination
• Match Records: Deleted immediately upon account deletion
• Device Information: Retained for 90 days after device is deactivated
• Usage Analytics: Aggregated and anonymized data may be retained for up to 2 years
• AI Requests: AI generation request logs and related usage records are retained only as needed to provide the feature, enforce quotas, troubleshoot abuse or errors, and meet audit requirements
• Subscription and Reward Records: Purchase events, trial grants, reward redemptions, refund records, and audit logs are retained as transaction or compliance records
• Legal and Audit Records: Retained for 7 years as required by law (reports, transaction records, compliance logs)

6.2 Deletion Process

When you delete your account, we will:

1. Immediately delete your profile information, messages, and match data
2. Remove your account from active user databases
3. Delete or anonymize device information within 90 days
4. Retain only data required by law (e.g., reports, audit logs) for the legally required period

7. Your Rights

You have the following rights regarding your personal information:

7.1 Right to Access

You can request access to the personal information we hold about you. Contact us at [email protected] to request your data.

7.2 Right to Correction

You can update your profile information directly in the app, or contact us to correct inaccurate data.

7.3 Right to Deletion

You can delete your account and associated data at any time (see Section 8 for details).

7.4 Right to Withdraw Consent

You can withdraw your consent for data processing at any time. Withdrawing consent may affect your ability to use certain features of the service.

7.5 Right to Data Portability

You can request a copy of your data in a machine-readable format. Contact us to make this request.

7.6 Right to Object

You can object to certain types of data processing. Contact us to discuss your concerns.

7.7 Right to Restrict Processing

You can request that we limit how we process your data in certain circumstances.

8. How to Delete Your Account

CRITICAL: Account deletion permanently removes your account and associated data. This action cannot be undone.

8.1 In-App Deletion Method

You can delete your account directly from the app:

1. Open the TwistMeet app
2. Go to Settings
3. Tap on Account
4. Tap on Delete Account
5. Confirm your decision

The app will automatically:

• Unmatch you from any active matches
• Delete your account via our API
• Clear all local data from your device

8.2 Alternative Deletion Method

If you cannot access the app, you can request account deletion by:

• Email: Send a deletion request to [email protected] with the subject line "Account Deletion Request"

Please include your phone number associated with your account for verification.

8.3 Deletion Timeline

• Immediate: Profile data, messages, matches, and user-generated content are deleted immediately
• Within 30 days: Account is removed from active user databases
• Within 90 days: Device information and analytics data are deleted or anonymized
• 7 years: Legal and audit records are retained as required by law

8.4 What Data is Retained

The following data may be retained for legal or compliance purposes:

• User reports and moderation records (for safety and legal compliance)
• Transaction records (if applicable)
• Audit logs (for security and compliance)
• Anonymized analytics data (cannot be linked to you)

9. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted.
• Access Controls: Only authorized personnel have access to personal data, and access is logged and monitored.
• Secure Servers: Our servers are hosted on secure cloud infrastructure with regular security updates.
• Authentication: We use secure authentication methods including JWT tokens with expiration.
• Regular Audits: We conduct regular security audits and vulnerability assessments.
• Incident Response: We have procedures in place to respond to security incidents and data breaches.

Despite our security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Cross-Border Data Transfer

Your personal information may be transferred to and stored on servers located outside your country of residence, including:

• Hong Kong
• Mainland China
• Other countries where our service providers operate

For users in mainland China, we comply with PIPL requirements for cross-border data transfers:

• We obtain your explicit consent before transferring data outside mainland China
• We use standard contractual clauses and security measures to protect transferred data
• We conduct security assessments as required by law

By using our service, you consent to the transfer of your information to these locations.

11. App Permissions

TwistMeet may request the following permissions on your device:

• Camera: Used to take photos for your profile or to share images in messages. You can deny this permission, but some features may not be available.
• Photo Library/Storage: Used to select and upload photos from your device. You can deny this permission.
• Notifications: Used to send you push notifications about likes, match responses, matches, messages, and app updates. You can disable notifications in your device settings.
• Network Access: Required for the app to function and communicate with our servers.

We do not request location permissions. Location data is not collected unless you explicitly provide it in your profile (e.g., living district selection).

12. Children's Privacy and Child Safety Standards

TwistMeet is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately, and we will delete such information.

TwistMeet has a zero-tolerance policy against Child Sexual Abuse and Exploitation (CSAE) and Child Sexual Abuse Material (CSAM). We follow applicable child safety laws and platform policies, including relevant app marketplace child safety requirements, to help maintain a safe environment.

If we detect or are alerted to confirmed CSAM, we will immediately report the incident and the associated user data to the relevant regional and national authorities, including the National Center for Missing and Exploited Children (NCMEC) or local equivalents. For full details on our child safety measures, please refer to Section 16 of our Terms of Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:

• Post the updated policy on this page with a new "Last Updated" date
• Notify you of material changes via in-app notification or email
• Require you to accept the updated policy before continuing to use the service (for significant changes)

Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

• Email: [email protected]

For account deletion requests, please use the methods described in Section 8.

15. Complaints

If you are not satisfied with how we handle your personal information, you have the right to file a complaint:

• Hong Kong: Office of the Privacy Commissioner for Personal Data (PCPD)
  Website: https://www.pcpd.org.hk
• Mainland China: Cyberspace Administration of China (CAC) or relevant local authorities