Privacy Policy
Last updated: May 24, 2026
Information We Collect
We collect information you provide directly (name, age, photos, prompts, preferences), information generated automatically (device information, usage patterns, IP address, approximate location when you grant permission), and information needed for identity verification (selfie photo and government-issued ID images, stored in a private bucket and accessible only to our review team).
How We Use Your Data
To provide and improve the service, surface relevant profiles, process payments, send notifications, ensure platform safety, prevent fraud, and comply with legal obligations. We do not sell your personal data to third parties.
Profile Visibility
Your profile is visible to other users based on your privacy settings. You control visibility through Private Mode, Ghost Mode, and Incognito features. You can block specific users at any time.
Data Storage
Your data is stored on Supabase (Postgres + Storage) with row-level security and encryption at rest. Photos and messages live on geo-redundant cloud infrastructure. Identity verification photos are stored in a private bucket inaccessible to other users.
Third-Party Services
We use Supabase for authentication, database, and storage; Stripe for payment processing and identity verification; Sentry for error monitoring (with PII scrubbing enabled); Sightengine for image moderation; standard SMS providers for OTP verification; and Google and Apple as optional OAuth sign-in providers (we receive only your basic profile fields — email, given name, profile picture — and never your Google or Apple account password). Each third party has its own privacy policy.
Push Notifications
If you grant permission, we deliver push notifications for messages, matches, profile likes, gifts, post activity, and reminders. To send these we store a push-subscription endpoint provided by your browser or device's notification service (Web Push, Apple Push Notification service, or Firebase Cloud Messaging) and a public key tied to your installation. You can revoke notifications at any time from your browser or device settings; we delete the corresponding subscription record on the next failed delivery. We do not include sensitive content in push payloads beyond the sender's first name and a short preview of the message or event.
Identity Verification & Biometric Data
When you verify your identity, the selfie and government-issued ID document are uploaded to and processed by Stripe Identity, our identity-verification provider. SugaSuga does not retain copies of your ID document or selfie on our servers — Stripe stores the images for the period required by their data-retention policy. We receive only the verification result (verified / not verified), the document type, the issuing country, the last few digits of the document number, and the date of birth extracted by Stripe.
When you delete your account, we additionally instruct Stripe to redact the personal information from your verification session, so the ID and selfie images are scrubbed on Stripe's side as well.
Biometric data (your selfie compared against your ID photo) is processed solely for the purpose of verifying that you are the person on the ID and that you are 18 or older. We do not use biometric data for any other purpose, do not sell it, and do not retain it on our servers.
Illinois Biometric Information Privacy Act (BIPA) Notice
If you are a resident of Illinois, please read this section carefully. Under the Illinois Biometric Information Privacy Act (740 ILCS 14), we are required to notify you about, and obtain your written consent before, collecting biometric identifiers.
What we collect: When you complete identity verification, our system extracts a numerical "face fingerprint" (a one-way mathematical representation of facial features, technically called a face embedding) from your selfie. The fingerprint is not a photograph and cannot be reversed back into an image of your face.
Purpose: We use this fingerprint solely to (1) confirm that subsequent photo uploads on your profile are of the same person who passed initial verification, and (2) prevent fraud, impersonation, and account takeover.
Retention: Your face fingerprint is retained until you delete your account, or for three (3) years from your last interaction with SugaSuga, whichever comes first. After that period, the fingerprint is permanently destroyed.
No third-party sharing: We never sell, lease, trade, or otherwise profit from your biometric data. The fingerprint never leaves our infrastructure except as required by valid legal process.
Your consent: Before your first selfie capture, the app displays an in-app consent screen requiring you to explicitly opt in. If you do not consent, you cannot complete identity verification, but you may still use the app in unverified mode where allowed. You may withdraw consent at any time by deleting your account, which immediately purges the fingerprint.
Your Rights
You have the right to access, update, export, and delete your personal data. You can delete your account in-app via Settings > Delete Account, or request deletion at /delete-account without installing the app. We process deletion requests within 30 days.
California Privacy Rights (CCPA / CPRA)
California residents have additional rights, including the right to know what personal information is collected, request deletion, request correction, opt out of sale or sharing, and limit use of sensitive personal information. SugaSuga does not sell or share your personal information for cross-context behavioural advertising. To exercise your rights, email admin@sugasuga.co with the subject "CCPA Request" or use the in-app deletion flow. We will respond within 45 days and will not discriminate against you for exercising any privacy right.
EU/UK Privacy Rights (GDPR / UK GDPR)
The data controller for users in the European Economic Area, United Kingdom, and Switzerland is SugaSuga (contact: admin@sugasuga.co). You have the right to access, rectify, erase, restrict processing of, port, and object to processing of your personal data, and to withdraw consent at any time. You may lodge a complaint with your local supervisory authority. Our legal bases are: performance of contract (Art. 6(1)(b)) for service delivery; legitimate interests (Art. 6(1)(f)) for safety, fraud prevention, and platform security; and consent (Art. 6(1)(a)) for optional marketing.
Data Retention
Active account data is retained while your account is open. Identity verification photos are deleted automatically 90 days after submission. Transaction and financial records are retained for the period required by law (typically 7 years). Deleted account data is purged within 30 days, except records we are legally required to retain.
Cookies & Local Storage
We use local storage and IndexedDB to keep you signed in and cache parts of the app for offline use. We do not use third-party advertising cookies.
Children
SugaSuga is strictly for users 18 and older. We do not knowingly collect data from anyone under 18. If you believe we have, contact us and we will delete it immediately.
International Transfers
Your data may be processed in countries other than your own. We use service providers that comply with applicable data-transfer frameworks.
Changes
We may update this policy from time to time. Material changes will be announced in-app at least 30 days before they take effect.
Contact
For privacy questions or to exercise your rights, contact admin@sugasuga.co.