01 Who we are
Zylove is a dating application operated by Zylove, LLC, a Delaware limited liability company. When this policy refers to "Zylove," "we," "us," or "our," it means Zylove, LLC.
Zylove currently operates in Austin, Texas. Our app is available on iOS and Android. By using Zylove, you agree to the collection and use of information as described in this policy.
02 What we collect
We collect only what we need to operate the app and keep it safe.
Information you provide directly
| Data type | Examples | Required? |
|---|---|---|
| Phone number | Used for account authentication via SMS verification | Required |
| Profile information | First name, age, gender identity, photos, bio, dating intent | Required |
| Preferences | Attraction, relationship goals, dealbreakers, distance radius | Required |
| Lifestyle data | Habits, personality traits, love languages, weekend vibes | Optional |
| Sensitive attributes | Religion, political views, parental status | Optional |
| Messages | Chat content between matched users (end-to-end encrypted) | Mutual opt-in |
| Prompt answers | Responses to profile questions like "My non-negotiable is…" | Optional |
Information we collect automatically
| Data type | Purpose |
|---|---|
| Location (approximate) | Stored as a geohash to enable distance-based discovery. We do not store your precise GPS coordinates. |
| Device information | OS version, device type — used for crash reporting and compatibility |
| Usage data | App interactions used to improve matching and safety systems |
| Behavioral signals | How you treat other users — feeds our reputation scoring system |
Biometric data
Zylove uses your device's biometric authentication (Face ID or Touch ID) to verify your identity when switching between Spark and Play modes. We never store biometric data. Authentication is handled entirely by your device's operating system (Apple Secure Enclave / Android Keystore). Zylove receives only a pass/fail result.
Selfie & liveness verification
To verify that you are a real person and that your photos are authentic, Zylove may ask you to complete a liveness check — a short gesture-based prompt (such as blinking, turning your head, or smiling) captured by your front-facing camera. This process:
- Is required for full profile visibility and unlocks a "Verified" badge — unverified profiles have reduced discovery reach
- Captures a short video or image sequence for the sole purpose of liveness detection
- Is processed by our photo moderation provider (Sightengine) to confirm a live human is present
- Is not used for facial recognition or identity matching against external databases
- Verification media is stored separately from your profile photos, is never shown to other users, and is deleted within 90 days of verification
- A pass/fail result and verification timestamp are stored on your account
Photos
Photos you upload are stored securely in Google Firebase Storage and associated with your account. Selfie verification photos (if used) are stored separately and are not shown to other users — they are reviewed by our Trust & Safety team only.
03 How we use your data
To operate the app
- Create and maintain your profile
- Show your profile to compatible users in discovery feeds
- Calculate compatibility scores between users
- Enable matched users to communicate via encrypted chat
- Deliver your curated daily queue of 5 profiles
To keep Zylove safe
- Detect and remove fake profiles, spam, and abusive behavior
- Process reports and take action against violating accounts
- Run our behavioral reputation system — users who treat people well are rewarded
- Verify age (18+) before granting access to the platform
- Verify identity via selfie verification (optional but encouraged)
To power AI features
- Generate your bio using profile data sent to the Anthropic Claude API
- Provide AI-powered profile coaching and compatibility insights
- Generate personalized onboarding questions based on your profile
To process payments
Subscription purchases (Spark+, Play Pass, Elite) are processed by RevenueCat and the Apple App Store or Google Play Store. Zylove does not store your payment card information.
To communicate with you
- Send push notifications (match alerts, message notifications) — you control these
- Send transactional emails via Brevo (waitlist confirmation, account notices)
- Respond to support and safety inquiries
04 Third-party services
We use the following third-party services. Each has their own privacy policy.
| Service | Provider | What they receive |
|---|---|---|
| Firebase Auth | Phone number for SMS verification | |
| Firestore | Profile data, match data, messages (encrypted) | |
| Firebase Storage | Profile photos, verification photos | |
| Anthropic Claude API | Anthropic | Profile text for bio generation and coaching (no PII) |
| RevenueCat | RevenueCat, Inc. | Subscription status and purchase history |
| Brevo | Brevo SAS | Email address for transactional emails |
| Apple / Google | Platform stores | Payment processing for subscriptions |
05 Data sharing
With other users
Your public profile — name, age, photos, bio, intent, and any lifestyle data you choose to show — is visible to other Zylove users in discovery and on your profile. You control visibility toggles for most fields.
Your phone number, exact location, email address, and sensitive attributes (religion, politics) are never shown to other users unless you voluntarily include them in your bio.
With law enforcement
We may disclose your information to law enforcement or regulatory authorities if required by law, court order, or to prevent imminent harm. Tier 3 reports (involving minors, non-consensual content, or criminal activity) may trigger mandatory reporting obligations.
Business transfers
If Zylove is acquired, merges with another company, or transfers substantially all of its assets, your data may be transferred as part of that transaction. We will notify you via email or in-app notice before your data is subject to a different privacy policy.
06 Security
End-to-end encrypted messages
All messages between matched users are end-to-end encrypted using NaCl (TweetNaCl). Messages are encrypted on your device before transmission and can only be decrypted by the intended recipient. Zylove cannot read your messages.
Screenshot protection
Zylove blocks screenshots in sensitive areas of the app to protect your photos and conversations.
Biometric re-authentication
Switching between Spark and Play modes requires biometric verification every session. This protects your profile intent from being changed without your knowledge.
Infrastructure security
All data is stored in Google Firebase (SOC 2 Type II certified). Data in transit is encrypted via TLS 1.2+. Data at rest is encrypted by Google Cloud infrastructure.
07 Data retention
We retain your data for as long as your account is active. When you delete your account:
- Your profile is removed from discovery immediately
- Your photos are deleted from Firebase Storage within 30 days
- Your messages are soft-deleted immediately and permanently purged within 30 days
- Safety and moderation records may be retained for up to 2 years to prevent ban evasion
- Anonymized, aggregated data may be retained indefinitely for product improvement
Certain data may be retained longer if required by law or to resolve active disputes.
08 Your rights
You have the following rights regarding your personal data:
| Right | What it means | How to exercise it |
|---|---|---|
| Access | Request a copy of the data we hold about you | Email matthew@zylove.app |
| Correction | Fix inaccurate data in your profile | Edit directly in app |
| Deletion | Delete your account and associated data | Settings → Delete account in app, or email us |
| Portability | Export your data in a machine-readable format | Email matthew@zylove.app |
| Opt-out | Disable notifications, location, or AI features | Settings in app |
| Withdraw consent | Delete your account at any time, no questions asked | Settings → Delete account |
We respond to all data requests within 30 days.
09 Children
Zylove is strictly for users aged 18 and older. We do not knowingly collect personal information from anyone under 18. Age is verified during onboarding and enforced by our age consent screen.
If you believe a minor has created an account, please report it immediately via the in-app report function or by emailing matthew@zylove.app. We will investigate and remove the account within 24 hours.
Reporting suspected minor content triggers an immediate Tier 3 response — the account is suspended pending review and may be referred to law enforcement.
10 California residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know — what personal information we collect, use, and share
- Right to delete — request deletion of your personal information
- Right to opt-out — we do not sell personal information, so this right is automatically satisfied
- Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights
To exercise your CCPA rights, contact us at matthew@zylove.app with the subject line "CCPA Request."
11 Changes to this policy
We may update this Privacy Policy as Zylove grows and evolves. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Send an in-app notification to all active users
- For significant changes, require re-acknowledgment before continuing to use the app
Your continued use of Zylove after changes are posted constitutes your acceptance of the updated policy.
12 Contact us
Privacy questions, data requests, and security reports go directly to the founder:
We respond to all privacy inquiries within 5 business days. Urgent safety matters are addressed within 24 hours.