Privacy Policy

1. Our Commitment to Privacy

Companion is built on the principle that meaningful connections require trust, and trust requires transparency. We are designed for people who value genuine relationships and a calm, pressure-free experience — and we bring that same philosophy to how we handle your data.

We collect only what is necessary to make Companion work, we do not sell your data, and we give you full control over what you share and how it is used.

2. Information We Collect

Information You Provide

• Email address — Used for account creation and sign-in via magic link. Never visible to other users.
• Profile information — Display name, date of birth, gender, bio, country, and state/region.
• Preferences — Intents (e.g. coffee, travel, friendship), gender preferences, age range, and max distance.
• Lifestyle & Hobbies — Optional traits and hobbies you choose to share to improve matching.
• Profile photos — Images you upload to your profile. Stored securely and shown only to other users within the app.
• Messages — Content of conversations between matched users. These are private and not used for advertising.

Information Collected Automatically

• IP Address — Used temporarily to detect your country at sign-up for location verification. Not stored long-term.
• Authentication session data — Secure tokens stored in browser cookies to keep you signed in.
• Usage data — Basic technical logs (e.g. error reports) to maintain app stability. No behavioural tracking or profiling.

Information We Do NOT Collect

• Precise GPS location or real-time location tracking
• Browsing history or cross-site tracking data
• Read receipts, typing indicators, or online status
• Social media profiles or third-party account data (we only use email sign-in)

3. How We Use Your Information

We use your information solely to:

• Create and maintain your account and profile
• Suggest compatible profiles based on your age, gender preferences, intents, and preferences
• Enable private messaging between mutually matched users
• Send important transactional emails (e.g. magic link, match notifications if enabled)
• Process subscription payments and manage your billing
• Keep the app secure and investigate reports of abuse or violations
• Comply with our legal obligations

We do not use your data for advertising, profiling for third parties, or any purpose beyond operating Companion.

4. Cookies & Session Storage

What Cookies We Use

Companion uses only strictly necessary cookies. We do not use advertising, analytics, or tracking cookies.

Because we use only strictly necessary cookies, a cookie consent banner may not be required in many jurisdictions, including under GDPR when no non-essential cookies are used. You remain in full control — you can clear your cookies at any time through your browser settings, which may sign you out of the app.

5. How We Store & Protect Your Data

• Database — Your profile and match data is stored with Supabase, hosted on secure, encrypted PostgreSQL databases with row-level access control.
• Photos — Profile images are stored in Backblaze B2 cloud storage with private access controls. Photos are never publicly indexed.
• Encryption — All data is transmitted over HTTPS (TLS 1.2+). Passwords are never stored — we use passwordless magic link authentication.
• Access controls — Access to personal data is limited through technical and organizational controls. Other users can only see information you choose to include in your public profile.
• Data minimisation — We only store what is necessary to run the service.

6. Who We Share Your Data With

We do not sell, rent, or share your personal data with third parties for marketing. We work with a small number of trusted service providers:

• Supabase — Authentication provider and database host. Processes data under strict data protection agreements.
• Backblaze B2 — Cloud storage for profile photos. Files are private and accessed only within the app.
• Patreon — Payment processor for subscriptions. We share only the minimum billing information required. Their Privacy Policy applies to payment data.
• Brevo (Sendinblue) — Used to send transactional emails such as magic links and notifications. Only your email address is shared.

We may also disclose your data if required by law or to protect the safety of our users or the public.

7. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

Under GDPR (EU/EEA residents)

• Right to Access — Request a copy of all personal data we hold about you.
• Right to Rectification — Correct inaccurate or incomplete data. You can update your profile directly in the app.
• Right to Erasure — Request that we delete your account and associated data. You can delete your account in Settings at any time.
• Right to Portability — Request your data in a machine-readable format.
• Right to Object — Object to processing of your data in certain circumstances.
• Right to Restrict Processing — Ask us to pause how we use your data.

Under CCPA (California residents)

• Right to know what personal information is collected and how it is used
• Right to delete your personal information (subject to limited exceptions)
• Right to opt out of the sale of your personal information (we do not sell your data)
• Right to non-discrimination for exercising your rights

To exercise any of these rights, use the Help & Support section in the app or contact us directly.

8. Data Retention

• Your profile and account data is retained as long as your account is active.
• If you delete your account, your profile is soft-deleted and removed from discovery. You may request full permanent deletion of your data at any time.
• Messages associated with your account are deleted in accordance with our account deletion and retention processes.
• Profile photos are removed from storage when you delete your account or manually remove them.
• Anonymised usage logs may be retained for up to 90 days for security and debugging purposes.

9. Children's Privacy

Companion is intended exclusively for users aged 18 and over, with a focus on people 40+. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.

10. International Transfers

Companion is a global service. Your data may be processed and stored outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) as approved by the European Commission.

11. Changes to This Policy

• We may update this Privacy Policy from time to time. We will notify you of material changes via the app.
• Continued use of Companion after changes are posted constitutes your acceptance of the updated policy.
• The "Last Updated" date at the top of this page reflects the most recent revision.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please use the Help & Support section in the app. We aim to respond to all privacy-related requests within 30 days.