Privacy Policy

01 Data Controller

The supervisory authority responsible for data protection complaints is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany.

02 Data We Collect

We collect only what is necessary to provide and improve the service:

• Account data — name or display name, email address, date of birth (for age verification), profile photo
• Profile content — bio, screening question, interests, and any other information you voluntarily add
• Messages and communications — direct messages, group conversations, and related metadata (timestamps, read receipts)
• Location data — when you enable the Discover Nearby feature, your device's coordinates are sent to our server and stored against your account only to compute distance to other users. Other users never see your exact coordinates — only an approximate distance.
• Usage data — feature interactions inside the iOS app (e.g. when you start a conversation, send a message, join an activity, complete a vibe check) along with crash/error logs. Used to understand which parts of the product work and where people get stuck. Sent to our analytics processor PostHog (see Section 6); event properties carry resource identifiers but never message content, names, email addresses, or precise coordinates.
• Device data — device type, OS version, and push notification token (for delivering notifications)
• Verification data — a selfie photograph and a short selfie video processed during account setup for identity verification. Both the photograph and the video are then retained as your profile media for up to 365 days (and rotated when you upload a new selfie), and deleted on account closure.

Browser storage on this website. When you visit notadating.app we save your selected language in your browser's localStorage under the key nada-lang. This stays on your device, is not sent to any server, and you can clear it at any time via your browser's site-data settings. We do not set cookies, and we do not load analytics or advertising scripts.

03 How We Use Your Data

• To create and manage your account
• To enable connections, messaging, and all core app features
• To power the Discover Nearby feature based on approximate location
• To send notifications relevant to your activity (new connections, messages, activities)
• To detect and prevent fraud, abuse, spam, and violations of our Terms
• To maintain, improve, and debug the service
• To comply with legal obligations

We do not use your data for advertising. We do not sell your data. We do not build profiles for third-party marketing.

04 Legal Basis (GDPR Art. 6)

• Contract performance (Art. 6(1)(b)) — account creation, messaging, and core service features
• Consent (Art. 6(1)(a)) — location access, push notifications, optional profile fields
• Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, crash reporting, and service improvement
• Legal obligation (Art. 6(1)(c)) — compliance with applicable German and EU law

05 Data Storage & International Transfers

All personal data is stored exclusively on servers located in Germany (EU), operated by Amazon Web Services (AWS). We do not transfer your personal data outside the European Union. All data processing complies with GDPR requirements.

06 Third-Party Processors

We use a limited number of processors to operate the service, all bound by data processing agreements:

• Amazon Web Services (AWS) — cloud infrastructure and storage (EU region)
• Apple Inc. — push notification delivery (Apple Push Notification Service) and app distribution
• Amazon Rekognition — one-time selfie verification during account setup (image not stored post-verification)
• Mistral AI (EU-based, France) — (1) automated moderation of free-text answers to help keep the service safe, and (2) speech-to-text transcription of voice messages via Mistral Voxtral. Only the answer text or the audio bytes are processed; we do not send identifiers, profile data, or the original filename of the recording.
• PostHog — product analytics for the iOS app, hosted on PostHog's EU Cloud (data stored in EU regions). We send PostHog: your user identifier, the names of features you use (e.g. vibe_check_created, message_sent, activity_joined), and identifiers of the resources those events reference (e.g. conversation_id, vibe_check_id, activity_id). We never send PostHog: message content, voice transcripts, names, email addresses, exact coordinates, or photos. Used to understand which parts of the app are working and where people get stuck. Session replay (UI recording) is off. Bound by a Data Processing Agreement.

We do not share your data with any other third parties for their own purposes. The processors above act only on our instructions under written data-processing agreements. We do not sell your data, and we do not use cross-app or cross-website tracking SDKs — the PostHog usage described above is first-party analytics for our own product only.

07 Data Retention

• Account data — retained for the duration of your account, then deleted within 30 days of account closure
• Messages — retained while your account is active; deleted on account closure
• Location data — your most recent coordinates are retained while your account is active and overwritten each time you update your location; the row is deleted on account closure
• Usage and crash logs — retained for up to 90 days on our own servers for debugging purposes, then deleted. The product-analytics events we send to PostHog are retained on PostHog's EU infrastructure for up to 12 months and then automatically expired. If you delete your account, we send PostHog a request to also delete the events linked to your user id.
• Verification photo and video — retained as your profile media for up to 365 days, rotated when you upload a new selfie, deleted on account closure

We may retain certain data longer where required by law (e.g. legal hold, regulatory obligation), and only for the duration required.

08 Push Notifications

With your permission, nada sends push notifications via Apple Push Notification Service (APNs). Notifications may include alerts for new messages, connection requests, and activity updates. You can manage or disable notifications at any time in your device settings or within the app under Settings → Notifications.

09 Automated Decision-Making

nada does not use automated decision-making or profiling as defined in Art. 22 GDPR that produces legal or similarly significant effects on you. The screening and connection system requires active human choices by both parties. No algorithmic ranking or recommendation system determines who you see or who can contact you.

10 Your Rights

Under GDPR, you have the following rights. Contact us at hello@nada.bond to exercise any of them — we respond within 30 days.

11 Changes to This Policy

We may update this Privacy Policy as the service evolves or as required by law. We will notify you of material changes via the app or by email at least 14 days before they take effect. The current version is always available at nada.bond/privacy.

12 Contact