Blinder – Privacy Policy

Privacy Policy

This Privacy Policy explains how Blinder ("App", "Service") collects, uses, stores, and protects personal data when you use the Service.

1. Data Controller

NEW MILLENIUM 33 EOOD, Bulgaria, 8000 Burgas, zh.k. Meden Rudnik 102, is the data controller for Blinder.

Privacy contact: blinder.eu@gmail.com

2. Scope

This Policy applies to data processed through the mobile app, related backend services, and support communications.

3. Data We Collect

Account and authentication data

• Email address and authentication provider identifiers (Firebase Authentication)
• Sign-in data from Google or Apple through Firebase Authentication
• Email verification status and verification request metadata

Profile and discovery data

• Name, age, gender, bio, interests, city, country
• Profile photos and generated thumbnails
• Precise location (latitude and longitude), obtained via GPS or manual city selection, used for nearby user discovery, approximate distance to other users, place suggestions (e.g. for date planning), and better recommendations in the app

Chat and in-app content

• Messages, replies, edits, delivery status, and timestamps
• Daily answers and in-app game interactions (for example, Guess Me and Questions)
• Content submitted for AI features (for example, date planning context and message context)

Purchases and entitlements

• Transaction identifiers, purchase tokens/receipts, claim and restore records needed to validate purchases and provide entitlements

Reports and safety

• When you report another user, we store: your user ID, the reported user's ID, report category (e.g. harassment, scam, fake profile, underage), optional details you provide, and related context (e.g. chat ID, message ID) for review and moderation
• This data is used to investigate abuse, enforce our Terms, and protect users

Notifications and settings

• Push tokens (Expo/FCM) and notification preferences
• Device-level notification payloads may contain sender name, chat identifier, and short message preview
• Your blocked-users list is stored on our servers (Firestore) and syncs across your devices; we may also cache it locally for performance

Technical data

• App and device diagnostics, error logs, and performance-related data
• Analytics events may be processed if analytics is enabled in your app configuration

4. How We Use Data

• Provide and maintain core app functionality (sign-in, profile, matching, messaging, games)
• Provide location-based features (nearby users, approximate distance, place suggestions, personalised date plans and recommendations)
• Run AI features and return AI-generated suggestions
• Process and validate in-app purchases, prevent fraud, and prevent transaction replay/reuse
• Deliver service and security communications (verification, account, and push notifications)
• Protect users, enforce rules, and improve reliability and security of the Service

5. Legal Bases (GDPR)

• Contract: processing necessary to provide the Service you request
• Consent: optional permissions (for example, location and notifications)
• Legitimate interests: security, anti-abuse, fraud prevention, and service quality
• Legal obligations: compliance obligations related to accounting, tax, and consumer law, where applicable

6. Third-Party Processors and Services

• Firebase (Google): authentication, Firestore database, Storage, Cloud Functions, and push token handling
• OpenAI: AI request processing through secure backend proxy endpoints. We send only the user-provided text and context needed for the feature (e.g. date planning, message suggestions); we do not use AI data for advertising or share it with third parties for marketing.
• Google Places: place search and location query processing through secure backend proxy endpoints
• Apple App Store / Google Play: in-app purchase processing and store-side transaction handling
• SMTP provider: email delivery for verification flows
• Expo/FCM infrastructure: push notification delivery

We do not sell personal data. We do not use your data for advertising or third-party marketing. We do not share your data with third parties for their advertising or cross-app tracking purposes.

7. International Transfers

Some service providers process data in countries outside your country of residence. Where required, we rely on recognized legal safeguards for international transfers.

8. Data Retention

We keep data for as long as your account is active and as needed to provide the Service. If you request account deletion, we apply the deletion process described on the Account Deletion page. Certain records may be retained where required by law or for legitimate security and anti-fraud purposes. Backup copies may persist for a limited period (for example up to 30–90 days) before automatic overwrite or deletion cycles complete.

9. Your Rights

If you are in the EEA/UK (and in similar jurisdictions where applicable), you may have rights to access, correct, delete, restrict, object, and request portability of your personal data. You may also withdraw consent where processing is based on consent. You have the right to lodge a complaint with a supervisory authority (for example in your country of residence or in Bulgaria, where the data controller is established).

To submit a privacy request, contact blinder.eu@gmail.com.

10. Security

We apply technical and organizational measures intended to protect your personal data, including access controls, platform security rules, and authenticated backend processing. No system can guarantee absolute security.

11. Children and Age Requirement

The Service is not intended for anyone under 18 years of age. Blinder enforces an 18+ age requirement in the app. If you believe someone under 18 has provided personal data, contact us so we can investigate and take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will publish the updated version with a revised effective date.