Privacy Policy

Last updated: March 31, 2026

01

Who we are

Date Cards is a dating app developed and operated by Date Cards, based in Brussels, Belgium. This privacy policy applies to the Date Cards waitlist website at getdatecards.com and the Date Cards mobile application (iOS and Android).

Date Cards is the data controller for all personal data described in this policy. For any privacy-related questions or requests, contact us at hello@getdatecards.com.

02

What we collect

Waitlist (website):

  • Your email address
  • Your language preference (EN, FR, or NL)
  • Your referral code (if you joined via a friend's link)

Mobile app (upon launch):

  • Profile information you choose to provide (first name, age, photos)
  • Location (only when using the venue picker — never in the background)
  • Device token for push notifications (via Firebase Cloud Messaging)
  • In-app activity (date card proposals, responses, matches)

We do not collect sensitive categories of personal data (health, biometric, racial/ethnic origin, political opinions, etc.).

03

Why we collect it

  • To send you a confirmation email when you join the waitlist
  • To notify you when Date Cards launches
  • To track referral credits so we can reward you on launch day
  • To deliver push notifications for date card activity (app only)
  • To improve the app through aggregated, anonymised analytics

Legal basis (GDPR Art. 6): Your explicit consent, given when you submit your email or create an account. You may withdraw consent at any time without consequence.

We do not use your data for advertising, behavioural profiling, or cross-app tracking. Your data is never sold.

04

App permissions

The Date Cards mobile app may request the following device permissions:

Notificationsto alert you when someone responds to your date card or sends you a message. You can disable this at any time in your device settings.

Location (optional)only when you open the venue picker, to show you nearby places. We never access your location in the background.

Camera / Photos (optional)only if you choose to add a profile photo. We never access your camera or photo library without your action.

All permissions are optional where possible. Refusing a permission may limit certain features but will not prevent you from using the core app.

05

Who we share your data with

We use a small number of trusted sub-processors to operate the service:

Supabasedatabase and authentication, hosted in the EU (Frankfurt, Germany). Stores your account and activity data.

Resendtransactional email service. Your email is transmitted to send confirmations and notifications only.

Firebase Cloud Messaging (Google)push notification delivery. Only your device token is shared — no personal data.

PostHogprivacy-friendly analytics, EU servers. Used only in aggregate. No personal data is shared if you decline cookies.

Hetzner (EU)infrastructure for our face-verification feature (upon app launch). Images are processed and immediately discarded — not stored.

All sub-processors are bound by data processing agreements compliant with GDPR. We do not share your data with advertisers, data brokers, or any third party not listed above.

06

Data security

We take the security of your personal data seriously:

  • All data is encrypted in transit (TLS 1.2+)
  • Data at rest is encrypted by our database provider (Supabase/PostgreSQL)
  • Access to production data is restricted to authorised team members only
  • We conduct regular security reviews of our infrastructure and dependencies

In the event of a data breach that affects your rights, we will notify you and the Belgian Data Protection Authority (GBA/APD) within 72 hours, as required by GDPR.

07

How long we keep your data

Waitlist data is kept until Date Cards launches or until you ask us to delete it — whichever comes first. We will not retain waitlist data for more than 2 years.

App account data is kept for as long as your account is active. If you delete your account, your personal data is permanently deleted within 30 days, except where retention is required by law.

08

Children's privacy

Date Cards is strictly for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that a user is under 18, we will immediately delete their data and close their account.

If you believe a minor has registered on Date Cards, please contact us at hello@getdatecards.com so we can take action immediately.

09

Your rights (GDPR)

You have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Restriction — limit how we process your data in certain circumstances
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — at any time, without affecting prior processing
  • Lodge a complaint with the Belgian Data Protection Authority (GBA/APD) at dataprotectionauthority.be

To exercise any of these rights, email hello@getdatecards.com. We will respond within 30 days.

10

Data location & transfers

All personal data is stored and processed within the European Union. Our primary database is hosted by Supabase in Frankfurt, Germany. We do not transfer personal data to countries outside the EU/EEA.

Firebase Cloud Messaging (Google) may process device tokens on Google servers, which may be located outside the EU. This processing is governed by Google's standard contractual clauses under GDPR Art. 46.

11

Changes to this policy

If we make material changes to this policy, we will notify waitlist members and app users by email at least 14 days before the changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

The latest version of this policy is always available at getdatecards.com/privacy.

← Back to Date CardsTerms of Use →