Privacy Policy

1. Who this policy applies to

This policy applies to the CheckInDate website, mobile apps, and related services unless a country-specific notice, in-app notice, or store-specific disclosure gives you additional or stronger rights.

CheckInDate is operated by Barış Durmaz as an individual developer. Privacy questions and data requests can be sent to privacy@checkindate.app, support questions to support@checkindate.app, and general business questions to info@checkindate.app.

2. Categories of data we process

We may process account and profile data such as your name, email address, date of birth, phone number if you provide it, profile text, preferences, photos, and related account settings.

We also process operational and safety-related data needed to run the service, including messages, blocks, reports, check-in and nearby settings, subscription status, device and session identifiers, support history, and verification-related records when you choose to verify your profile.

Message content is stored so conversations can be delivered, kept available in the app, and used if a safety, fraud, support, or legal issue needs to be investigated. CheckInDate does not routinely open or manually review private messages, but relevant message records may be accessed when reasonably necessary for those limited purposes.

• Account and identity details such as email address, date of birth, profile name, and login credentials or login tokens.
• Profile content such as photos, bio fields, preferences, lifestyle information, and visibility settings.
• Usage and service data such as check-in history, nearby settings, device/session identifiers, subscription status, and conversation records needed to operate messaging.
• Trust and safety data such as reports, blocks, verification outcomes, device-ban signals, and moderation history.

3. Why we use personal data

We use personal data to create and secure accounts, make profiles available to other eligible users, support nearby discovery and venue check-ins, deliver messaging features, process purchases and subscriptions, and keep your settings available across sessions.

We also use personal data for trust and safety purposes, including profile verification, fraud prevention, abuse detection, moderation, report handling, account enforcement, support operations, and compliance with applicable law.

• Operate account creation, sign-in, profile setup, and in-app preferences.
• Enable nearby discovery, venue check-ins, and distance-based rules.
• Support messaging, subscription handling, and customer support.
• Prevent abuse, investigate reports, apply account restrictions, and protect other users.

4. Location, contacts, verification, and analytics

When location permission is enabled, CheckInDate may process location while the app is in use to support nearby discovery, venue check-ins, and related distance rules. Other users are shown product-level signals such as venue presence or nearby availability rather than your raw coordinates.

If you use contact privacy, phone numbers from your contacts are normalized and hashed before upload so the app can help keep known contacts out of discovery. If you choose profile verification, the app may collect a fresh selfie and related verification results to decide whether a verified badge should be applied to your account.

The app may also record analytics events to understand product usage and improve reliability. Where required by law, analytics collection is tied to user consent rather than enabled automatically.

• Location is used while the app is in use for nearby mode, venue check-ins, distance validation, and related safety or functionality rules.
• Contact privacy currently works by hashing normalized phone numbers before upload rather than storing raw numbers for the matching filter.
• Profile verification currently uses a fresh in-app selfie flow and stores verification-related records linked to the account.
• Analytics collection is intended to follow consent settings where applicable.

5. Legal bases and sharing

Depending on where you are located and how you use the service, CheckInDate may rely on contract performance, legitimate interests, legal obligations, the protection of vital interests, and consent where consent is required for a feature or processing activity.

We may share personal data with service providers that support hosting, storage, authentication, messaging, subscriptions, support, security, or analytics, with app store or payment partners when you purchase paid features, with legal advisers or authorities when required, and with other users only to the extent the service requires.

The main third-party processors we currently rely on are listed below. Each acts only on our instructions and under contractual data-protection terms, and processes personal data solely to deliver the service.

• Supabase — primary application database, authentication, realtime messaging infrastructure, file storage for profile photos, and edge functions. Data is hosted in EU data centres (Ireland and Stockholm).
• Apple and Google — app store distribution, in-app purchase processing, subscription billing, and receipt validation for paid features.
• Google Sign-In and Apple Sign-In — optional social login; only the identifier and basic profile information needed to create or match an account is received.
• Google Places — venue search and check-in location metadata when you look up or confirm a venue.
• Cloudflare — edge CDN, DNS, bot protection (Turnstile CAPTCHA), and Zero Trust access for our admin tooling.
• Firebase Crashlytics (Google) — crash and stability diagnostics from the mobile app; payloads are limited to technical telemetry.
• Authorities, courts, or advisers where disclosure is required or reasonably necessary.
• Other users only through the product features that make your profile, venue presence, or conversations visible.

6. International transfers and retention

Our primary application data (profiles, messages, photos, check-ins) is stored on Supabase infrastructure located in the European Union — specifically Ireland for the development environment and Stockholm for production. Keeping the core datastore in the EU means EU/EEA user data does not leave the EU for routine operations.

Some of our auxiliary processors (for example crash reporting, analytics, or app-store billing) may operate in countries outside the EU, including the United States. Where applicable law requires safeguards, we rely on the contractual, statutory, or technical measures required for those transfers, including the relevant standard contractual clauses where that framework applies.

We keep different types of data for different periods. Account and profile data may be kept while your account remains active, while safety, billing, verification, security, message, and legal records may be retained longer where necessary for fraud prevention, dispute handling, legal compliance, or the protection of other users.

• Active account and profile data may remain available while you continue using the service.
• Message records may remain stored as part of active conversations and may be retained for a longer period if they are relevant to safety reports, abuse prevention, disputes, or legal obligations.
• Support, billing, moderation, security, and verification records may be retained longer where needed for legal, safety, or fraud-prevention reasons.
• Deletion requests may not remove every record immediately where retention is required by law or legitimate safety needs.

7. Your rights and choices

Depending on your location, you may have rights to access, correct, export, delete, or restrict certain personal data, to object to some processing, or to withdraw consent where consent is the basis for processing. You may also be able to control permissions such as location, camera, contacts, analytics consent, and visibility settings directly in the app or on your device.

Some requests can start inside the app, including account deletion and certain export tools. For broader requests, please use our Privacy Requests page or contact privacy@checkindate.app.

• Access, correction, export, deletion, restriction, and objection rights where local law provides them.
• Consent withdrawal for features that depend on consent.
• In-app or device-level controls for location, camera, contacts, and analytics preferences.
• Support escalation through privacy@checkindate.app if an in-app option does not cover your request.

8. Security and account protection

CheckInDate uses a combination of product design, access controls, moderation tooling, and technical safeguards to protect account and service data.

No system is completely risk-free, but we aim to limit unauthorized access, fraud, impersonation, and other abuse wherever reasonably possible.

• Account state checks may be used to detect bans, suspensions, or deleted-account conditions.
• Device and session information may be used to support fraud prevention or ban-evasion controls.
• Support and safety records may be used when responding to account or incident investigations.

9. Adults-only service and children

CheckInDate is intended for adults aged 18 and over. The service is not directed to children, and we do not knowingly collect personal data from anyone under the age of 13 (or the equivalent minimum digital-consent age in your jurisdiction where higher).

If we discover that an account has been created by, or contains personal data of, a person under 13 we will take prompt steps to disable the account and delete the associated data. Parents or guardians who believe a child has provided personal data to CheckInDate can contact privacy@checkindate.app and we will address the request promptly.

If we believe an account otherwise belongs to someone under 18, we may restrict, suspend, or remove that account and related content.

10. Updates to this policy

We may update this policy from time to time. When we do, we will update the date shown at the top of this page and, where required, give additional notice through the app, the website, or other appropriate channels.