Privacy Policy — DancingPartners

Last updated: April 25, 2026 Effective date: April 25, 2026

DRAFT — Pending legal review. This document was prepared by the engineering team as a starting point. Before publishing on dancingpartners.app/privacy and submitting to Google Play Console, a licensed attorney with experience in dating apps and Personal & Sensitive User Data must review it. Pay special attention to: jurisdiction (Puerto Rico / U.S. federal), data subject rights phrasing, retention timelines, processor disclosures, and any specific obligations under PR law for dating-style services.

1. Who we are

Tenikopr (referred to as "we," "us," "our") operates the DancingPartners mobile application ("the App"), a dating and social-discovery service for adults interested in Latin dance.

Operator: Tenikopr
Contact email: developers@tenikopr.com
Country of operation: Puerto Rico, United States

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the App.

2. Eligibility

You must be at least 18 years old to create an account. By using the App, you represent and warrant that you are 18 or older. We do not knowingly collect data from minors. If we discover that we have collected data from a person under 18, we will delete it immediately.

3. Information we collect

3.1 You provide directly

Account information: email address, password (stored hashed), name, date of birth, gender, profile bio, dance styles preference.
Profile photos: images you upload to your profile or album.
Verification photo: a face photo used for liveness/verification (processed on-device only — see §5).
Communications: messages sent through the App's chat and reports/blocks you submit.

3.2 Collected automatically

Location data: precise GPS coordinates (foreground only) used to show you potential matches near you. We do not track your location in the background.
Device data: device model, OS version, language, advertising ID (Google Play Services).
Usage data: profiles viewed, swipes, matches, sessions, in-app interactions.
Push token: Firebase Cloud Messaging registration token for delivering notifications.
Crash data: stack traces and device state at the time of an unexpected app crash, via Firebase Crashlytics.

3.3 We do not collect

Background location.
Contacts list, SMS, or call logs.
Browsing history outside the App.
Biometric templates (face data is processed on-device for verification only and never stored or transmitted; see §5).

4. How we use your information

Purpose	Legal basis (where applicable)
Provide and operate the matching service	Contract performance
Show you potential matches based on location and preferences	Legitimate interest
Send push notifications about likes, matches, and messages	Contract performance / consent
Detect and prevent fraud, abuse, harassment	Legitimate interest
Personalize advertising (when consent given in EU/UK)	Consent
Show non-personalized advertising	Legitimate interest
Crash diagnostics	Legitimate interest
Comply with legal obligations	Legal obligation

5. Face verification

When you complete face verification: - The selfie is captured and processed on your device only using Google ML Kit Face Detection (v1.x). - We do not transmit the verification photo to our servers. - We do not store any biometric template. - The result of the on-device check (verified / not verified) is sent to our backend; the photo itself is not.

We share data with the following service providers ("processors") for the limited purposes below. Each processor has its own privacy policy:

Processor	Purpose	Data shared	Privacy Policy
Supabase, Inc.	Backend database & object storage	All account data, profile photos, messages, location	https://supabase.com/privacy
Google LLC (Firebase Cloud Messaging)	Push notifications	FCM token, message payload	https://policies.google.com/privacy
Google LLC (Firebase Crashlytics)	Crash reporting	Crash logs, device model, OS, anonymized installation ID	https://policies.google.com/privacy
Google LLC (Google Mobile Ads / AdMob)	Advertising	Advertising ID, ad interaction events; in EU/UK: consent status	https://policies.google.com/technologies/ads
Google LLC (Sign-In with Google, optional)	Authentication	Email, name, profile picture	https://policies.google.com/privacy
Apple Inc. (Sign-In with Apple, optional)	Authentication	Email (or relay), name	https://www.apple.com/legal/privacy/

We do not sell your personal information. We do not share your information with third parties for their own marketing purposes.

7. Data retention

Active accounts: retained while your account exists.
Account deletion: when you delete your account from the in-app flow (Settings → Delete account), we immediately remove your profile, photos, swipes, matches, and messages. Backups are retained for up to 30 days for disaster recovery, after which they are permanently destroyed.
Crashlytics data: retained 90 days.
AdMob data: per Google's ad data retention policies.

8. Your rights

Depending on your jurisdiction, you may have rights to: - Access the personal information we hold about you. - Correct inaccurate information (most fields are editable in-app at Profile → Edit). - Delete your account and associated data (Profile → Settings → Delete account). - Object to processing for direct marketing. - Restrict processing in certain circumstances. - Data portability: request an export of your data. - Withdraw consent at any time (e.g., advertising consent in EU/UK via Settings → Privacy). - File a complaint with your local data protection authority.

To exercise these rights contact: developers@tenikopr.com. We respond within 30 days.

9. Account deletion

You can delete your account at any time:

Open the App.
Go to Profile → Settings → Delete account.
Confirm twice.

Alternatively, send an email to developers@tenikopr.com with the subject "Account deletion request" from the email associated with your account. We will process the request within 7 business days.

10. Security

Data in transit is encrypted with TLS 1.2+.
Data at rest is encrypted via Supabase's default encryption (AES-256).
Passwords are stored hashed (bcrypt).
Service-role credentials are never embedded in the App.
We monitor for suspicious activity and limit administrative access.

No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

11. International transfers

Our backend is hosted in the United States (Supabase, AWS us-west-2). If you access the App from outside the U.S., your information will be transferred to and processed in the U.S. By using the App, you consent to this transfer.

12. Children's privacy

The App is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you become aware that a minor has provided us with personal information, please email developers@tenikopr.com so we can take appropriate action.

13. California residents (CCPA / CPRA)

You have the right to: - Know what categories of personal information we collect about you. - Request deletion of your information. - Opt out of "sale" or "sharing" of your information (we do not sell or share for cross-context behavioral advertising; see §6). - Non-discrimination for exercising these rights.

Submit requests to developers@tenikopr.com.

The legal bases listed in §4 apply. You have the right to lodge a complaint with the data protection authority of your habitual residence.

For EU/UK users, we display a Google UMP-managed consent dialog before initializing AdMob. Personalized advertising is enabled only after you give explicit consent.

15. Changes to this policy

We may update this policy from time to time. We will post the new effective date at the top and, when changes are material, notify you via push notification or email at least 30 days before they take effect.

16. Contact

Questions or requests:

Email: developers@tenikopr.com Subject line: "Privacy" or "Account deletion"

This document is a draft and pending legal review. It must not be published or relied upon until reviewed by qualified counsel.