Privacy Policy

Privacy Policy

Effective Date: May 22, 2025
Last Updated: May 22, 2025

Up4adate Inc. (“Up4adate,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data in accordance with applicable laws and industry standards. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our mobile application, website, and related services (collectively, the “Services”).

This Policy also outlines your legal rights and choices regarding your personal data, including how you can access, correct, delete, or object to certain types of data processing.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use our Services.

We encourage you to read this Privacy Policy carefully. If you have any questions or concerns, please contact us at app@up4adate.com.

1. Information We Collect

When you use the Services, we collect various categories of personal data to operate effectively, maintain platform integrity, and deliver a secure and personalized experience. We only collect information that is relevant, necessary, and proportionate to the purposes for which it is processed. The information we collect falls into the following categories:

a. Information You Provide to Us Directly

You may provide the following personal data voluntarily when registering for, interacting with, or using certain features of the Services:

  • Identity and Contact Information
     Full legal name, email address, and mobile phone number.

  • Demographic Information
    Gender identity, date of birth (to verify age eligibility).

  • Media and Verification Content
    Profile photos and mandatory identity verification video (used strictly for fraud prevention and safety assurance; not publicly visible or shared).

  • User-Generated Content
    Content shared via in-app messaging (limited to 5 messages per connection), feedback, venue preferences, and invitation responses.

  • Payment and Billing Information
    Transactional details associated with premium features, securely processed via third-party PCI-DSS-compliant payment processors. Up4adate does not store full payment card data.

b. Information We Collect Automatically

When you use the Services, we automatically collect certain information about your device and usage patterns. This data helps us secure the platform, personalize user experience, and monitor performance:

  • Device & Technical Data
    IP address, device ID, device model, operating system, browser type, screen resolution, language settings, and mobile carrier.

  • Usage Data
    Timestamps, session durations, interaction logs, feature usage analytics, crash reports, and diagnostic data.

  • Geolocation Data
    Precise or approximate location, only with your explicit opt-in consent. Location data is used to suggest relevant venues and matches nearby.

c. Verification, Safety, and Security Data

To maintain the integrity of the platform and enforce safety standards, we may collect and generate additional security-related data, including:

  • Video Verification Metadata
    Technical metadata (e.g., timestamp, file signature, verification score) derived from the onboarding video.

  • Behavioral Analytics
    Patterns of app usage, login activity, and communication rhythms used to detect suspicious or abusive behavior.

  • Internal Logs & System Monitoring
    Administrative access logs, fraud detection signals, and event-level logging of system activities (kept securely for compliance, auditing, and incident response).

Sensitive Data Notice

We do not collect any special categories of personal data (such as racial or ethnic origin, religious beliefs, biometric identifiers, or health information), unless explicitly required for safety features and always with clear, informed user consent.

Data From Third Parties

Where legally permitted, we may receive limited personal data about you from third-party partners (e.g., payment providers or mobile platforms) to support account verification, transaction reconciliation, or abuse mitigation. Any such data is treated with the same safeguards as information collected directly from you.

2. How We Use Your Information

We process your personal data only for specific, legitimate purposes and in accordance with applicable data protection laws. Your data is never sold or used for unrelated profiling, and we limit access to only those with a legitimate business or legal need.

The personal data we collect may be used for the following purposes:

a. Account Creation and User Management

  • To create, verify, and manage your user account

  • To facilitate login, authentication, and password recovery

  • To maintain your user preferences and personalization settings

b. Safety, Identity, and Fraud Prevention

  • To verify user identity using mandatory video verification

  • To detect and prevent spam, fraud, fake accounts, and impersonation

  • To enforce safety protocols and community standards, including abuse detection and response

c. Service Delivery and Matchmaking

  • To provide access to app features, venue discovery, and invitations

  • To match users based on preferences, proximity, and venue interests

  • To enable limited communication features (e.g., 5-message chat)

d. Payments and Premium Features

  • To process subscription purchases and in-app transactions

  • To send transaction confirmations, receipts, and payment notices

  • To manage billing records for legal and tax compliance

Note: All payments are processed through secure, third-party PCI-compliant platforms. We do not store full credit or debit card details on our servers.

e. Performance Monitoring and Platform Optimization

  • To monitor usage patterns and identify bugs or crashes

  • To improve app performance, user experience, and navigation flows

  • To analyze aggregated behavioral data to refine features

f. Legal Compliance and Risk Management

  • To comply with applicable laws, lawful data access requests, and regulatory obligations

  • To enforce our Terms of Use and other applicable agreements

  • To respond to legal claims, law enforcement inquiries, or court orders

g. Internal Research and Product Development

  • To test new features and evaluate user satisfaction

  • To measure engagement, retention, and safety effectiveness

  • To develop anonymized, aggregated insights for product roadmap planning

Note: We do not use your personal data to train third-party AI models or to generate synthetic content.

h. Communications and Support

  • To send administrative, transactional, or support-related messages

  • To respond to your inquiries, resolve disputes, or provide customer care

  • To notify you about changes to our services, Terms, or policies

3. Legal Basis for Processing

We process your personal data in strict accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant regional frameworks. Our legal basis for collecting, using, and disclosing your information depends on the specific context and type of data involved.

Where required by law, we ensure that our processing activities are justified under one or more of the following lawful bases:

a. Consent

We rely on your clear, informed, and freely given consent to process personal data in cases where consent is legally required. This includes, but is not limited to:

  • Location sharing for nearby venue and user suggestions

  • Video-based identity verification during onboarding

  • Receiving promotional or product update communications (opt-in)

  • Participating in user research, surveys, or beta features

You may withdraw consent at any time without affecting the lawfulness of prior processing. To do so, contact: app@up4adate.com

b. Contractual Necessity

We process certain personal data as necessary to fulfill our contractual obligations to you under our Terms of Use. This includes:

  • Account creation and user authentication

  • Delivery of core features, matchmaking, and in-app messaging

  • Subscription processing and premium feature activation

  • Providing customer service and technical support

c. Legal Obligations

We may process your personal data to comply with legal or regulatory obligations to which we are subject, including:

  • Age verification to restrict access to users over 18

  • Fraud prevention and abuse reporting under applicable laws

  • Retention of billing records for tax and financial compliance

  • Responding to legal process (e.g., subpoenas, court orders, law enforcement inquiries)

d. Legitimate Interests

We may process your personal data based on our legitimate interests, provided that such interests are not overridden by your rights or interests. These purposes include:

  • Ensuring platform integrity, user safety, and service reliability

  • Monitoring usage metrics to improve features and user experience

  • Preventing account abuse, bots, or fake profiles

  • Conducting internal analytics and developing new features

Whenever we rely on legitimate interest, we perform a balancing test to ensure our interests do not override your fundamental rights and freedoms.

e. Vital Interests (Rare Cases Only)

In extremely limited scenarios, we may process your data to protect your vital interests or those of another individual. For example:

  • Responding to credible threats of harm or self-harm during real-world meetups

  • Providing information to emergency responders in critical situations

4. Sharing and Disclosure of Data

Up4adate does not sell, rent, or monetize your personal data. We disclose your information only when necessary, with appropriate safeguards, and strictly in accordance with this Privacy Policy and applicable laws.

We limit access to your personal data to parties who have a legitimate need to know it for the purposes described below and ensure that all third-party recipients are bound by strict confidentiality, data protection, and contractual obligations.

a. Service Providers and Processors

We engage carefully selected third-party vendors to support the delivery and maintenance of the Services. These partners may access limited personal data only to the extent required to provide their services, including:

  • Cloud hosting and infrastructure providers

  • Payment processors (PCI-DSS compliant)

  • Customer support and communications platforms

  • Identity verification and anti-fraud vendors

  • Analytics and crash-reporting providers

All such entities act as data processors under our instruction, and are bound by data processing agreements (DPAs) ensuring compliance with privacy laws (including GDPR Article 28 requirements).

b. Law Enforcement and Legal Disclosures

We may disclose your information to public authorities, courts, regulators, or law enforcement agencies only if required or permitted by law, including:

  • To comply with valid legal process (e.g., subpoena, warrant, court order)

  • To protect the rights, safety, or property of Up4adate, our users, or others

  • To investigate and prevent fraudulent, illegal, or harmful activities

  • To comply with mandatory data retention or reporting obligations

We will always assess the legality and scope of such requests and, where permitted, notify users before disclosing their data.

c. Business Transfers and Transactions

In connection with a corporate transaction (e.g., merger, acquisition, asset sale, or bankruptcy), your personal data may be disclosed or transferred to a third party as part of the due diligence or transaction process. If such a transfer occurs:

  • We will ensure the recipient is subject to appropriate confidentiality and data protection commitments.

  • You will be notified of any material change in ownership or control and any changes to how your data is used.

d. Aggregated or Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you, for purposes such as:

  • Platform performance reporting

  • Market research and trend analysis

  • Safety and fraud pattern detection

This data does not constitute “personal data” under applicable laws.

e. With Your Explicit Consent

We may share your personal data with other third parties only with your clear and informed consent, for example:

  • Participating in optional surveys or partnerships

  • Referral programs or promotions requiring external verification

  • Beta testing involving third-party integrations

You can withdraw your consent at any time.

5. International Data Transfers

As a global technology provider, Up4adate Inc. may process and store your personal data in jurisdictions other than your country of residence, including the United States and other countries where our service providers and data infrastructure are located.

When we transfer personal data across borders, we do so in full compliance with applicable data protection laws and ensure that adequate safeguards are in place to protect your information.

a. Legal Grounds for International Transfers

Depending on your location and the governing privacy laws (e.g., GDPR in the European Economic Area or UK GDPR), we may rely on the following legal mechanisms to lawfully transfer your data:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO

  • Data Processing Agreements (DPAs) that require third parties to provide the same level of data protection as in your jurisdiction

  • Your explicit and informed consent (in certain limited cases)

  • Necessary for the performance of a contract (e.g., enabling your access to our Services)

  • Other safeguards permitted by applicable law (e.g., adequacy decisions, binding corporate rules where available)

b. Countries Where Data May Be Processed

We may process or store your data in the following countries (updated periodically):

  • United States (primary infrastructure and customer support)

  • European Union Member States (when required for localized hosting or compliance)

  • Other jurisdictions where service providers operate under contractual and technical safeguards

We do not transfer data to jurisdictions lacking adequate protections unless contractual safeguards are in place.

c. Your Rights and Remedies

You have the right to:

  • Request a copy of the Standard Contractual Clauses or other safeguards used for your data

  • Lodge a complaint with your data protection authority if you believe your data has been mishandled

  • Withdraw consent for cross-border transfers where consent is the legal basis

To exercise your rights or request more information, please contact us at: app@up4adate.com

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, enforce our agreements, and maintain the integrity and safety of our Services.

Our retention periods are based on:

  • The nature and sensitivity of the personal data

  • The purpose for which the data was collected

  • Applicable legal, regulatory, contractual, or operational requirements

  • The user’s own request for deletion (where legally applicable)

a. Retention Periods by Data Type

Data CategoryRetention PeriodUser Account DataRetained while the account is active and for up to 12 months after account deletion or inactivity, unless longer retention is required by law.Verification VideoRetained only for as long as necessary to complete identity verification and detect fraudulent activity. Securely stored and never shared or made public.In-App MessagesRetained for 30 days after chat expiration or user unmatching, for safety auditing and abuse investigation purposes.Payment & Billing InfoRetained for 7 years or as required by applicable tax, accounting, and financial compliance laws.Behavioral & Security LogsRetained for up to 24 months for platform integrity, fraud detection, and incident response.Aggregated/Anonymized DataMay be retained indefinitely as it does not identify any individual and is used solely for analytics and service improvement.

b. Deletion Requests

You may request deletion of your personal data and account at any time by contacting: app@up4adate.com

Upon verification of your identity:

  • We will erase your personal data unless we are required or permitted to retain it for legal or operational reasons (e.g., fraud prevention, billing disputes).

  • Deleted data is permanently removed from active systems and will no longer be accessible or associated with your account.

  • Backups containing personal data are deleted during regular backup cycles (usually within 90 days).

c. Data Retention for Legal Defense

In some cases, we may retain personal data where necessary to:

  • Defend or assert legal claims

  • Comply with law enforcement investigations

  • Enforce our Terms of Use or Privacy Policy

Such retention will be limited to the minimum necessary and access will be strictly restricted.

7. Data Subject Rights

Depending on your jurisdiction and applicable privacy laws (such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), UK Data Protection Act, or other global frameworks), you may have specific rights regarding your personal data. Up4adate is committed to enabling and honoring those rights, subject to lawful limitations.

We will never discriminate against you for exercising your privacy rights.

a. Your Rights

Subject to verification of your identity, you may exercise the following rights:

1. Right to Access

You have the right to request confirmation of whether we process your personal data, and to obtain a copy of that data along with other relevant information, including:

  • Categories of data we collect

  • Purpose of processing

  • Data recipients or categories of recipients

  • Retention periods or criteria for data storage

2. Right to Rectification

You have the right to request the correction of inaccurate or incomplete personal data. This includes updating outdated account details or preferences.

3. Right to Erasure (“Right to Be Forgotten”)

You may request deletion of your personal data in any of the following scenarios:

  • The data is no longer necessary for the original purpose

  • You withdraw consent (where processing was based on consent)

  • You object to processing and there are no overriding legitimate grounds

  • Data was unlawfully processed or must be erased to comply with law

Note: We may retain certain data where legally required (e.g., billing records or fraud prevention logs).

4. Right to Restriction of Processing

You may request that we temporarily suspend processing your data if:

  • You contest the accuracy of the data

  • Processing is unlawful and you oppose deletion

  • We no longer need the data but you require it for legal claims

  • You have objected to processing and verification is pending

5. Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may request a copy of your personal data in a structured, commonly used, and machine-readable format. You may also request direct transmission to another service provider, where technically feasible.

6. Right to Object

You may object to processing based on our legitimate interests. If so, we will cease processing unless we demonstrate compelling legitimate grounds or need to continue for legal claims or safety reasons.

7. Right to Withdraw Consent

If we process your data based on consent (e.g., geolocation, promotional messaging), you may withdraw your consent at any time. This does not affect the lawfulness of processing carried out prior to withdrawal.

8. Right to Lodge a Complaint

If you believe your rights have been violated or your data has been mishandled, you have the right to file a complaint with your local data protection authority. We recommend contacting us first so we can address your concerns directly.

b. How to Exercise Your Rights

You may submit a request to exercise your rights by contacting:

Email: app@up4adate.com
Postal Address: Up4adate Inc., 8 The Green, Ste A, Dover, DE 19901, United States

To protect your data and ensure authenticity, we may request additional information to verify your identity. We aim to respond to all verified requests within 30 days, subject to lawful extensions where necessary.

8. Children’s Privacy

Up4adate is a platform strictly intended for use by individuals 18 years of age or older. We do not knowingly collect, solicit, or process personal data from individuals under the age of 18, nor do we allow minors to register for or use the Services.

a. Age Restriction Policy

  • By using the Services, you represent and warrant that you are at least 18 years old.

  • We implement age verification mechanisms during registration and require date of birth input as a condition of access.

  • If we become aware that a user is under 18 or has falsified their age to gain access, we will take immediate action, including:

    • Deleting the user’s account

    • Removing all associated personal data

    • Blocking future access to the Services

b. Parental and Legal Guardian Rights

If you are a parent or legal guardian and believe that your child has provided us with personal data in violation of this Policy, please contact us immediately at:
app@up4adate.com

We will take prompt steps to:

  • Verify your identity and relationship to the child

  • Investigate the claim

  • Remove the child’s information from our systems in compliance with the Children’s Online Privacy Protection Act (COPPA) or relevant international laws (e.g., GDPR-K in the EU)

9. Security Practices

Up4adate Inc. implements a comprehensive set of technical, organizational, and administrative security measures designed to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. We treat data security as a foundational priority and continuously improve our defenses to address evolving threats.

a. Technical Safeguards

  • Encryption in Transit and at Rest
    All data is transmitted using Transport Layer Security (TLS) 1.2 or higher and stored using AES-256 encryption or equivalent industry-standard encryption protocols.

  • Data Minimization and Tokenization
    Sensitive information such as payment data is tokenized or stored only by PCI-DSS-compliant third-party providers. Up4adate never retains full payment card details on its own servers.

  • Secure Authentication Mechanisms

    • Multi-factor authentication (MFA) is used for administrative access.

    • Passwords are hashed using strong cryptographic algorithms (e.g., bcrypt or equivalent).

  • Device & Session Protections

    • Rate limiting and brute-force protection

    • Automatic logout on session expiration

    • IP-based anomaly detection

b. Organizational and Administrative Safeguards

  • Role-Based Access Control (RBAC)
     Access to personal data is limited strictly to authorized personnel based on job function, and governed by the principle of least privilege.

  • Audit Logging and Monitoring
     All access to personal data is logged and monitored. Internal systems generate alerts for abnormal activity or unauthorized attempts.

  • Vendor Risk Management
     All third-party vendors are vetted for security and privacy compliance. Data Processing Agreements (DPAs) are executed before access is granted.

  • Incident Response Plan
     We maintain a formal Data Breach Response Plan in compliance with GDPR, CCPA, and other applicable laws. In the event of a breach:

    • Affected users will be notified without undue delay

    • Regulators will be informed as required by law

    • Root cause analysis and corrective actions will be documented

c. Feature-Specific Safety Measures

  • Mandatory Video Verification
     Reduces impersonation and catfishing by requiring real users to complete a live verification step. Videos are never publicly accessible or shared.

  • Behavioral Pattern Analysis
     Used to detect coordinated manipulation, bots, or fraudulent behavior while respecting user privacy and legal boundaries.

  • Red Team & Penetration Testing
     We conduct internal red-teaming exercises and third-party penetration testing at regular intervals to proactively identify vulnerabilities.

d. User Responsibilities

While we take strong steps to secure your data, security also depends on you:

  • Keep your login credentials confidential

  • Use a strong and unique password

  • Report any suspected account compromise immediately to app@up4adate.com

10. Automated Processing

Up4adate may use limited forms of automated processing, including AI-assisted systems, to enhance safety, detect abuse, improve user experience, and streamline certain functions of the platform. However, we do not use AI or automation to make decisions that produce legal or similarly significant effects on users without human oversight.

We prioritize human-in-the-loop (HITL) review for any decisions that could impact your rights, access, or account status.

a. Types of Automated Tools Used

We may use the following categories of automated systems:

  • Abuse Detection Algorithms
     Analyze usage patterns, behavioral anomalies, or messaging frequency to detect spam, impersonation, harassment, or coordinated manipulation.

  • Moderation Support Tools
     Pre-screen inappropriate images, texts, or video content using AI classifiers. These tools flag content for human review but do not take final action automatically.

  • Recommendation & Personalization Engines
     Suggest nearby venues or profile discovery based on your stated preferences, prior activity, and location (when enabled). These tools do not profile sensitive characteristics (e.g., race, religion, sexual orientation) and are never used to target or exclude individuals unfairly.

  • Fraud & Risk Scoring Systems
     Evaluate the likelihood of fake accounts or policy violations using metadata and verification signals. Final enforcement decisions are made by trained human moderators.

b. Limitations and Human Oversight

  • We do not use automated tools to:

    • Make legal determinations

    • Ban users without human review

    • Assign personal reputational scores

    • Simulate or impersonate users

    • Generate synthetic conversations or matches

  • All safety or access-related decisions involving automation are subject to manual confirmation by authorized personnel.

  • We regularly audit automated systems to detect and correct potential bias, inaccuracy, or unintended consequences.

c. Transparency and Your Rights

Where required by law (e.g., under GDPR Articles 13–22), you have the right to:

  • Request an explanation of any automated decision that affects you

  • Challenge the decision and obtain human intervention

  • Opt out of certain types of automated processing where legally permitted

If you believe an automated process has impacted you unfairly, contact us immediately at: app@up4adate.com

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal obligations, technologies, or features of the Services. When we make material changes to this Policy, we will provide clear and timely notice to you in accordance with applicable laws.

a. Notification of Changes

If we make a material change, we will notify you by:

  • Posting a prominent notice within the app or on our website

  • Sending an email to the address associated with your account (if applicable)

  • Updating the “Last Updated” date at the top of this document

Where legally required, we will also request your affirmative consent before applying material changes to how we use your personal data (e.g., if we introduce a new data use purpose that requires consent under GDPR or CCPA/CPRA).

b. Your Continued Use Constitutes Acceptance

By continuing to access or use the Services after changes become effective, you acknowledge that you have read and understood the updated Policy. If you do not agree with the new terms, you must stop using the Services and may request deletion of your account and personal data at any time.

c. Archival and Version Control

We maintain archived versions of prior privacy policies and will make them available upon request to demonstrate compliance with applicable privacy regulations and to support legal investigations or audits if necessary.

12. Contact

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or how Up4adate processes your personal data, please contact us using the information below.

We are committed to addressing your inquiries in a timely and lawful manner, and in accordance with your rights under applicable data protection laws.

Contact Information

Up4adate Inc.
Attn: Privacy Office
8 The Green, Suite A
Dover, DE 19901
United States

Email: app@up4adate.com

For Residents of the EEA, UK, and Other Jurisdictions

Depending on your jurisdiction, you may also have the right to lodge a complaint with a supervisory authority or data protection regulator. We recommend contacting us first so we can resolve your concern directly.

For European Union data subjects, a list of supervisory authorities is available at:
https://edpb.europa.eu/about-edpb/board/members_en

For UK residents, contact the Information Commissioner’s Office (ICO):
https://ico.org.uk/