Privacy Policy

1. Introduction

Matchya is an AI-powered wellness and support platform designed to provide personalized guidance and tools. Because you trust us with sensitive and personal information, we are committed to handling your data responsibly and transparently. This Policy outlines what information we collect, why we collect it, how long we keep it, and the choices you have.

Although Matchya does not claim to follow any formal privacy certification or standard, we strive to implement responsible data practices and safeguard all information shared with us.

2. Information We Collect

We collect different types of data to operate and improve the App. This includes information you provide directly, information generated during your sessions, and data collected automatically.

2.1 Account Information

When you create an account, we collect:

• Email address
• Username
• Basic profile details you optionally provide (e.g., age, gender, preferences)

This information allows us to identify you, provide core app functionality, and personalize your experience.

2.2 Session Data

Matchya uses AI to provide personalized conversations. To do this:

• We store your text conversations with the AI.
• If you use voice features, your voice input is processed for transcription. Raw audio is not stored long-term.
• Session data may include the content of your messages, tone, goals, and any details you voluntarily share.

This data helps us deliver responses, troubleshoot issues, and improve service quality.

2.3 Usage Data

We collect information on how you interact with the app, including:

• Screens viewed
• Features used
• Time spent in different parts of the app
• Crash logs or performance issues

We may also collect technical data such as:

• IP address
• Device type
• Operating system
• App version
• Browser type (if applicable)

Usage data helps us understand what works, diagnose problems, and refine the app experience.

2.4 Other Personal Data

If you sign in using Google, Apple, or another provider:

• We only receive the information required to create your account (typically your email and name).
• We do not access your photos, contacts, calendars, files, or any other information from those providers.

2.5 Sensitive Data

We do not collect medical records or health data unless you voluntarily share health-related details during your AI sessions.

Where applicable, we treat sensitive wellness information with heightened privacy and security standards.

3. How We Use Your Information

We use your information only for clear and legitimate purposes connected to delivering and improving Matchya.

3.1 To Provide the Service

We use your account, session, and usage data to:

• Authenticate your identity
• Maintain app functionality
• Personalize responses
• Provide AI-driven support
• Store your session history for your continued use

This processing is necessary for the core operation of the app.

3.2 To Improve the App

We analyze aggregated or de-identified data to:

• Enhance AI quality
• Fix bugs
• Improve performance
• Develop new features
• Understand which tools users find helpful

This helps us continue building a better wellness platform.

3.3 To Communicate With You

If you choose to opt in, we may send:

• Account-related updates
• Feature announcements
• Support messages
• Optional newsletters

You may opt out at any time by adjusting your settings or contacting us.

3.4 To Ensure Safety and Security

We use data to:

• Detect fraud or misuse
• Monitor suspicious activity
• Protect users and the platform from security risks

We do not use your data for advertising or personalized marketing.

3.5 No Sale of Personal Data

We do not sell, rent, or trade your personal information with advertisers or third parties.

4. Legal Bases for Processing

When required by applicable laws, we process your data under the following bases:

• Consent – You give permission when you create an account or use specific features.
• Contractual necessity – We need your information to provide the service you signed up for.
• Legitimate interests – For improving the platform, operating safely, and preventing misuse.
• Legal obligations – If we must retain or disclose data due to laws or lawful requests.

5. Third-Party Services and Data Sharing

We share data only with trusted partners who help us operate the app. Each receives only the minimum data necessary.

5.1 OpenAI (AI Responses)

• We send your conversation inputs to OpenAI's API to generate replies.
• OpenAI does not use this data to train models by default.
• OpenAI retains data for a limited period (up to 30 days) for abuse prevention.

5.2 Supabase (Database & Storage)

Used for secure, encrypted storage of account data, session logs, and app content.

5.3 Clerk (Authentication)

Handles account login and identity verification. We receive only your verified user ID and basic profile information.

5.4 Other Sharing Situations

We may share information only when:

• Required by law or legal request
• Necessary to protect safety, security, or rights
• Matchya undergoes a merger, acquisition, or sale (with this Privacy Policy continuing to apply)

We do not give advertisers access to any personal data.

6. Data Retention and Deletion

We retain data only for as long as reasonably necessary.

6.1 Account Deletion

When you delete your account:

• It enters a 60-day grace period for recovery or dispute resolution.
• After 60 days, all personal data is permanently deleted.
• Only aggregated, non-identifiable metrics are kept for analytics.

6.2 Inactive Accounts

If you stop using Matchya:

• We may keep minimal information (such as your email) for a reasonable period.
• You may request deletion at any time.

6.3 Legal Requirements

Some records (e.g., payment transactions) must be kept for regulatory or financial reasons. These are deleted as soon as permitted.

6.4 Deletion Processes

When data is deleted:

• It is removed from active systems.
• Backups are overwritten on a regular cycle.
• Deletion processes follow general industry standards.

7. Data Security

We take data protection seriously and use strong technical and organizational measures to secure information.

These include:

• Encryption at rest (AES-256 or equivalent)
• Strict access control and role-based permissions
• Employee and contractor training
• Regular security reviews and updates
• Vulnerability testing
• Incident response protocols

If a data breach occurs, we will notify affected users and any required authorities as promptly as applicable laws require.

No system is completely secure, but we take every reasonable measure to protect your information.

8. International Data Transfers

Matchya may store or process information in the United States or other countries.

When transferring data internationally, we use appropriate safeguards such as contractual protections to ensure your information is handled responsibly.

9. Your Rights and Choices

Depending on your location, you may have rights such as:

• Accessing your personal information
• Correcting inaccurate information
• Requesting deletion (account deletion)
• Withdrawing consent
• Opting out of optional communications

You can exercise many of these rights within the app or by contacting us.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the App or legal requirements. If we make significant changes, we will notify you through the app or by email. Continued use of Matchya after updates means you accept the revised Policy.

11. Contact Us

If you have questions or requests, you can contact us at:

:e-mail: support@matchya.app