Privacy Policy

Effective Date: 15 February 2026
Last Updated: 15 February 2026
Contact:

Swipe Up (“Swipe Up”, “we”, “us”, “our”) operates as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

This Privacy Policy explains how we collect, process, use, store, share, and protect your personal data when you use the Swipe Up mobile application or website (“Service”).

By using the Service, you consent to this Privacy Policy and our Terms & Conditions.

1. Personal Data We Collect

We collect personal data only with your free, clear, specific, informed, and unambiguous consent provided through an affirmative action (e.g., clicking “Agree”). We may collect the following categories:

1. Basic Profile Data

  • Name
  • Age (confirmation that you are 18+)
  • Gender
  • Email address
  • Profile photos
  • Bio or description

2. Optional Matching Data

(voluntarily provided for better matching—optional & revocable)

  • Interests
  • Relationship preferences
  • Emotional state inputs for AI support
  • Approximate location (for proximity matching)

3. Usage & Interaction Data

  • Swipes, likes, matches
  • Messages and chat data
  • Interaction patterns
  • Safety reports & block actions

Messages are stored securely and not reviewed by humans except:

  • if required by law,
  • during a safety investigation, or
  • when reported by a user for violations.

4. Technical Data

  • Device type, OS version
  • IP address
  • Crash logs
  • Mobile identifiers
  • Analytics (e.g., session duration)

5. Sensitive Personal Data (Only with Explicit Consent)

We do not collect sensitive personal data (financial, health, biometric) unless you voluntarily provide emotional-state details for AI emotional support.

You may opt out at any time.

2. How We Process Your Personal Data

We process your data only for specific, legitimate purposes, including:

  • Account creation and profile management
  • Authenticating your identity (email verification)
  • Matching users and generating recommendations
  • Enabling communication (chats, likes, matches)
  • Providing AI Healing Companion emotional-support interactions
  • Improving safety using automated tools to detect spam, fraud, harassment, or harmful behavior
  • Enhancing app quality, features, and performance through analytics
  • Sending notifications, OTPs, support messages, and service updates
  • Complying with legal obligations under the IT Act and DPDPA

Processing stops when consent is withdrawn, except where data retention is required by law.

3. Sharing Your Personal Data

Swipe Up does not sell or rent your data. We share data only when necessary, with safeguards:

1. Service Providers (Processors)

Under strict confidentiality and DPDPA-compliant contracts:

  • Cloud hosting
  • Analytics
  • Verification APIs
  • Payment gateways

2. Law Enforcement

We may provide data if:

  • required by Indian law, court order, or
  • necessary to protect user safety, investigate threats, child safety issues, fraud, or abuse.

3. Business Transfers

If Swipe Up is acquired or merged, users will be notified before data transfer.

4. Cross-Border Transfers

Allowed only to DPDPA-approved countries or with adequate safeguards.

4. Data Retention & Deletion

  • We retain your data only as long as necessary for the consented purpose.
  • Grievance-related records are kept 180 days, as required by IT Rules.
  • Inactive accounts may have usage data anonymized after 6 months.

Account Deletion

You may request account deletion at any time by emailing:

Upon deletion:

  • Personal data, messages, and media are removed from active systems within 30 days.
  • Some encrypted backups may persist up to 1 month before automatic purge.
  • Data required by law (e.g., fraud reports) may be retained.

After deletion, matches and chats become inaccessible to all parties.

5. Data Security

We use industry-standard and legally required security safeguards:

  • Encryption at rest (AES-256)
  • Encryption in transit (TLS/SSL)
  • Secure servers hosted in India
  • Strict access controls
  • Regular audits and penetration testing
  • Automated monitoring for suspicious activity

If a data breach occurs, we notify:

  • affected users, and
  • the Data Protection Board of India within 72 hours, as required by DPDPA.

6. Your Rights as a Data Principal (Under DPDPA)

You may exercise your rights by emailing:

Your Rights Include:

RightDescription
AccessRequest details on what data we collect and process.
CorrectionCorrect inaccurate or incomplete data.
ErasureRequest deletion when data is no longer needed or consent is withdrawn.
Withdraw ConsentRevoke consent for specific data or all processing.
Grievance RedressalContact our Grievance Officer; issues resolved within 15 days.

We also appoint a Data Protection Officer (DPO) reachable at the same email.

7. Third-Party Services & Cookies

Swipe Up may integrate trusted third-party services as required. Each provider follows its own privacy practices.

Cookies

  • Essential cookies are used for login/security.
  • Non-essential cookies (analytics) require separate consent.

8. Children's Privacy

Swipe Up is strictly for users 18 years and older. We do not knowingly process data of minors.

If a minor account is discovered:

  • It will be deleted, and
  • The parent/guardian may request erasure.

9. Updates to This Privacy Policy

We may update this Privacy Policy to reflect:

  • legal changes
  • new features
  • security updates

Users will be notified via:

  • in-app notifications,
  • email, or
  • website update notice.

Continued use of the Service after changes means acceptance.

10. Contact & Grievance Officer

For privacy questions, rights requests, or complaints:

Grievance Officer:

Response within 24 hours.

Resolution as per IT Rules and DPDPA timelines.