Privacy Policy

Vynge (“we”, “our”, “us”) is a dating platform for gamers. This Privacy Policy explains what data we collect, why we collect it, and how you control it. By using Vynge you agree to this policy.

1. Data we collect

• Account data — email address and hashed password you provide at sign-up.
• Profile data — age, gender, bio, gaming platforms, games played, prompts, and photos you upload.
• Usage data — interactions (likes/passes), matches, messages, last active timestamp, and session metadata (IP address, user-agent) stored by our auth provider.
• Device data — browser type and approximate timezone inferred from your session for security purposes only.

2. How we use your data

• To operate the matchmaking feed and show your profile to compatible users.
• To send you real-time notifications about matches and messages.
• To detect and prevent fraud, harassment, and policy violations.
• To improve our matching algorithm using anonymised, aggregated signals.

We do not sell your personal data to third parties. We do not run targeted advertising on Vynge.

3. Photos and media

Photos you upload are stored in a private AWS S3 bucket. We serve them through authenticated, signed URLs. Direct access to raw S3 URLs by other users is not permitted — photo URLs are scoped to our CDN and are not publicly indexable.

Do not upload photos that include other people without their consent.

4. Profile visibility

You control who can discover your profile:

• Everyone — shown in the discover feed (default).
• Matches only — hidden from discover; only existing matches can view you.
• Paused — completely hidden; useful when taking a break.

You can change this at any time in Edit Profile → Privacy.

5. Blocking and reporting

When you block someone, any existing match or conversation is immediately deleted and neither party will appear in the other's feed. Reports are reviewed by our team and may result in account suspension or permanent removal.

6. Data retention

Your data is retained for as long as your account is active. If you delete your account, all profile data, photos, messages, and matches are permanently deleted within 30 days. Anonymised usage statistics (no PII) may be retained indefinitely.

7. Third-party services

• AWS S3 — photo storage (US region).
• Neon / PostgreSQL — database.
• Vercel — web hosting and edge functions.
• Google Cloud Run — real-time Socket.io server.

Each provider has its own privacy policy and data processing agreement.

8. Your rights

Depending on your jurisdiction you may have the right to access, correct, port, or erase your data. To exercise any of these rights, email us at privacy@vynge.fun.

9. Security

We use HTTPS for all connections, HTTP security headers (CSP, HSTS, X-Frame-Options, etc.), bcrypt-hashed passwords via Better Auth, and role-based access controls. No system is perfectly secure; please use a strong, unique password.

10. Changes to this policy

We may update this policy. Material changes will be notified by email or an in-app notice at least 7 days before taking effect.

Contact

Questions? Email privacy@vynge.fun.