Privacy Policy
Last updated: November 13, 2026
Data Controller
TECHTONE SRL (CUI 51878627)
Str. Frumoasa nr. 7, Bl. 644, Sc. B, Et. 4, Ap. 17, Iași, jud. Iași, 700703, Romania
Contact: [email protected]
1. Who we are
This Privacy Policy explains how TECHTONE SRL(“we”, “us”, “our”), acting as data controller within the meaning of the EU General Data Protection Regulation (GDPR), collects and processes your personal data when you use Liebmatch(the “Service”).
2. Personal data we collect
- Account data: email address, display name, date of birth, gender, city, country, language preference, password (hashed).
- Profile data: bio, public and private (unlockable) photos, selfie submitted for verification.
- Activity data: matches, likes, messages, reactions, calls initiated / received, profile visits, blocks, reports.
- Payment data: purchase history, ledger of credits, active subscriptions. Card data is handled directly by CCBill; we never see or store full card numbers.
- Technical data: IP address (stored 30 days), device type, user-agent, last seen timestamp.
- Consent data: your cookie preferences and marketing opt-in choices.
3. Purposes and legal bases
- Contract performance (Art. 6(1)(b) GDPR) — account, profile, chat, calls, matches, payments.
- Legitimate interest (Art. 6(1)(f)) — fraud prevention, security logs (IP, 30 days), content moderation, service improvement.
- Consent (Art. 6(1)(a)) — analytics (PostHog), optional marketing emails, cookies.
- Legal obligation (Art. 6(1)(c)) — compliance with GDPR, DSA, tax law (invoice retention 10 years).
4. Sub-processors
The following partners process personal data on our behalf under GDPR-compliant data processing agreements (DPAs). Region indicates where the data is stored or processed.
| Name | Purpose | Legal basis | Region |
|---|---|---|---|
| CCBill, LLC | Payment processing for credits and subscriptions (card data, billing address, transaction history) | Contract performance | United States (SCCs + additional safeguards) |
| PostHog Cloud EU | Product analytics (events, funnels, retention) | Consent | EU |
| Cloudflare R2 | Media storage (photos, video, chat attachments) | Contract performance | Multi-region (EU primary) |
| Ably | Realtime notifications (messages, match events, presence) | Contract performance | EU (eu-central) |
| Agora.io | Audio / video calls (signaling and media relay) | Contract performance | Global (EU preferred) |
| Postmark | Transactional email (verification, password reset, notifications) | Contract performance | EU |
| Sentry | Error monitoring (frontend + backend) | Legitimate interest | EU |
| MaxMind GeoLite2 | City / country detection from IP (local DB, no data transfer) | Legitimate interest | Local DB on our servers |
| Railway | Application hosting (compute, database, Redis) | Contract performance | EU (eu-west) |
5. Your GDPR rights
- Access (Art. 15) — request a copy of the personal data we hold about you.
- Rectification (Art. 16) — edit your profile data directly under Settings, or email us.
- Erasure (Art. 17) — delete your account from Settings → Account → Delete account, or email us.
- Portability (Art. 20) — request an export in machine-readable JSON.
- Objection and restriction (Art. 18, 21) — email us.
- Withdrawal of consent — at any time, via Settings → Privacy or by unsubscribing from marketing emails.
- Complaint — you may also lodge a complaint with your local data protection supervisory authority.
6. Retention
- Profile, messages, matches — as long as the account is active.
- Audit logs (regulatory compliance) — 24 months, then automatically erased.
- IP logs (fraud detection) — 30 days.
- Generated data exports stored in R2 — 72 hours (signed link), then erased.
- Invoicing and accounting records — 10 years (Romanian tax law).
- After account deletion — full purge of personal data (cascade DB + R2 media + analytics person-delete requests).
7. International transfers
Most data is processed in the EU. For sub-processors operating outside the EU (e.g. CCBill in the United States, Cloudflare, Agora), transfers are covered by the European Commission Standard Contractual Clauses (SCCs) and supplementary technical measures (encryption in transit and at rest, pseudonymization where feasible).
8. Security
We apply appropriate technical and organizational measures including TLS 1.2+ for all traffic, encryption at rest for media (R2) and database backups, hashed passwords (bcrypt), HttpOnly Secure session cookies, role-based access control, audit logging of sensitive operations, and periodic security reviews.
9. Children
The Service is strictly intended for adults (18+). We do not knowingly collect personal data from minors. If we become aware that a minor has created an account, we immediately suspend and delete it and notify the relevant authorities.
10. Contact
For any privacy-related request, contact us:
- Email: [email protected]
- Postal address: Str. Frumoasa nr. 7, Bl. 644, Sc. B, Et. 4, Ap. 17, Iași, jud. Iași, 700703, Romania