Privacy Policy

Last Updated: October 12, 2025

At DuoWeave, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website, mobile applications, and related services (the "Service").

By using DuoWeave, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Information You Provide

When you create an account and use DuoWeave, you provide us with:

• Account Information: Email address, username, password, date of birth
• Profile Information: Display name, bio, profile photo, interests
• Verification Photo: One-time facial photo for biological sex verification (processed locally and immediately deleted—never stored)
• Content: Posts, messages, comments, photos, videos, and other content you create
• Communications: Messages you send through our platform, customer support inquiries

1.2 Automatically Collected Information

When you use DuoWeave, we automatically collect:

• Device Information: Device type, operating system, unique device identifiers, mobile network information
• Usage Data: Features used, actions taken, time spent, search queries, click patterns
• Location Data: Approximate location based on IP address; precise location if you enable location services
• Log Data: IP address, browser type, access times, pages viewed, crash reports
• Cookies and Similar Technologies: See our Cookie Policy for details

1.3 Information from Third Parties

• Social Media: If you link accounts (Facebook, Twitter, Instagram), we receive basic profile information
• Analytics Providers: Usage statistics and demographics
• Payment Processors: Transaction confirmation (we don't store full payment details)

2. How We Use Your Information

We use your information to:

2.1 Provide and Improve the Service

• Create and maintain your account
• Deliver personalized experiences (Male or Female based on verification)
• Process and display your content
• Enable messaging, events, challenges, circles, and rooms
• Provide customer support
• Develop new features and improve existing ones

2.2 Safety and Security

• Verify user identity and prevent fraud
• Detect and prevent spam, abuse, and security threats
• Enforce our Terms of Service and Community Guidelines
• Fact-check content using Google Fact Check, Semantic Scholar, and PubMed APIs
• Monitor for violations and harmful content

2.3 Communications

• Send transactional emails (account verification, password resets)
• Send push notifications about app activity (you can opt out)
• Send promotional emails about new features (you can unsubscribe)
• Respond to your inquiries

2.4 Analytics and Research

• Analyze usage patterns and trends
• Measure marketing effectiveness
• Conduct surveys and research
• Create aggregated, anonymized statistics

2.5 Legal Compliance

• Comply with legal obligations
• Respond to law enforcement requests
• Protect our rights and property
• Enforce our Terms of Service

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

3.1 With Other Users

• Public Profile: Username, profile photo, bio, posts are visible to other users
• Messages: Visible only to recipients
• Activity: Likes, comments, event attendance may be visible to others

3.2 Service Providers

We share data with trusted third parties who help us operate the Service:

• Cloud Hosting: MongoDB Atlas, Railway, Vercel
• Analytics: Google Analytics, Mixpanel
• Email Services: Resend
• Push Notifications: Expo Push Notification Service
• Payment Processing: Stripe (for future paid features)
• Fact-Checking: Google Fact Check API, Semantic Scholar, PubMed
• Maps: Mapbox
• Event Data: Ticketmaster, Eventbrite

3.3 Legal Requirements

We may disclose information if required by law or to:

• Comply with legal process (subpoena, court order)
• Respond to government requests
• Protect our rights, property, or safety
• Investigate fraud or security issues
• Enforce our Terms of Service

3.4 Business Transfers

If DuoWeave is acquired, merged, or sells assets, your information may be transferred to the new owner.

3.5 With Your Consent

We may share information for other purposes with your explicit consent.

4. Facial Verification and Biometric Data

Special Notice: DuoWeave uses AI-powered facial recognition (DeepFace) for one-time verification.

4.1 How Verification Works

• You submit a photo during account setup
• The photo is analyzed locally on your device or our server to detect biological sex characteristics
• The analysis result determines your experience type (Male or Female)
• The photo is immediately deleted after processing—we do NOT store facial data or biometric templates

4.2 Your Rights

• You can decline verification, but you cannot use the full Service without it
• Your verification result is permanent and cannot be changed
• We comply with biometric privacy laws (BIPA, CCPA, GDPR)

5. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

Data Type	Retention Period
Account Information	Until account deletion + 30 days
Posts and Content	Until you delete or account deletion + 90 days
Messages	Until deletion by sender/recipient
Verification Photo	Immediately deleted after processing (never stored)
Usage Logs	90 days
Aggregated Analytics	Indefinitely (anonymized)
Legal/Compliance Data	As required by law (typically 7 years)

6. Your Privacy Rights

6.1 Access and Portability

You can:

• Access your personal information via account settings
• Request a copy of your data in portable format

6.2 Correction and Updates

You can update your profile, email, and other information through the app.

6.3 Deletion

You can delete your account at any time. We will:

• Permanently delete your personal information within 30 days
• Retain some data for legal compliance (e.g., transaction records)
• Keep aggregated, anonymized data for analytics

6.4 Opt-Out

• Marketing Emails: Click "unsubscribe" in any email
• Push Notifications: Disable in app or device settings
• Cookies: See our Cookie Policy
• Location: Disable location services in device settings

6.5 Region-Specific Rights

European Union (GDPR)

• Right to access, rectification, erasure, restriction, portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with your local data protection authority

California (CCPA/CPRA)

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of "sale" (we don't sell data)
• Right to non-discrimination

Other Jurisdictions

We comply with applicable data protection laws in your region.

7. Data Security

We implement industry-standard security measures:

• Encryption: TLS/SSL for data in transit, AES-256 for data at rest
• End-to-End Encryption: For private messages
• Access Controls: Role-based access, multi-factor authentication
• Security Audits: Regular penetration testing and vulnerability assessments
• Monitoring: 24/7 intrusion detection and response
• Compliance: SOC 2, GDPR, CCPA, ISO 27001 standards

However, no system is 100% secure. We cannot guarantee absolute security, but we take all reasonable precautions.

8. Children's Privacy

DuoWeave is not intended for users under 18. We do not knowingly collect information from children. If we learn we have collected information from a child under 18, we will delete it immediately.

If you believe a child has provided us with personal information, please contact us at privacy@duoweave.com.

9. International Data Transfers

DuoWeave operates globally. Your information may be transferred to and processed in countries other than your own, including the United States. We ensure adequate safeguards through:

• EU-U.S. Data Privacy Framework compliance
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules

10. Third-Party Links

The Service may contain links to third-party websites, apps, or services. We are not responsible for their privacy practices. Please review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via:

• Email to your registered address
• In-app notification
• Prominent notice on our website

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us:

• Email: privacy@duoweave.com
• Data Protection Officer: dpo@duoweave.com
• Mail: DuoWeave Privacy Department, [Your Address]

For EU/UK Users

Our EU representative: [EU Representative Name and Address]

For California Users

To exercise your CCPA rights, email privacy@duoweave.com with "California Privacy Request" in the subject line.

By using DuoWeave, you acknowledge that you have read and understood this Privacy Policy.