Privacy Policy

1. Who we are

Treacle is operated by Obscura Ventures Limited, a private limited company registered in England and Wales (Company No. 16568577).

Data controller contact: privacy@mytreacle.com

Registered address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

2. Data we collect

2.1 Account & profile data

• Name, email address, date of birth (must be 18+)
• Gender identity (man, woman, non-binary, trans man, trans woman, agender, other)
• Sexual orientation (optional: straight, gay, lesbian, bisexual, pansexual, asexual, prefer not to say)
• Relationship preferences (serious, casual, marriage, open, any)
• Height
• City and approximate location (latitude/longitude rounded to ~11 km precision)
• User identifier and device identifier (for session continuity and abuse prevention)

2.2 Profile photos

Photos you upload as part of your dating profile are stored in Amazon S3 (eu-west-2, London) under the bucket treacle-uploads-999043. Access is mediated by short-lived presigned URLs — the bucket itself is not publicly listable. Mathematical embeddings (512-dimensional vectors) are generated from each photo for visual compatibility matching; the embeddings are stored in our PostgreSQL database alongside the photo reference.

2.3 Attraction preferences (Special Category Data)

During onboarding you may provide detailed preferences about physical appearance, lifestyle, culture, religion, education, health, sexual orientation, ethnicity and family planning. These fields are encrypted at rest using AES-256 and are decrypted only inside the matching worker when needed for compatibility scoring. They are never decrypted for analytics or displayed in admin tooling.

2.4 Voice recordings & transcripts

• Audio: Streamed in real-time via WebRTC to ElevenLabs Conversational AI (United States) for speech-to-text, LLM dialogue and text-to-speech, under Standard Contractual Clauses and the UK Data Bridge. Raw audio is not retained long-term — we delete any session audio we hold within 90 days, and ElevenLabs retains audio only as required to operate the service.
• Transcripts: Stored as text and as embedding vectors so we can extract personality signals across multiple sessions. Deleted on account deletion.
• Prosodic signals (V1–V18 voice vector): An 18-dimension numerical vector capturing speech rate, pause patterns, pitch variability and emotional reactivity is computed in our prosody DSP server (eu-west-2). The vector is stored; the raw audio used to compute it is not.
• Extracted personality signals: Personality traits, attachment style, communication patterns, values and interests are extracted from transcripts using Claude (via AWS Bedrock in eu-west-2) and stored in your personality profile (see 2.10).

2.5 Chat & companion data

• All messages exchanged with Treacle's AI companion are stored to maintain conversation context and to extract personality signals.
• Long-term conversational memory is stored with mem0.ai (United States) under SCCs and the UK Data Bridge.
• Messages between matched users are stored for delivery, read receipts and moderation purposes.

2.6 On-device camera roll analysis (optional)

If you grant photo library access, Treacle analyses your camera roll entirely on your device using Apple Vision (iOS) or Google MLKit (Android). No images ever leave your phone. Only aggregated, derived signals are transmitted to our servers: category ratios (e.g. hiking, dog, beach, food, screenshots), social density counts (number of distinct faces detected per photo, in coarse buckets), and temporal activity patterns. These feed your lifestyle and rhythm profile.

2.7 Apple Music listening (optional, iOS only)

If you connect Apple Music via MusicKit, we read your recent listening history and library metadata (track titles, artists, genres, play counts) to derive a music-taste signal. Playback audio is never accessed. Only the derived signals (top genres, artist diversity, taste embeddings) are stored on our servers. You can revoke MusicKit access at any time from your iOS Settings or in-app.

2.8 Health & fitness data via Health Connect (optional, Android only)

On Android, if you grant Health Connect permissions, we read the following data classes from Google Health Connect:

• Steps (daily totals)
• Sleep (session duration)
• Exercise (activity type and frequency)

We do not read GPS or location traces, heart rate, blood pressure, body composition, or any other biometric data. Raw Health Connect records are aggregated to weekly summaries on the server and converted into coarse trait values (e.g. activity level, sleep regularity) that feed three of our 32 compatibility-profile dimensions. The aggregated traits are stored in PostgreSQL (eu-west-2) with a source-trust weight of 0.8.

This integration is Android-only — the iOS app does not use HealthKit and does not read any health or fitness data on iOS. You can revoke Health Connect access at any time from the Health Connect app on your device. Once revoked, the derived traits are deleted within 30 days.

2.9 Other connected services (optional)

With your explicit consent, you may connect the following services via OAuth. You can disconnect any service at any time from in-app Settings.

• Google (Gmail, Calendar, YouTube, Contacts, Photos, Drive): We access metadata only — email subjects and sender names (not body content), calendar time blocks (not event details), YouTube watch history categories, contact count, and photo library metadata. Raw content is never stored. Sensitive Google scopes (Calendar, Contacts, Photos) are subject to Google's OAuth verification.

OAuth access tokens and refresh tokens are encrypted with AES-256 before storage. Authentication state parameters are HMAC-signed to prevent CSRF.

2.10 Personality profile (“soul graph” & voice vector)

From your voice sessions, chats, on-device signals and connected data, we automatically build:

• The Treacle Compatibility Profile (TCP) — a 32-dimension model across 6 domains (personality, values, lifestyle, communication style, attachment, intent).
• An 18-dimension voice prosody vector (V1–V18) derived from voice during onboarding.
• Various embedding vectors (style 1536d, media 1536d, attraction 512d, photo 512d, rhythm 16d) used for similarity matching.

These models are stored in our PostgreSQL database (eu-west-2), our pgvector vector store (eu-west-2), and our Neo4j AuraDB graph database (EU region). They are used exclusively for matching and are permanently deleted on account deletion.

2.11 Location data

• Collected once during setup via your device's location services (foreground only, with your permission). On Android we request both fine and coarse location permissions; on iOS we request WhenInUse.
• Coordinates are rounded to one decimal place (~11 km grid) before transmission and storage.
• Reverse-geocoded to city/country level on your device. No precise GPS trail or location history is retained.

2.12 Push notification tokens

When you enable notifications, we receive a push token from Apple Push Notification service (APNs) on iOS, Firebase Cloud Messaging (FCM) on Android, and the Expo Push Service which bridges to both. The token is stored against your account so we can deliver notifications about new matches, messages, weekly drops and trial reminders. Tokens contain no personal content.

2.13 Subscription & purchase data

• iOS subscriptions are processed by Apple via the App Store; we receive only a transaction identifier and subscription state via RevenueCat.
• Android subscriptions are processed by Google Play Billing; we receive subscription state via RevenueCat.
• We never see, store or process your card number or payment method. All payment-instrument handling is performed by Apple and Google respectively.

2.14 Device, diagnostics & usage data

• Anonymised analytics events (screen views, feature usage, onboarding progress, waitlist source attribution) via PostHog EU Cloud (Frankfurt).
• Crash reports, performance traces and error context via Sentry (Germany). All payloads are routed through an internal observability facade that strips and normalises any non-error values before sending.
• Device identifier (used for session continuity, multi-device login and abuse prevention).
• No advertising identifiers (IDFA / GAID) are collected. We do not track you across other apps or websites and we do not run any advertising SDKs.

2.15 Waitlist data

If you join our waitlist, we collect your email address and an optional referral source. This is stored with our email provider (Resend) using Resend Audiences, and used solely to notify you when Treacle is available to you and to attribute referrals.

3. Special category data (GDPR Article 9)

We process the following special categories of personal data, which require explicit consent under GDPR Article 9:

• Sexual orientation and relationship preferences
• Racial or ethnic origin (ethnicity/nationality preferences in your attraction profile — AES-256 encrypted)
• Religious beliefs (religion preferences — encrypted)
• Political opinions (political preference — encrypted)
• Health data (mental health and physical disability preferences — encrypted; substance use preferences — encrypted; on Android, derived activity / sleep / exercise traits from Health Connect)
• Biometric data (voice prosody vectors derived from your voice during onboarding)

We process this data only with your explicit consent, which you provide during onboarding via our in-app consent screen and the AI disclosure gate. Each consent purpose is individually recorded with a version number and timestamp. You may withdraw consent at any time by deleting your account or contacting us.

4. How we use your data

• Matching: Building your personality profile and computing compatibility scores with other users.
• Service delivery: Managing your account, processing subscriptions, delivering matches and messages, sending push notifications.
• Personalisation: Tailoring your AI companion's conversations to your personality and communication style.
• Safety & moderation: Reviewing reports, blocking abusive users, preventing fraud.
• Analytics: Understanding how users interact with Treacle to improve the product.
• Communications: Sending transactional emails (match notifications, waitlist updates, trial reminders).

5. Automated decision-making & profiling (GDPR Article 22)

Treacle's core function depends on automated processing of your personal data. You have a right under GDPR Article 22 to know how this works and to object.

5.1 What we compute automatically

• Extraction of personality signals from voice transcripts and chat conversations using Claude (via AWS Bedrock).
• The 32-dimension Treacle Compatibility Profile (TCP) across 6 domains.
• The 18-dimension voice prosody vector (V1–V18) from your voice sessions.
• Multi-dimensional compatibility scoring (graph similarity, semantic similarity, visual compatibility, trait complementarity) and ranking of candidate matches.

5.2 Human review (the “weekly drop”)

No match is ever delivered to you without human review. Each weekly batch of candidate matches is reviewed by a member of the Treacle team in our admin panel before being released. A human can override, swap or veto any match the algorithm proposes. This human-in-the-loop step exists specifically so that the legal effects of our matching are not produced solely by automated means.

5.3 Your rights

• Right to human review: You may request a human re-review of any specific match decision by emailing privacy@mytreacle.com.
• Right to express your point of view and contest: You can challenge a profile signal we have inferred about you and request correction.
• Right to object to profiling: You can opt out of automated profiling at any time. Because automated personality profiling and compatibility scoring is the Treacle service, opting out means you will no longer be able to use the app — we will close your account and delete your data on request.

6. Legal basis for processing

7. Sub-processors & who we share your data with

We do not sell your personal data. We share data with the following sub-processors, each bound by a data processing agreement. The table lists the country of processing and the transfer safeguard relied on for transfers out of the UK/EEA.

8. International data transfers

Your data is primarily processed in the United Kingdom and European Union (AWS eu-west-2, Sentry Germany, PostHog Frankfurt, Neo4j Aura Belgium, Langfuse EU). A subset of sub-processors are located in the United States — specifically ElevenLabs, mem0.ai, Resend, RevenueCat, Inngest, Cohere, LiveKit (legacy), Apple and Google.

Transfers outside the UK/EEA are protected by:

• The European Commission's Standard Contractual Clauses (Implementing Decision 2021/914);
• The UK International Data Transfer Addendum / UK–US Data Bridge for transfers from the UK to certified US processors;
• Adequacy decisions, where applicable; and
• Additional technical and organisational measures such as encryption in transit, encryption at rest, and minimisation of identifying content sent to third-party LLMs.

You may request a copy of the relevant transfer mechanism at privacy@mytreacle.com.

9. Data retention

10. Data security

• Encryption at rest: Sensitive AttractionProfile fields (sexual orientation, ethnicity, religion, politics, attraction preferences) encrypted with AES-256. Database storage encrypted via AWS EBS encryption. OAuth access and refresh tokens encrypted before storage.
• Encryption in transit: All communications over HTTPS/TLS. Database connections require SSL.
• Password security: Passwords hashed with bcrypt (never stored in plaintext).
• OAuth state integrity: OAuth state parameters are HMAC-signed to prevent CSRF and tampering.
• Access controls: Role-based access. Admin operations are authenticated and logged.
• On-device processing: Camera roll analysis runs entirely on your device. No photos are uploaded.
• Observability boundary: All error and analytics payloads are normalised through an internal facade so that DOM events, plain objects and other non-error values never leak unstructured personal context to third parties.

11. Your rights

Under UK GDPR, EU GDPR, and applicable data protection laws, you have the right to:

• Access — Request a copy of your personal data.
• Rectification — Correct inaccurate or incomplete data, including any personality signal we have inferred about you.
• Erasure — Delete your account and all associated data (“right to be forgotten”). When you delete your account, we cascade-delete all data across PostgreSQL, Neo4j, Redis, pgvector, mem0, S3 and our sub-processors within 30 days.
• Data portability — Receive your data in a structured, machine-readable format.
• Restriction of processing — Request that we limit how we use your data.
• Object to processing — Object to processing based on legitimate interests.
• Object to automated decision-making and profiling — Request human review of any match decision, contest inferred traits, or opt out of profiling entirely (see Section 5).
• Withdraw consent — At any time, without affecting the lawfulness of prior processing.
• Lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office at ico.org.uk/make-a-complaint.

To exercise any right, email privacy@mytreacle.com. We will respond within 30 days.

12. California residents (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to know what personal information we collect and how it is used.
• Right to delete your personal information.
• Right to opt out of the sale of personal information — we do not sell your personal information.
• Right to non-discrimination for exercising your rights.

13. Children's privacy

Treacle is a dating service intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover that a user is under 18, we will immediately close their account and delete all associated data.

14. Cookies & similar technologies

• Session cookie: An encrypted JWT authentication token, essential for keeping you logged in. Expires after 30 days.
• Analytics: PostHog EU Cloud for product analytics. No advertising cookies are used.
• We do not use third-party advertising trackers, advertising identifiers (IDFA / GAID), or sell data to advertisers.

15. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification at least 14 days before they take effect. Continued use of Treacle after the effective date constitutes acceptance of the updated policy.

16. Contact & complaints

Data protection enquiries: privacy@mytreacle.com

General enquiries: hello@mytreacle.com

Obscura Ventures Limited, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk, or your local data protection authority.