Privacy Policy

1. Who we are

Treacle is operated by Obscura Ventures Limited, a private limited company registered in England and Wales (Company No. 16568577).

Data controller contact: privacy@mytreacle.com

Registered address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

2. Data we collect

2.1 Account & profile data

• Name, email address, date of birth
• Gender identity (man, woman, non-binary, trans man, trans woman, agender, other)
• Sexual orientation (optional: straight, gay, lesbian, bisexual, pansexual, asexual, prefer not to say)
• Relationship preferences (serious, casual, marriage, open, any)
• Height
• Profile photos (stored securely on Cloudflare R2)
• City and approximate location (latitude/longitude rounded to ~11 km precision)

2.2 Attraction preferences

During onboarding you may provide detailed preferences about physical appearance, lifestyle, culture, religion, education, health, and family planning. These fields are encrypted at rest using AES-256 encryption and are only decrypted at the application layer when needed for matching.

2.3 Voice session data

• Audio: Streamed in real-time to our speech-to-text provider for transcription. Raw audio is not permanently stored on Treacle servers.
• Transcripts: Stored for personality analysis and to improve matching accuracy.
• Prosodic signals: Speech rate, pause patterns, and emotional reactivity are extracted as aggregate numerical vectors. No audio is retained.
• Extracted personality signals: OCEAN personality traits, attachment style, communication patterns, values, and interests are extracted from transcripts using AI and stored in your personality profile.

2.4 Chat & companion data

• All messages exchanged with Treacle's AI companion are stored to maintain conversation context and extract personality signals.
• Messages between matched users are stored for delivery and moderation purposes.

2.5 Photos & face scan

• Profile photos: Stored on our servers. Mathematical embeddings (512-dimensional vectors) are generated for visual compatibility matching.
• Face scan (optional): A selfie is processed to generate a facial embedding vector. The original image is discarded immediately after processing — only the numerical vector is stored.
• Camera roll analysis (optional): Performed entirely on your device using Apple Vision (iOS) or Google MLKit (Android). No photos leave your device. Only text labels (e.g. “hiking”, “dog”, “beach”) and anonymised timestamps are sent to our servers.

2.6 Connected services (optional)

With your explicit consent, you may connect the following services via OAuth. You can disconnect at any time.

• Google (Gmail, Calendar, YouTube, Contacts, Tasks, Google Fit, Photos, Drive): We access metadata only — email subjects and sender names (not body content), calendar time blocks (not event details), YouTube watch history categories, contact count, task categories, fitness activity summaries, and photo library metadata. Raw content is never stored.
• Apple Music: Listening history and library metadata for taste profiling.

OAuth access tokens and refresh tokens are encrypted with AES-256 before storage.

2.7 Location data

• Collected once during setup via your device's location services (foreground only, with your permission).
• Coordinates are rounded to one decimal place (~11 km grid) before transmission.
• Reverse geocoded to city/country level on your device. No precise GPS data is stored.

2.8 Personality profile (“soul graph”)

From your voice sessions, chats, and connected data, we build a multi-dimensional personality model covering traits, values, communication style, attachment patterns, interests, and lifestyle rhythms. This model is stored in a graph database and vector database and is used exclusively for matching. It is permanently deleted when you delete your account.

2.9 Payment data

• iOS subscriptions are processed by Apple via the App Store. We receive only a transaction identifier.
• Android subscriptions are processed by Google Play. We receive subscription status via RevenueCat.
• Web payments are processed by Stripe. We store your Stripe customer ID and subscription ID. We never see or store your card number.

2.10 Device & usage data

• Push notification token (for delivering match and message notifications)
• Analytics events (screen views, feature usage, onboarding progress) via PostHog
• Error reports and crash logs via Sentry
• No advertising identifiers are collected

2.11 Waitlist data

If you join our waitlist, we collect your email address. This is stored with our email provider (Resend) and used solely to notify you when Treacle is available to you.

3. Special category data (GDPR Article 9)

We process the following special categories of personal data, which require explicit consent under GDPR Article 9:

• Sexual orientation and relationship preferences
• Racial or ethnic origin (ethnicity/nationality preferences in your attraction profile — AES-256 encrypted)
• Religious beliefs (religion preferences — encrypted)
• Political opinions (political preference — encrypted)
• Health data (mental health and physical disability preferences — encrypted; substance use preferences — encrypted)
• Biometric data (facial embedding vectors derived from selfies; voice prosody vectors)

We process this data only with your explicit consent, which you provide during onboarding via our in-app consent screen. Each consent purpose is individually recorded with a version number and timestamp. You may withdraw consent at any time by deleting your account or contacting us.

4. How we use your data

• Matching: Building your personality profile and computing compatibility scores with other users
• Service delivery: Managing your account, processing subscriptions, delivering matches and messages
• Personalisation: Tailoring your AI companion's conversations to your personality and communication style
• Safety & moderation: Reviewing reports, blocking abusive users, preventing fraud
• Analytics: Understanding how users interact with Treacle to improve the product
• Communications: Sending transactional emails (match notifications, waitlist updates, trial reminders)

5. Automated decision-making & profiling (Article 22)

Treacle uses automated algorithms to:

• Extract personality signals from voice sessions and chat conversations
• Compute multi-dimensional compatibility scores (personality graph similarity, semantic similarity, visual compatibility, trait complementarity)
• Rank and tier potential matches

Matches above a confidence threshold are reviewed by the Treacle team before delivery to you. No match is sent without human oversight.

You have the right to request human review of any automated decision. Contact privacy@mytreacle.com.

6. Legal basis for processing

7. Who we share your data with

We do not sell your personal data. We share data with the following categories of service providers, all bound by data processing agreements:

AI & machine learning providers

• Anthropic (via AWS Bedrock) — Chat responses, personality extraction, image analysis. Processed in EU (eu-west-2).
• Cohere — Text embedding generation for semantic similarity matching.

Voice & speech providers

• Deepgram — Real-time speech-to-text transcription. Audio is processed in transit and not retained by Deepgram beyond the session.
• ElevenLabs — Conversational AI voice agent (speech-to-text, text-to-speech). Audio processed via WebRTC.

Infrastructure & storage

• Amazon Web Services (EU region) — PostgreSQL database (RDS), AI model inference (Bedrock), application hosting (App Runner)
• Cloudflare R2 (EU) — Photo storage
• Neo4j Aura — Personality graph database
• Upstash (EU) — Redis session caching

Payments

• Stripe — Web payment processing
• Apple — iOS in-app purchase processing
• Google Play — Android in-app purchase processing
• RevenueCat — Cross-platform subscription management

Communications

• Resend — Transactional email delivery (waitlist confirmations, match notifications)
• Expo Push Service — Push notification delivery (bridges to Apple APNs and Google FCM)

Analytics & monitoring

• PostHog (EU region) — Product analytics. We track feature usage, onboarding funnels, and engagement metrics. No advertising data is shared.
• Sentry — Error tracking and crash reporting
• Langfuse — AI model performance monitoring (prompt/response quality, latency)

8. International data transfers

Your data is primarily processed in the United Kingdom and European Union. Some sub-processors are based in the United States:

• Anthropic, Deepgram, ElevenLabs, Cohere, Stripe, Sentry, RevenueCat, Langfuse

Transfers to the US are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or the UK International Data Transfer Agreement, as applicable. We ensure all sub-processors maintain appropriate safeguards for your data.

9. Data retention

10. Data security

• Encryption at rest: Sensitive preference fields encrypted with AES-256. Database encrypted via AWS EBS encryption. OAuth tokens encrypted before storage.
• Encryption in transit: All communications over HTTPS/TLS. Database connections require SSL.
• Password security: Passwords hashed with bcrypt (never stored in plaintext).
• Access controls: Role-based access. Admin operations are authenticated and logged.
• On-device processing: Camera roll analysis runs entirely on your device. No photos are uploaded.

11. Your rights

Under UK GDPR, EU GDPR, and applicable data protection laws, you have the right to:

• Access — Request a copy of your personal data
• Rectification — Correct inaccurate or incomplete data
• Erasure — Delete your account and all associated data (“right to be forgotten”). When you delete your account, we cascade-delete all data across PostgreSQL, Neo4j, and file storage within 30 days.
• Data portability — Receive your data in a structured, machine-readable format
• Restriction of processing — Request that we limit how we use your data
• Object to processing — Object to processing based on legitimate interests
• Object to automated decision-making — Request human review of any match decision
• Withdraw consent — At any time, without affecting the lawfulness of prior processing

To exercise any right, email privacy@mytreacle.com. We will respond within 30 days.

12. California residents (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to know what personal information we collect and how it is used
• Right to delete your personal information
• Right to opt out of the sale of personal information — we do not sell your personal information
• Right to non-discrimination for exercising your rights

13. Children's privacy

Treacle is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover that a user is under 18, we will immediately delete their account and all associated data.

14. Cookies & similar technologies

• Session cookie: An encrypted JWT authentication token, essential for keeping you logged in. Expires after 30 days.
• Analytics: PostHog (EU-hosted) for product analytics. No advertising cookies are used.
• We do not use third-party advertising trackers or sell data to advertisers.

15. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification at least 14 days before they take effect. Continued use of Treacle after the effective date constitutes acceptance of the updated policy.

16. Contact & complaints

Data protection enquiries: privacy@mytreacle.com

General enquiries: hello@mytreacle.com

Obscura Ventures Limited, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk, or your local data protection authority.