Ghosted – Privacy Policy

Last updated: 24 June 2025

Ghosted is built on the idea that dating works best when everyone feels safe and respected. This Privacy Policy explains what data we collect, why we collect it, and the choices you have. If anything here is unclear, drop us a line at hello@ghosted.co – we'll answer in plain English.

1 - Who we are

Disket Ltd (company no. 15604912, 9th Floor, 107 Cheapside, London, EC2V 6DN, United Kingdom) is the data controller for everything described here.

Privacy contact: Privacy Team – hello@ghosted.co.

We do not currently have a statutory Data‑Protection Officer or Article 27 EU representative; Disket Ltd deals directly with all privacy requests.

2 - The data we collect (and why)

CategoryExamplesWhy we need itLegal basis (GDPR)
Account dataEmail / phone, password, date of birth, display nameCreate your account, authenticate you, verify ageContract
Profile dataPhotos, bio prompts, gender, orientation, broad city‑level location, filters & settingsLet others discover you and run automated image analysis to enforce our no-filter ruleContract / Legitimate Interest
Sensitive info supplied by youSexual orientation, pronouns, health or religion (optional fields)Display it on your profile only if you chooseExplicit Consent
Chat messagesText, GIFs, emojis (stored by our chat provider)Let you communicate with matches; enforce safety rulesContract / Legitimate Interest
Foreground GPS dataLatitude/longitude only while the app is openShow nearby profiles, update your locationConsent (you grant via OS prompt)
Device & usage dataIP address, device IDFA/GAID, OS version, crash logs, feature clicksSecure the Service, debug issues, improve featuresLegitimate Interest
Purchase metadataSubscription tier, transaction ID, country, currency (from Apple)Provide paid features, detect fraud, meet tax rulesContract / Legal Obligation
Marketing preferencesPush‑token, opt‑in/out flagsSend service or promo messages you said yes toConsent

We do not import your address‑book contacts, record audio calls or run permanent background location tracking.

3 - How we use your data

  1. Run the Service: sign‑up, authenticate, match, chat, push notifications.
  2. Personalise your feed: ranking profiles, adjusting discovery settings, suggesting unedited photos.
  3. Safety & moderation: detecting spam, scams, offensive content; actioning reports; preventing repeat abusers.
  4. Product analytics: understanding which features people love and where they get stuck so we can improve Ghosted.
  5. Legal & compliance: keeping payment, tax and consent records; handling lawful requests from authorities.
  6. Future features: If we ever introduce advertising or new data uses, we'll update this Policy and, where the law requires, ask for fresh consent.

We never use your personal data to train third‑party AI models, and we don't sell data to anyone.

4 - Who we share it with

  • Service providers who process data on our behalf, for example:
    • Cloud hosting on AWS data centres – primary storage in the EU (eu‑central) with encrypted, read‑only replicas in other regions such as the United States for speed and resilience.
    • Real‑time chat infrastructure.
    • Analytics and crash‑reporting tools that help us understand app performance.

    All providers are bound by contract to keep data confidential and secure.

  • Payment platforms (Apple App Store, Google Play if launched) – they act as separate controllers for billing info.
  • Law‑enforcement or regulators when we believe in good faith the disclosure is required by law or will protect someone's vital interests.
  • Corporate transactions: if Ghosted is sold, merged or restructured, your data will transfer to the new owner under the same commitments.

We work with a small set of service partners—currently Meta and TikTok for advertising audiences, Adjust for mobile attribution, Amplitude for product analytics, RevenueCat for subscription management, and OneSignal for marketing and product notifications—as well as optional "Sign in with Apple" and "Sign in with Google." These partners receive only the data needed to perform their service and must keep that data confidential and secure. These partners may change over time; we'll update this Policy if we materially expand or change the list.

5 - International transfers

Your data is primarily stored in the European Union. Some service providers (e.g. analytics teams) may process data in other countries, including the United States. When that happens we rely on Standard Contractual Clauses and (for the U.K.) the International Data Transfer Addendum, or any successor frameworks approved by regulators. Copies of these safeguards are available on request.

6 - Retention

DataNormal retentionReason
Active account dataFor as long as your account existsProvide the Service
Inactive accountsDeleted after 24 months of no log‑insHouse‑keeping
Safety copy after voluntary deletionKept 3 months then wipedLet us process abuse reports filed shortly after you leave
Chat messagesSame as account; removed when account is deleted + safety windowUser experience & safety
Logs & analytics12 months for raw device‑level logs; aggregated, de‑identified usage metrics kept indefinitelyDiagnose issues, long‑term business analytics
Purchase & tax records10 years or local law minimumLegal obligation
Marketing opt‑out listUntil you opt back in or 5 yearsShow we respected your choice
Back‑upsAutomatically purged within 30 daysDisaster recovery

7 - Your rights

If you reside in the U.K. or EEA, you can:

  • Access a copy of your personal data.
  • Rectify inaccurate data.
  • Delete your account and most associated data directly in the app; for full erasure email hello@ghosted.co.
  • Restrict or object to certain processing.
  • Port data to another service (JSON or CSV export).
  • Withdraw consent at any time (e.g. turn off GPS or marketing pushes).

We will respond within 30 days (extendable once by 2 months for complex requests).

If you are unhappy with our response you can lodge a complaint with the U.K. ICO or your local Data Protection Authority.

California & similar U.S. state laws

Residents of California (CPRA) and other U.S. states with privacy legislation have the right to:

  • Know what categories of data we collect and why;
  • Access & delete personal data;
  • Correct inaccurate data;
  • Opt‑out of "selling or sharing" personal data.

Ghosted does not sell or share personal data for cross‑context behavioural advertising. If we ever change that, the Settings screen will include a clear "Do Not Sell/Share My Info" toggle.

8 - Security

We use industry‑standard technical and organisational measures such as encryption in transit, segmented databases, least‑privilege access controls and continuous monitoring. No system is infallible, but we work hard to keep your information safe.

9 - Children

Ghosted is strictly for users 18 years and older. We do not knowingly collect data from anyone under 18. If we learn that a minor has provided data, we will delete the account and any associated information immediately.

10 - Cookies & similar tech

Our www.ghosted.co website uses essential cookies for security and basic analytics cookies to understand traffic. You can manage non‑essential cookies via our banner when you first visit.

11 - Changes to this Policy

If we make material changes, we'll notify you 30 days in advance via the app or email. The "Last updated" date at the top tells you when we last revised the Policy.

12 - Contact us

Questions? Privacy worries? Drop us an email:

Privacy Team

Disket Ltd

9th Floor, 107 Cheapside

London EC2V 6DN

hello@ghosted.co

We're here to help and we reply in plain language.

Thanks for being part of Ghosted and for trusting us with your data.