Last updated: 24 June 2025
Ghosted is built on the idea that dating works best when everyone feels safe and respected. This Privacy Policy explains what data we collect, why we collect it, and the choices you have. If anything here is unclear, drop us a line at hello@ghosted.co – we'll answer in plain English.
Disket Ltd (company no. 15604912, 9th Floor, 107 Cheapside, London, EC2V 6DN, United Kingdom) is the data controller for everything described here.
Privacy contact: Privacy Team – hello@ghosted.co.
We do not currently have a statutory Data‑Protection Officer or Article 27 EU representative; Disket Ltd deals directly with all privacy requests.
Category | Examples | Why we need it | Legal basis (GDPR) |
---|---|---|---|
Account data | Email / phone, password, date of birth, display name | Create your account, authenticate you, verify age | Contract |
Profile data | Photos, bio prompts, gender, orientation, broad city‑level location, filters & settings | Let others discover you and run automated image analysis to enforce our no-filter rule | Contract / Legitimate Interest |
Sensitive info supplied by you | Sexual orientation, pronouns, health or religion (optional fields) | Display it on your profile only if you choose | Explicit Consent |
Chat messages | Text, GIFs, emojis (stored by our chat provider) | Let you communicate with matches; enforce safety rules | Contract / Legitimate Interest |
Foreground GPS data | Latitude/longitude only while the app is open | Show nearby profiles, update your location | Consent (you grant via OS prompt) |
Device & usage data | IP address, device IDFA/GAID, OS version, crash logs, feature clicks | Secure the Service, debug issues, improve features | Legitimate Interest |
Purchase metadata | Subscription tier, transaction ID, country, currency (from Apple) | Provide paid features, detect fraud, meet tax rules | Contract / Legal Obligation |
Marketing preferences | Push‑token, opt‑in/out flags | Send service or promo messages you said yes to | Consent |
We do not import your address‑book contacts, record audio calls or run permanent background location tracking.
We never use your personal data to train third‑party AI models, and we don't sell data to anyone.
All providers are bound by contract to keep data confidential and secure.
We work with a small set of service partners—currently Meta and TikTok for advertising audiences, Adjust for mobile attribution, Amplitude for product analytics, RevenueCat for subscription management, and OneSignal for marketing and product notifications—as well as optional "Sign in with Apple" and "Sign in with Google." These partners receive only the data needed to perform their service and must keep that data confidential and secure. These partners may change over time; we'll update this Policy if we materially expand or change the list.
Your data is primarily stored in the European Union. Some service providers (e.g. analytics teams) may process data in other countries, including the United States. When that happens we rely on Standard Contractual Clauses and (for the U.K.) the International Data Transfer Addendum, or any successor frameworks approved by regulators. Copies of these safeguards are available on request.
Data | Normal retention | Reason |
---|---|---|
Active account data | For as long as your account exists | Provide the Service |
Inactive accounts | Deleted after 24 months of no log‑ins | House‑keeping |
Safety copy after voluntary deletion | Kept 3 months then wiped | Let us process abuse reports filed shortly after you leave |
Chat messages | Same as account; removed when account is deleted + safety window | User experience & safety |
Logs & analytics | 12 months for raw device‑level logs; aggregated, de‑identified usage metrics kept indefinitely | Diagnose issues, long‑term business analytics |
Purchase & tax records | 10 years or local law minimum | Legal obligation |
Marketing opt‑out list | Until you opt back in or 5 years | Show we respected your choice |
Back‑ups | Automatically purged within 30 days | Disaster recovery |
If you reside in the U.K. or EEA, you can:
We will respond within 30 days (extendable once by 2 months for complex requests).
If you are unhappy with our response you can lodge a complaint with the U.K. ICO or your local Data Protection Authority.
Residents of California (CPRA) and other U.S. states with privacy legislation have the right to:
Ghosted does not sell or share personal data for cross‑context behavioural advertising. If we ever change that, the Settings screen will include a clear "Do Not Sell/Share My Info" toggle.
We use industry‑standard technical and organisational measures such as encryption in transit, segmented databases, least‑privilege access controls and continuous monitoring. No system is infallible, but we work hard to keep your information safe.
Ghosted is strictly for users 18 years and older. We do not knowingly collect data from anyone under 18. If we learn that a minor has provided data, we will delete the account and any associated information immediately.
Our www.ghosted.co website uses essential cookies for security and basic analytics cookies to understand traffic. You can manage non‑essential cookies via our banner when you first visit.
If we make material changes, we'll notify you 30 days in advance via the app or email. The "Last updated" date at the top tells you when we last revised the Policy.
Questions? Privacy worries? Drop us an email:
We're here to help and we reply in plain language.
Thanks for being part of Ghosted and for trusting us with your data.