DRAFT — REQUIRES LEGAL REVIEW
This document is a preliminary draft for internal review purposes only. It has not been reviewed or approved by legal counsel. Do not treat this as final legal advice or a binding privacy policy.
Privacy Policy
Accelvine · Tangible App · Last updated: [DATE PENDING LEGAL REVIEW]
1. Introduction
Accelvine ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Tangible mobile application and accelvine.com.
By using our services, you agree to the collection and use of information as described in this policy.
2. Information We Collect
2.1 Identity Data
When you create an account, we collect: email address, display name, and (if using social auth) your name as provided by Google or Apple. Your email address is classified as PII and is never exposed to other users or included in discovery results.
2.2 Profile Data
To build your profile, we may collect: date of birth (for age gating and display), gender, city and country, biography, job title, education level, kids status, language preferences, height, and profile photos.
You may optionally provide: ethnicity, religion, and political views. These fields are stored for profile display purposes only and are never included in discovery feed results or shared with other services.
2.3 Financial Data
Financial data is the most sensitive category of information we handle. Here is exactly what happens:
- What you authorize: Via Plaid, you authorize read-only access to your bank transaction history.
- What we store: A 51-dimension privacy-scaled compatibility vector. This is a mathematical representation of your financial behavior. Raw transaction amounts are never stored.
- Where it's processed: In an isolated, separate system, completely separate from all other Accelvine systems.
- Irreversibility guarantee: The privacy-scaling transformation is mathematically irreversible — nobody can reconstruct your actual spending from the vector.
- Merchant names: Merchant names are HMAC-hashed before any storage or analysis. Your actual merchant identities are never stored.
- Plaid tokens: Plaid access tokens are stored only in Account B's Secrets Manager and never cross to Account A (the user-facing system).
2.4 Interaction Data
We store your interaction actions to power matching and feed logic:
- Likes: Retained until deleted or account termination
- Dislikes: Retained for 90 days, then automatically deleted
- Matches: Retained until unmatched or account termination
- Blocks: Permanent (protect your feed from unwanted contacts)
- Seen profiles: Retained for 30 days to prevent re-showing profiles
2.5 Device Data
We collect device identifiers and push notification tokens to deliver notifications. Push tokens are stored as SHA-256 hashes — raw token values are never persisted. JWT sessions are tied to device IDs and expire after a set period.
2.6 Chat Data
Messages and media shared between matched users are stored in Firebase. This data has a 365-day lifecycle after the match is terminated. You can request deletion by contacting support.
3. How We Use Your Information
- To create and manage your account
- To compute financial compatibility scores and power the discovery feed
- To deliver push notifications for matches and messages
- To moderate profile photos for content policy compliance
- To enforce age requirements and prevent abuse
- To improve our algorithms and user experience (aggregate analytics only)
4. Third-Party Services
We use the following third-party services:
- Plaid: Secure bank account linking and transaction access. Governed by Plaid's Privacy Policy.
- Amazon Web Services (AWS): Cloud infrastructure, database, storage, and event processing.
- Google Sign-In / Apple Sign-In: Social authentication providers.
- Firebase (Google): Real-time chat infrastructure.
- APNs (Apple) / FCM (Google): Push notification delivery.
5. Data Retention Summary
| Data Category | Retention Period |
|---|---|
| Profile data | Until account deletion |
| Financial vector | Until Plaid revocation or account deletion |
| Likes / matches / blocks | Until deleted or account termination |
| Dislikes | 90 days |
| Seen profile records | 30 days |
| Chat messages & media | 365 days after match termination |
| JWT sessions | Until expiry or account deletion |
| Push device tokens (hashed) | Until device de-registered or account deletion |
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (right to erasure)
- Object to or restrict our processing of your data
- Data portability
To exercise your rights, delete your account through the App settings or email contact@accelvine.com. We will respond within [TIMEFRAME — PENDING LEGAL REVIEW].
7. Data Security
We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, role-based access controls with least-privilege principles, and isolated processing environments for sensitive financial data. No system is perfectly secure, and we cannot guarantee absolute security.
8. Children's Privacy
Tangible is not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us immediately at contact@accelvine.com.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. Continued use after changes are posted constitutes acceptance of the updated policy.
10. Contact Us
For privacy-related questions or requests, contact us at contact@accelvine.com.