Privacy Policy — Mithaq
Version: v1
Last updated: 2026-05-23
This document is a pre-launch draft designed to pass legal review. It does not constitute legal advice. Consult a qualified attorney before publishing.
1. Data We Collect
- Phone number — used for unambiguous identity verification. Stored as a one-way hash (HMAC-SHA256) only; we cannot reverse it.
- Profile photos — stored in private object storage; accessible only via signed URLs valid for 15 minutes.
- Questionnaire answers — used solely for matchmaking (religion, lifestyle, age range, values).
- Analytics metadata — aggregated usage metrics with no personally identifiable information (PII), processed via Mixpanel EU.
- Message content — end-to-end encrypted on your device. Mithaq cannot read your messages.
2. How We Use Your Data
- Matchmaking — our algorithm ranks men for each woman based on religion, age, travel distance, and shared values. No match score is ever disclosed to users.
- Service delivery — profile display, credit management, and conversation facilitation.
- Trust & Safety — detection of fake profiles and processing of user reports.
- Communications — push notifications for service updates; transactional email for account events.
We do not sell or share your data with third parties for marketing purposes.
3. Sub-processors
| Vendor | Purpose | Data Location |
|---|---|---|
| Supabase | Database & Authentication | EU (Frankfurt) |
| RevenueCat | Payment & subscription management | EU |
| Stream | Chat infrastructure (no message content) | EU |
| Virgil / Evervault | End-to-end encryption key management | EU (to be confirmed before launch) |
| Sumsub | Identity & liveness verification | EU (Lithuania) |
| Mixpanel EU | Analytics (no PII) | EU (Frankfurt) |
| Sentry | Error monitoring | EU |
| DigitalOcean Spaces | Photo storage | EU (Amsterdam) |
| Cloudflare | CDN & DNS | Global |
4. Your Rights (GDPR)
- Access — request a copy of your data at
support@mithaq-connect.com. - Rectification — update personal details at any time via the in-app Settings screen.
- Erasure — Settings → "Delete Account". Deletion is completed within 24 hours, purging all external sub-processors.
- Withdrawal of consent — use the in-app Settings screen or send a magic-link request to your registered email.
- Data portability — available on request at
privacy@mithaq-connect.com. - Complaint — you may lodge a complaint with your local supervisory authority (e.g., the Israeli Privacy Protection Authority or your EU member-state authority).
5. Data Retention
- Active account — data retained for the duration of service use.
- Deleted account — all personal data removed within 24 hours from all sub-processors. The phone number enters a 24-hour cooldown before it can be re-registered.
- Logs — retained for 30 days maximum; no PII included.
6. Security Measures
- End-to-end encryption (E2EE) for all message content via Virgil E3Kit.
- Transport Layer Security: TLS 1.3 only.
- Private photo storage accessible only via time-limited signed URLs (15 minutes).
- Two-factor authentication required for all administrative access.
- Screenshot blocking enforced inside the chat screen.
7. Children's Privacy
The service is strictly limited to users aged 18 and older. We do not knowingly collect data from minors. If we discover that a minor has created an account, it will be terminated immediately.
8. Policy Changes
Material changes will be notified to all active users. Previous versions are archived at permanent versioned URLs (/legal/privacy/v1, /legal/privacy/v2, etc.).
9. Contact
General support: support@mithaq-connect.com
Data Protection Officer (DPO): privacy@mithaq-connect.com