Legal

Privacy Policy

Last updated: January 2025 · GDPR-compliant · No ads, no data selling

1. Data we collect

We collect only the minimum necessary to run SpeedDate. Here's what we store:

DataWhen collectedPurpose
NameRegistrationDisplay to event participants
Email addressRegistrationAccount access, event confirmations, reminders
AgeRegistrationAge-appropriate event matching
IP addressEvery requestSecurity, rate limiting, fraud prevention
Session cookieLoginKeeping you logged in
Event participationDuring eventsMatch calculation, statistics
Match ratingsPost-eventShowing mutual matches

We do not collect: phone numbers, social media profiles, location, payment card details (donations processed by PayPal), or any biometric data.

2. How we use your data

  • Authenticate your account and maintain your session
  • Send event confirmations, reminders, and match notifications
  • Calculate mutual matches at the end of events
  • Detect and prevent abuse, spam, and fraud
  • Improve the platform using anonymised, aggregated statistics

We do not use your data for advertising, profiling, or sale to third parties — ever.

3. Storage & security

All data is stored on servers within the EU. We use:

  • HTTPS/TLS for all data in transit
  • bcrypt hashing for passwords (never stored in plain text)
  • Prepared statements to prevent SQL injection
  • Session tokens stored server-side, rotated on login
  • Automatic purging of expired sessions and tokens

4. Data sharing

We share data only in these limited circumstances:

  • With event organizers — first name and participation status only, for events they host
  • With PayPal — when you make a donation (their Privacy Policy applies)
  • When legally required — in response to valid legal process

We never sell, rent, or trade personal data to any third party for marketing purposes.

5. Cookies

We use only essential cookies. No tracking or advertising cookies.

CookiePurposeDuration
sd_sessSession authentication7 days
sd_cookieCookie consent preference (localStorage)Permanent (localStorage)

6. Your rights under GDPR

If you are in the EU/EEA, you have the following rights:

Right to access

Request a copy of all personal data we hold about you.

Right to rectification

Correct inaccurate or incomplete personal data.

Right to erasure

Request deletion of your account and all associated data.

Right to portability

Receive your data in a machine-readable format.

Right to object

Object to processing based on legitimate interests.

Right to restrict

Limit how we process your data in certain circumstances.

To exercise any of these rights, email privacy@speed-dating.org. We respond within 30 days.

7. Data retention

  • Account data — retained while your account is active, deleted within 30 days of account deletion request
  • Event participation logs — anonymised after 12 months
  • Server logs (IP) — retained for 90 days for security purposes
  • Contact form messages — retained for 12 months then deleted

8. Contact & complaints

Data controller: SpeedDate
Email: privacy@speed-dating.org

If you believe we have mishandled your data, you have the right to lodge a complaint with your local data protection authority.