Privacy Policy

BiggDate is operated by Meet Patel, sole proprietor, trading as "BiggDate" (the "Service", "we", "us"). Principal place of business: [BUSINESS_ADDRESS — to be filled in], Ahmedabad, Gujarat, India.

General contact: privacy@biggdate.com. For statutory rights, complaints, or grievances see Section 12.

BiggDate is intended for users in India, the United Arab Emirates, and the United States. We do not offer the Service in the European Economic Area (EEA), the United Kingdom, or Switzerlandand we attempt to block sign-ups from those regions.

If you are in the EEA, UK, or Switzerland and somehow created an account, email us at privacy@biggdate.com and we will delete it.

• Account data — email, full name, username, password (hashed), date of birth, phone (optional).
• Profile and matchmaking data — photos, gender, pronouns, sexual orientation, partner preferences, dating intent, lifestyle (smoking, drinking, exercise, diet, sleep), relationship history, attachment style, love languages, conflict patterns, religion, politics, ethnicity, and the answers you give Maahi during onboarding.
• Special-category / sensitive personal data— many of the matchmaking fields above (sexual orientation, religion, political views, ethnicity, lifestyle indicators that touch on health) qualify as "sensitive" under DPDPA 2023, GDPR Art. 9, UAE PDPL, and similar laws. We process this data only on the basis of your explicit consent at signup and onboarding, and only to power matching, safety, and the features you use.
• Conversations — messages, voice notes, and date proposals exchanged inside BiggDate.
• Behavioral data — pages visited, matches sent, messages sent, dates logged, debriefs.
• Payment data — none today. BiggDate is in early access; Premium is unlocked via coupon codes we email. When paid plans launch, Stripe will process payments and we will never see your card number.
• Device data — IP address, browser, basic device info — used for security, fraud prevention, and abuse response.
• Cookies and trackers — see Section 8 and the Cookie Policy.

For each purpose below we identify the lawful basis under DPDPA 2023 (India), GDPR / UK-GDPR (if you reached the Service outside its intended region), UAE PDPL, and CCPA/CPRA (US).

• Run the matchmaking service (profile, matches, messages) — performance of contract; your consent for sensitive fields.
• Power AI features (Maahi, daily intentions, debriefs, match insights, voice transcription) — your consent; performance of contract.
• Send transactional emails (welcome, security, match notifications, billing) — performance of contract; legitimate interest in account security.
• Send marketing emails (daily Soul, Pulse prompts, reactivation, product updates) — only with your separate marketing consent, which you can withdraw at any time via the unsubscribe link in every marketing email or from Settings.
• Detect abuse, fraud, CSAM, harmful behavior (photo moderation, rate limiting, report triage) — legitimate interest in platform safety; legal obligation.
• Comply with legal obligations (tax, law-enforcement requests, retention duties) — legal obligation.
• Analytics and product improvement — only after you accept analytics via the cookie banner; legitimate interest constrained by your choice.

We share personal data with the following processors under written agreements that bind them to security and confidentiality at least as strict as this policy. We do not sell or rent your data to advertisers or data brokers.

• Supabase — database, authentication, file storage (hosted on AWS).
• Vercel Inc. — application hosting, edge compute, logs.
• Resend — transactional and marketing email delivery.
• Google LLC — Google Gemini for Maahi conversations and AI features.
• OpenAI — optional fallback AI model (only if enabled).
• Sightengine SAS — automated photo moderation for nudity, weapons, violence, and minor-protection checks.
• Stripe — payment processing when paid plans launch.
• Upstash — Redis rate limiting and abuse prevention.
• Sentry — error monitoring and crash reporting.
• Google Tag Manager, Meta Pixel, Microsoft Clarity, Vercel Analytics — only after you accept analytics in the cookie banner.
• Law enforcement and regulators — only where we are legally compelled or to prevent imminent harm.

Our primary infrastructure (Supabase, Vercel, Sentry, Google, OpenAI, Stripe, Resend) is operated from the United States. If you use BiggDate from India, the UAE, or the US, personal data may be transferred to and stored in the United States.

For transfers from India, we rely on your explicit consent under DPDPA §16 and on contractual safeguards (data-processing terms) with each subprocessor. For transfers from the UAE, we rely on contractual safeguards and your consent under PDPL Art. 22–23. We do not intentionally accept users from the EEA, UK, or Switzerland; if a user from those regions reaches us by mistake and contacts us, we will delete the account and any data we hold.

We retain personal data only as long as necessary for the purposes described above:

• Account, profile, photos, messages — while your account is active. On deletion, erased within 30 days, subject to legal-hold exceptions.
• Maahi AI session memory — pruned 90 days after the last update.
• Analytics events — 13 months from creation.
• Server and security logs — up to 90 days.
• Billing and tax records — up to 7 years where required by Indian tax law.
• Safety records (reports against you, ban history) — retained for as long as needed to keep the platform safe; not used for any other purpose.

BiggDate uses essential cookies for sign-in, session, and abuse prevention. These run regardless of consent because the Service cannot function without them. Analytics and product trackers (Google Tag Manager, Meta Pixel, Microsoft Clarity, Vercel Analytics) only load after you accept analytics in the cookie banner. You can change your choice any time from the cookie banner or Settings. See the Cookie Policy for the full list.

Subject to local law, you have the following rights over your personal data. To exercise any of them, email privacy@biggdate.com or use Settings → Privacy.

• Access — request a copy of your data. Self-service export is available in Settings.
• Correction / rectification — fix inaccurate or incomplete data.
• Erasure / deletion — delete your account and associated data. Self-service deletion is available in Settings.
• Portability — receive your data in a machine-readable format.
• Withdraw consent — including marketing emails, analytics, and sensitive-data processing. Withdrawal does not affect lawfulness of processing before withdrawal.
• Object / restrict processing — object to or restrict specific processing.
• Nominate (DPDPA §14) — Indian users may nominate another individual to exercise rights in case of death or incapacity. Contact us to register a nominee.
• Complaint to a regulator — in India, the Data Protection Board of India; in the UAE, the UAE Data Office; in California, the California Privacy Protection Agency.
• Non-discrimination (CCPA §1798.125) — we will not deny you the Service, charge different prices, or provide a different level of quality because you exercised a privacy right.

We respond to verified requests within 30 days. We may extend by a further 60 days for complex requests and will tell you if we do.

BiggDate is for adults 18 years and older. We collect date of birth at signup and reject any sign-up under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has signed up, email safety@biggdate.com and we will remove the account immediately and delete all associated data.

We use TLS in transit and encryption at rest provided by our infrastructure. We hash passwords, rate-limit authentication endpoints, scan uploaded photos for harmful content, and require email verification. No system is perfectly secure; if a breach occurs that materially affects you, we will notify you and the relevant regulator within the timeframes required by applicable law (72 hours under DPDPA / GDPR for high-risk breaches).

Per India IT Rules 2021 §4(1)(d) and DPDPA §13, the Grievance Officer for BiggDate is:

• Name: Meet Patel
• Designation: Founder and Grievance Officer
• Email: grievance@biggdate.com
• Postal address: [BUSINESS_ADDRESS], Ahmedabad, Gujarat, India
• Hours: Monday–Friday, 10:00–18:00 IST

We acknowledge grievances within 24 hours and resolve them within 15 days, as required by Indian law.

To report harmful or illegal content, email safety@biggdate.com or use the in-app Report option on any profile or conversation.

We have zero tolerance for child sexual abuse material (CSAM), grooming, sextortion, or any sexual content involving minors. Every uploaded photo is screened for under-18 indicators by automated tools, and anything flagged is held for human review. We report confirmed CSAM to the National Center for Missing & Exploited Children (NCMEC) and to Indian authorities under the POCSO Act and IT Act, and preserve associated data for investigation.

We'll notify you in-app and by email when we make material changes, at least 14 days before they take effect. Continued use after the effective date means you accept the updated policy. Older versions are available on request.