StepMatches

Privacy Policy

Last updated 2026-05-15

About this Policy

This Privacy Policy describes how StepMatches collects, uses, shares, and protects information about you when you use the StepMatches mobile application. StepMatches is operated from Sofia, Bulgaria and acts as the controller of your personal data under the EU General Data Protection Regulation (GDPR) and Bulgarian data-protection law. If you have questions about this Policy or your data, see the Contact section at the end of this Policy.

What we collect

Account information (email, hashed password). Profile information (name, date of birth, gender, city, role, dance styles and experience, vibe and comfort tags, intentions, bio, height, studio). Photos and videos you upload, plus a photo of your government-issued ID only if you submit one for verification. Approximate location, only if you grant location permission. Activity on StepMatches (matches, passes, messages, event RSVPs). Device and technical information (model, OS, app version, locale, push token if you opted in, crash reports, IP address). Communications with us. We do not knowingly collect information about anyone under 18.

Why we use it (legal bases)

To provide the service (matching, chat, events, push) under our contract with you. To verify identity when you opt in, with your explicit consent. To keep StepMatches safe (review reports, detect abuse), under our legitimate interest balanced against your rights. To comply with the law. To communicate with you. To improve StepMatches (aggregate analytics, anonymous crash reports), under legitimate interest. We do not sell your personal data.

Who sees what

Other dancers see what you put on your profile: photos, name, age (computed from DOB โ€” we never show the date itself), city, role, styles and experience, vibe and comfort tags, intentions, bio, height, studio, verified status. In a match chat, your messages are visible to the other person. Service providers see only what they need: Supabase (Frankfurt, EU) for database, auth, storage, and real-time messaging; Expo / Apple / Google for push delivery and app distribution; a crash-reporting provider for stack traces. Authorities, where we are required by law to disclose. We do not run third-party advertising trackers.

ID verification data

If you submit an ID for verification, we use the image only to verify your identity. We do not display it to other users. We retain it for up to 90 days after the verification decision so we can handle disputes or repeated submissions, then we delete it.

How long we keep your data

Active accounts: we keep your profile and content for as long as your account is open. Deleted accounts: we delete your profile, photos, and chat content within 30 days, except where we need to keep limited data longer for legal obligations. Backups: routine backups are overwritten on a rolling 30-day schedule. ID images: up to 90 days. Logs and analytics: pseudonymized; up to 13 months.

Where we store it

StepMatches data is hosted in the European Union (Frankfurt region). Where a service provider transfers data outside the EU, we use the European Commission's standard contractual clauses or another lawful transfer mechanism.

Your rights under GDPR

Access, correction, deletion, restriction, objection, portability, withdrawal of consent, and the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (KZLD) or the supervisory authority in your country. To exercise these rights, contact us using the address in the Contact section at the end of this Policy, from the email linked to your account, or use Settings โ†’ Delete account for deletion. We respond within one month.

Security

We protect your data with encryption in transit (TLS), encryption at rest, row-level security, hashed passwords, and regular access reviews. If we discover a breach affecting your personal data we will notify you and the supervisory authority as required by law.

Cookies and similar technologies

StepMatches is a mobile app and does not use cookies in the browser sense. We store small amounts of data on your device (sign-in token, locale, theme preference) so the app works between sessions. You can clear it by deleting the app.

Children

StepMatches is for adults 18 and over. We do not knowingly collect information from children. If you are a parent or guardian and believe your child has used StepMatches, contact us and we will remove the account.

Changes

We may update this Policy from time to time. When the change is significant we will notify you in the app. Continuing to use StepMatches after a change means you accept the updated Policy.

Contact and data controller

The data controller is the StepMatches team. For any question about these Terms, this Policy, your data, or to exercise your privacy rights, write to taha.mostafa.goda@gmail.com. For complaints you also have the right to contact the Commission for Personal Data Protection of the Republic of Bulgaria.