Yuan — Privacy Policy
Last updated: 17 May 2026 · Contact: [email protected]
The short version
- The app collects what you give it: email, password (hashed, never stored in plain text), date of birth, profile answers, photos, and messages.
- That data is used to match you with other users, run the site, and act on abuse reports. Nothing else.
- Not sold. Not used to train AI. No advertisers. No third-party tracking.
- Delete your account whenever — log back in within 30 days to undo it; after that it’s wiped for good.
What gets collected
From you, directly: email and hashed password; your date of birth (collected at sign-up to confirm you’re 18 or over); the profile you fill in (display name, gender, photos, university, hometown, bio, questionnaire answers); messages to other users; reports and feedback; and, if you choose to support the project, the WeChat reference, screenshot, and the note you add (your sign-up email) so the contribution can be matched to your account. Optional postcode is used only to estimate distance.
From your browser, automatically: IP address (held only in memory for a short window to rate-limit sign-ups and abuse, not stored against your account; a hashed form is kept on feedback messages so repeat abuse can be spotted), last-seen timestamp (used by the matcher to favour recently-active users), and basic device/browser info.
Not collected: your real name (unless you put it in your display name — please don’t), race, religion, politics, health, or biometrics, and never live location.
What it’s used for
Matching, mostly — your questionnaire and activity feed the compatibility algorithm. Beyond that: delivering messages between matches, matching a supporter contribution to your account once it’s confirmed by hand, screening chat for abuse and scams, and tracking how the matcher itself is performing so it can improve over time.
Your data isn’t sold, isn’t shared with advertisers, and isn’t used to train machine-learning or generative AI. The only exception is a valid police request or a copyright takedown.
Cloudflare handles DNS and the secure connection to the site. No advertising network, no analytics provider, no AI vendor.
Algorithm telemetry
To tell whether the matching is actually working, the app records a few signals about how matches play out:
- How long you spent on a profile, and how many times you came back to it. These help the matcher tell a real look from a reflex pass.
- Whether a match started a real conversation (i.e. messages from both sides), and roughly how active the thread is.
- If you swap WeChat / phone / Telegram in chat, the app marks the match as having moved off-platform — without storing what you typed beyond what’s already in the message thread itself. This stops the matcher from misreading a quiet in-app chat as a failed match.
- If you fill in the post-match prompt (“did you meet?”, “did you continue chatting elsewhere?”), those answers feed the matcher too. The prompt is dismissible.
These signals are per-match, not anonymised, and they sit in the same database as the rest of your data — they get wiped when your account does.
Chat screening
Messages are scanned for spam, scams, and contact handovers (phone numbers, WeChat IDs, etc.). When a message trips the screen, a short excerpt of it goes into a moderation queue that only the Yuan team can read. The team uses this to decide whether to act on the account — the excerpt isn’t shown to the other user. Excerpts of flagged messages are kept after the account is deleted only when they relate to an open or escalated report; otherwise they’re scrubbed.
Who sees what
- Your daily picks see your display name, age, photos, university (unless hidden), and most questionnaire answers — minus anything you’ve chosen to hide.
- Once you match, they also see the messages you send them.
- Anyone who isn’t a pick or a match cannot see your profile.
- Only the Yuan team has access to user data — including profiles, photos, and chat messages — and only when investigating a report, confirming a supporter contribution, or responding to a help request.
- Servers and the database run with encryption at rest. The aim is to keep everything inside the UK / EEA.
Cookies and local storage
One session cookie so you stay signed in, plus a little browser-side storage for UI bits like unread badge counts. No third-party tracking cookies. No ads. That’s why there’s no cookie banner.
How long things stick around
Active accounts: as long as the account exists. Soft-deleted accounts: 30-day grace window to restore, then wiped. Hard delete: profile, photos, and messages erased from active systems within 30 days; old backups roll over within roughly two weeks. On a routine schedule, feedback messages older than 180 days and notifications older than 90 days are deleted; the per-profile records the matcher uses to gauge its own accuracy are deleted after 90 days, and the longer-lived match-outcome signals are stripped of any link to your account after 180 days. Password-reset codes expire after 30 minutes.
Your rights
Ask for a copy of your data, correct it, export it as JSON, delete it, restrict or object to certain processing, or withdraw consent for optional fields. The fastest way to download your data is Settings → “Download my data”. For anything else, email [email protected].
Under-18s
Yuan is for adults. Accounts from anyone under 18 aren’t welcome here — if you think a minor has registered, email [email protected] and the account will be removed.
Security
Passwords are hashed with argon2id (never stored as plain text), session cookies are signed and encrypted, and sign-up requires solving a server-checked verification question (no third-party CAPTCHA, no tracking). No system is perfectly secure — if a breach affecting your data happens, you’ll be notified.
Changes
Material changes to this policy get at least 14 days’ notice, in-app or by email, before they take effect.
Questions, requests, or complaints: [email protected].