Yuan — Privacy Policy

Last updated: 9 May 2026 · Contact: [email protected]

The short version

• The app collects what you give it: email, password (hashed with argon2id — the plain text is never stored), profile answers, photos, and messages.
• That data is used to match you with other users, run the site, and act on abuse reports. Nothing else.
• No selling of data. No training AI on your stuff. No advertisers. No third-party tracking, no Google Analytics, no Facebook pixels, no ads.
• Delete your account any time. You get a 30-day window to change your mind; after that it’s gone.
• UK GDPR applies. Access, correction, export, erasure — email [email protected].

What gets collected

From you, directly: email and hashed password; your profile (display name, date of birth, gender, photos, university, year, hometown, bio, MBTI, hobbies, intentions, and the optional questionnaire answers); messages to other users; reports and feedback you send in; and, if you become a supporter, the WeChat reference and screenshot for your contribution. If you fill in a postcode it’s only used to estimate distance — never shown to anyone else.

From your browser, automatically: IP address (used short-term for rate-limiting and abuse prevention), last-seen timestamp (so matches see who’s active), and basic device/browser info (so the site renders properly).

What’s deliberately not collected: your real name (unless you put it in your display name — please don’t), special-category data under UK GDPR (race, religion, politics, health, biometrics, etc.), any kind of criminal-record data, third-party social profiles, your contacts list, or live location.

What it’s used for

Matching, mostly — your questionnaire and activity feed the compatibility algorithm. Beyond that: delivering messages and email verification codes, confirming supporter contributions, detecting abuse and scams (a PII detector flags suspicious chat content for human moderator review), and tracking aggregate metrics like “X users registered last week” that can’t be traced back to anyone.

Your data isn’t sold, isn’t shared with advertisers, and isn’t used to train machine-learning or generative AI. The only exception is when the law requires disclosure — a valid police request or a copyright takedown, for example.

Lawful basis under UK GDPR

The bases the app relies on are: performance of contract (your profile data is needed to provide matching), consent (for optional sensitive fields you choose to show, withdrawable any time in Settings → Privacy), legitimate interest (abuse detection, rate limiting, operational security), and compliance with law (responding to valid requests from authorities).

Who sees what

• Your daily picks see your display name, age, photos, university (unless hidden), and most questionnaire answers — minus anything you’ve chosen to hide.
• Once you match, they also see the messages you send them.
• Anyone who isn’t a pick or a match cannot see your profile.
• The team (admins) can technically see everything, but only accesses individual records when investigating reports or supporter contributions. Every admin read is audit-logged.
• Servers and the database run on industry-standard infrastructure with encryption at rest. The aim is to keep everything inside the UK / EEA; where a sub-processor sits outside, UK-GDPR-approved transfer mechanisms apply.

Cookies and local storage

One session cookie (the Auth.js JWT) so you stay signed in, plus localStorage for small UI bits like unread badge counts. No third-party tracking cookies. No Google Analytics. No Facebook pixels. No ads. That’s why there’s no cookie banner.

How long things stick around

Active accounts: as long as the account exists. Soft-deleted accounts: 30-day grace window to restore, then wiped. Hard delete: profile, photos, and messages erased from active systems within 30 days; backups rotate out within 90 days. Reports filed against a user are kept (anonymised) for moderation history even after that user’s account is gone. Admin audit logs run about 12 months unless tied to an ongoing review. Supporter contribution records are kept up to 6 years in case of a dispute. Email verification tokens expire after 30 minutes.

Your rights under UK GDPR

You can ask for a copy of your data, correct it, export it in a machine-readable format, erase it (deleting your account does this; email if you can’t get in), restrict or object to certain processing, and withdraw consent for optional fields. If something feels wrong, you can also complain to the UK ICO at ico.org.uk. For any of the above, email [email protected] — replies within the 30-day UK GDPR deadline.

Under-18s

Yuan is for adults. Accounts from anyone under 18 aren’t welcome here — if you think a minor has registered, email [email protected] and the account will be removed.

Security

Passwords are hashed with argon2id — the plain text never gets stored or seen. Database connections use TLS, production databases use encryption at rest, JWTs are signed with HMAC-SHA256, admin actions are audit-logged, suspicious activity gets rate-limited, and signup has a math-captcha to slow down bots. No system is perfectly secure, though — if a breach affecting your data ever happens, you’ll be notified, and so will the UK ICO, within 72 hours.

Changes

Material changes to this policy get at least 14 days’ notice, in-app or by email, before they take effect.

Questions, requests, or complaints: [email protected].