← Back to ZMetcha

Privacy Policy

Effective April 27, 2026 · ZMETCHA LLC, Scottsdale, Arizona

ZMETCHA LLC ("Company," "we," "us," or "our") operates ZMetcha. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights.

We recognize that information shared on ZMetcha may be deeply personal and sensitive - including your sexual orientation, relationship preferences, health status, intimate boundaries, and religious beliefs. We treat this data with the highest level of care. We do not sell your personal data. We do not share it for advertising purposes. We do not use it for targeted advertising from third parties. We strive to collect only the data necessary to provide and improve our services and to ensure user safety. Your trust is the foundation of our platform, and we take that responsibility seriously.

1. Data We Collect

1a. Data You Provide

  • Account data: name, email, phone number, date of birth, gender, sexual orientation.
  • Profile data: photos, bios, relationship intent (friends/hookups/dating), location (city & state), religion, race, education, political views, body type, height.
  • Preference data: partner preferences (Want/Neutral/Avoid for traits), age range, distance, dealbreaker settings.
  • Questionnaire responses: our questionnaires may assess areas such as personality traits, relationship preferences, communication and conflict styles, lifestyle factors (tidiness, living habits, family expectations), financial and family compatibility attitudes, and intimate preferences (18+ only). Responses may be used to generate insights about your preferences, personality traits, or compatibility for matchmaking purposes. These insights are generated through automated systems and are not intended to be scientifically accurate, diagnostic, or predictive of real-world behavior or long-term relationship outcomes. We treat quiz responses and derived insights as sensitive information and use them solely to provide and improve our services.
  • Health data (voluntary): STD/STI disclosure, food allergies and dietary restrictions. This data is classified as sensitive and requires your explicit consent.
  • Financial comfort data (voluntary): general self-assessment of financial comfort, mindset, and ambition. We do not collect actual income, assets, or bank details.
  • Criminal disclosure (voluntary): self-reported criminal history for dating profiles. Unverified by us.
  • Background check data (future feature): we may offer optional third-party background checks in the future. If offered, we would collect and display only a pass/fail trust badge on your profile through a FCRA-compliant provider. Detailed background check records would not be stored on our servers. This feature is not guaranteed and should not be relied upon as a guarantee of safety.
  • Verification data: selfie photos (for face verification), government-issued ID images (for age/identity verification).
  • Messages: text content exchanged between matched users. Messages may be scanned by automated safety systems to detect potential scams, fraud, or policy violations. See Section 2 for details.
  • Video/voice calls: we facilitate peer-to-peer video and voice calls between matched users. We do not record, store, or monitor the audio or video content of calls. We retain only call metadata (participants, duration, timestamps) for service operation and safety purposes.
  • Feedback & support: reports, feedback submissions, support requests.

1b. Data Collected Automatically

  • Device information (IP address, device type, operating system, browser type). Your IP address may be used to determine an approximate city-level location at the time of login for safety and fraud prevention purposes.
  • Device identifiers: we collect a hashed device fingerprint (derived from browser characteristics such as screen resolution, timezone, and language settings) for fraud prevention and ban evasion detection. This fingerprint cannot identify you personally but may be used to detect if a previously banned user attempts to re-register.
  • Usage data (features used, timestamps, interaction patterns, session duration).
  • Presence data (online/away/offline status based on app activity).
  • Push notification tokens: if you opt in to push notifications, we store your device's push subscription endpoint to deliver notifications. You can manage your notification preferences in your account settings and revoke push access at any time.

1c. Location Data

We collect city and state level location only, as provided by you during profile setup. We do notcontinuously track your location. We request access to your device location (such as GPS) only for the purpose of verifying your profile location. If you grant browser location permission, we use your device coordinates once per session to verify that your location is consistent with your profile. This comparison produces a pass/fail result only; precise coordinates are not stored long-term. Users who pass this check receive a Location Verified badge on their profile. Location verification indicates that a user's device location matched or was consistent with their stated or approved profile locations at the time of a recent session. Verification may include automated and manual review.It does not guarantee a user's current location or real-time presence.The badge is reset whenever you change your profile location. Your exact coordinates are never shared with other users. Location mismatches may be used as part of our safety and fraud detection systems.

Login location logging: each time you sign in, we record an approximate city-level location derived from your IP address. Location data derived from IP addresses is approximate and may not be accurate. This data is used solely for safety, fraud prevention, and account security (e.g., detecting unauthorized access from unfamiliar locations) and is not used for exclusion or discrimination. Login location records are retained for up to 12 months. Access to location and login history is restricted to authorized personnel for safety, fraud prevention, and operational purposes.

Location change tracking: if you change the city or state on your profile, we ask you to select a reason (e.g., moved, traveling, work). This reason is stored alongside the change timestamp and is used to maintain match relevance and detect suspicious account activity. Location change reasons are visible only to our safety and moderation teams.

1d. Biometric Data

During selfie verification, we use face-api.js (a JavaScript facial recognition library) to extract facial geometry data from your selfie and compare it against your profile photos. This processing occurs on our servers only - your biometric data is never sent to any third-party facial recognition service.

  • Facial geometry data is used for identity verification and for duplicate-account (sybil) detection only.
  • Full selfie images and intermediate verification data are retained for a maximum of 30 days after successful verification, then permanently deleted.
  • A facial-geometry descriptor (a mathematical vector, not an image) is retained for the lifetime of your account so we can detect new signups that match an existing user. It is never shared with third parties and is deleted on account deletion.
  • Duplicate-match flags generate a review task for a human administrator; they never result in an automatic ban.
  • Upon account deletion, all biometric data - including the stored descriptor - is permanently destroyed within 24 hours.
  • We do not sell, lease, trade, or otherwise profit from your biometric data.
  • Illinois, Texas, and Washington residents will be presented with a separate biometric consent form before collection.

1e. Search Findability

By default, your account is findable by phone number, email, and first name / username when another user searches for you in the in-app Explore search. You can disable any of these channels independently in Settings → Privacy: Search Findability. Defaults are explicit opt-out, not opt-in: by enabling search findability you consent to ZMetcha returning your profile card (display name, age, photo, city/state) to users who type a matching identifier.

  • Phone: a user with your exact E.164 phone number can locate your profile card. Phone is hashed at lookup time; we do not maintain a reverse-lookup index.
  • Email: a user with your exact email address (case-insensitive) can locate your profile card. We do not return partial-email matches.
  • Name / username: a user typing your first name or @username can locate your profile card. Disabling this hides you from name-based search but does not hide you from match feeds where preferences match.
  • Direct links to your profile (e.g. shared by a friend) and existing match relationships continue to work regardless of these toggles.
  • None of these toggles are required to use the Service. They are independent of the discovery feed and do not affect match scoring.

1f. Daily Prompts and Public Responses

ZMetcha may publish a Prompt of the Day, an open-ended question every user can answer. If you choose to respond, your response and your public profile card (name, age, photo) are visible to all users on the Service - not only to your matches.

  • Posting a response is voluntary. There is no penalty for skipping prompts.
  • Other users may react to your response with emoji. Reactions display only the aggregate count - the identities of reactors are not exposed to the response author or to other viewers.
  • You may delete your own response at any time by editing it to an empty value. Deletion removes the response from the public feed; the underlying record is purged within 30 days.
  • Responses are retained while the account is active. Account deletion removes all of your responses and reactions.
  • Responses are subject to the same moderation, automated-scanning, and abuse-handling rules as profile bios under the Terms of Service.

1i. Background Check

If you request the optional Background Check feature, ZMetcha stores a record of your request and its outcome. The underlying FCRA-protected report content lives only at the third-party provider; ZMetcha does not retain detailed criminal history.

  • What we collect from you. Your name, address, and date of birth (already on your account) are passed to the provider at request time. We do not collect or store fingerprints, government photo IDs beyond what is already collected for identity verification (§1d), or any additional personal data specifically for the background check.
  • What we receive back from the provider. A pass/fail result and a high-level summary the provider chooses to share. We DO NOT receive (and therefore do not store) detailed criminal records, exact charges, sentencing history, or rap sheets.
  • What we store. The status (pending / passed / failed / expired / cancelled), the decision date, an expiry date (12 months from a pass decision), an optional admin-supplied result note (brief), an optional rejection reason if applicable, and the provider's external reference ID so re-inquiry / dispute resolution can be routed back to the provider.
  • What we share with other users. Only the binary "Verified Background" badge. Other users see whether you currently have a passing badge, never any details, never the result note, never the date of decision (we may show only the "Verified" badge style without an exact date).
  • Retention. Active passing requests are retained for the 12-month badge lifetime; the record is retained beyond expiry as part of your audit history until account deletion. Failed and cancelled requests are retained as part of audit history. On account deletion, all background-check records are removed under §5.
  • Your FCRA rights. You may dispute the result of a background check at any time. The dispute process is governed by the third-party provider under the Fair Credit Reporting Act. Contact [email protected] and we will route you to the correct dispute channel.

1g. Relationship Tracker

The optional Relationship Tracker feature lets you privately log milestones and entries about your relationships with one or more partners. The Service stores your tracker data on a strictly user-side basis: each user's tracker is independent, and there is no shared, two-sided record of a relationship.

  • What we store. The partners you have added (by ZMetcha username or as a free-form name), milestone events (with type, timestamp, and any optional note you supplied), and your per-relationship preferences (such as which auto-emit milestones you have enabled).
  • Auto-emitted milestones. If you opt in, the Service may automatically log certain milestones triggered by your activity with a tracked partner -- for example, the first message exchanged or the first video call placed. These auto-emits are written only to your tracker. The partner is not notified of, and does not gain visibility into, your tracker because of an auto-emit. If your partner has independently opted into the same feature on their account, their tracker auto-emits its own copy.
  • Visibility. Tracker data is visible only to you. It is never shown on your public profile, used in matching or scoring, or shared with the partner or any other user. Operators may access tracker entries only for the limited purposes described in §2a (Operator and Administrator Data Access).
  • Deletion is one-sided. Deleting an entry, a partner, or your entire tracker only removes your copy. Any independent tracker your partner maintains is unaffected. Likewise, if a partner deletes their account or removes you from their tracker, your tracker is unaffected.
  • Retention. Tracker entries are retained for the lifetime of your account and removed in accordance with §5 (Data Retention) on account deletion.

1h. Safe Meetup

Safe Meetup is an optional safety tool for in-person meetings. The data the Service stores for this feature is described below. Use of Safe Meetup is voluntary; you may schedule meetups without ever adding an emergency contact, in which case no escalation alerts can be sent.

  • Scheduled meetup record. When you schedule a meetup we store the venue name, address, latitude, longitude, scheduled time, duration, geofence radius, the escalation thresholds you choose, and any free-form notes. Venue lat/lng comes from your selection in Google Places -- the venue is what we record, not your home or current location. For shared meetups, we also store the matched user's ZMetcha ID; for solo meetups, only the free-form partner name you typed.
  • Check-in events. Each time you check in (arrived, safe, panic, extended, or cancel), we record the type of check-in, the timestamp, and -- only if you grant browser geolocation permission at the moment of check-in -- your captured coordinates. ZMetcha does not continuously track your location and does not record your location outside of an explicit check-in moment.
  • Emergency contacts. We store the name, phone number, optional relationship label, and consent status of each contact you add. A contact's `smsConsent` is false until they reply YES to a double-opt-in SMS we send on your request. Until smsConsent is true, no SMS is ever sent to that contact. Emergency contacts may opt out by replying STOP at any time, which immediately suppresses further messages.
  • Alert delivery records. When ZMetcha sends a reminder or escalation SMS, we record the timestamp, recipient phone (your number or your emergency contact's), the alert kind (pre-reminder, no-check-in nudge, emergency-contact alert, got-home check, panic), and whether delivery succeeded or failed. This audit trail is retained for safety, fraud prevention, and to prove regulatory compliance.
  • Visibility. Your emergency contacts are visible only to you. They are never visible to a matched partner, even masked, even after escalation has fired. A matched partner in a shared meetup sees only that escalation status (e.g. "your partner missed their check-in"), never who your emergency contact is or how. Operator access to meetup data is governed by §2a.
  • Third-party services. Venue selection uses Google Places (your search query and the selected place ID are sent to Google to render results); we store only the snapshot data (name, address, lat/lng, place ID). Calendar export deep links open in your chosen calendar service -- ZMetcha does not access your calendar account. Escalation SMS is sent through Telnyx as described in §3b.
  • Retention. Meetup records, check-ins, and alert logs are retained for the lifetime of your account and removed in accordance with §5 (Data Retention) on account deletion. You may cancel and effectively forget a future meetup at any time; cancelled meetups remain in your history for personal reference until account deletion.
  • Auto-emit to Relationship Tracker. A "safe" check-in on a shared meetup writes a RelationshipEvent to your Relationship Tracker so the date appears on your timeline automatically. That tracker entry follows the privacy rules of §1g (user-side, one-sided deletion, partner not notified).

2. How We Use Your Data

  • Service operation: matching, messaging, profile display, compatibility scoring.
  • Verification: confirming your identity, age, and photos are genuine.
  • Safety & moderation: detecting fraud, harassment, prohibited content, and policy violations. This includes both automated scanning (e.g., message content analysis for safety keywords, photo verification algorithms) and human review by our moderation team when automated systems flag potential issues. We may use automated systems, including internal risk scoring and behavioral analysis, to evaluate user activity and enforce our policies. These systems may consider factors such as user reports, account history, verification status, and platform behavior. We do not disclose internal safety assessments or risk scores to users.
  • Payment processing: processing subscriptions through our payment processor. We do not store your full card number; the processor handles tokenization and PCI scope.
  • Communications: service notifications (matches, messages), security alerts, and account updates.
  • Personalization & profiling: we may analyze user behavior, interactions, and questionnaire responses to personalize experiences, improve matching quality, and improve safety. This may include generating derived compatibility scores, personality trait estimates, and behavioral risk assessments.
  • Improvement: analyzing usage patterns to improve features and user experience.
  • Legal compliance: responding to legal obligations, law enforcement requests, and protecting our rights.

We process your data based on: (a) your consent, (b) performance of our contract with you (these Terms), (c) our legitimate interests in operating a safe platform, and (d) compliance with legal obligations.

2b. Behavioral Interaction Data

We analyze user interactions - such as swipes, matches, and message activity - to improve matching quality and safety systems. This is a distinct category from the identity and profile data in Section 1: it is behavioral data about how you use the Service.

  • Like, pass, and match outcomes. We record whether users liked, passed, or matched with candidates shown to them, and whether conversations resulted from those matches. This lets us evaluate and improve compatibility scoring.
  • Message activity metadata. For each matched pair we retain send and receive timestamps, reply latency, message length, and flags indicating whether a conversation ended or went silent. Message text content is covered separately under Section 1a. Metadata is retained for up to 30 days per match pair for matching, safety, and quality-of-conversation features.
  • Aggregated matching-system evaluation. We may use aggregated interaction data (combined across many users in a way that does not single out individuals) to evaluate and improve the effectiveness of our matching systems.
  • Retention-linked signals. We may pair a match score with its eventual outcome (did the pair message, did the conversation continue, etc.) so we can retrain and improve our matching models. These outcome signals are tied to individual user pairs while the pairing is active and are retained for service improvement and safety purposes.
  • Subscription and allowance activity. We record subscription purchases, subscription state changes, and consumption of bundled in-app allowance units (Supercharge boosts, Super Sparks, message highlights, profile pins, priority messages, and photo reveals). This is used for billing, fraud prevention, and to improve feature pricing. We do not sell standalone credits or one-time consumable packs.
  • Photo reveal interactions. We track which private/subscriber-only photos a user has revealed and how many free reveals remain per match. This is used to enforce the per-match allowance.
  • Priority message outcomes. We record whether priority messages were accepted or declined. Declined pairs are permanently flagged to prevent repeated unwanted contact.

Transaction and usage data may be retained for accounting, fraud prevention, and legal compliance purposes. Behavioral interaction data is used internally to improve the Service and is never sold or shared for advertising. You may request access, correction, or deletion under Section 6.

2a1. Match Scoring, Propagation, and Anti-Probing Safeguards

We compute compatibility scores between users based on profile fields, quiz answers, and partner preferences. The displayed match percentage and its accompanying confidence indicator (Low, Medium, or High) are intentionally approximate. We apply rounding and small, consistent variation per user or match pair so that individual quiz or preference edits cannot be used to reverse-engineer the answers another user has chosen.

To further protect users from probing attacks, changes a user makes to quiz answers or partner preferences take time to propagate: updates generally reach match calculations for new (unmatched) candidates within several hours, and reach the scores shown to users with whom the editor has already matched within several days. We also limit the number of quiz and preference edits a user may submit in a rolling 24-hour window. These measures are privacy and safety features and do not affect the accuracy of the underlying compatibility calculation.

A per-user edit audit log is retained so that Operators can investigate reports of preference manipulation or abuse. Administrators can, on request and for support purposes, temporarily waive these rate limits for an individual user; such waivers are recorded in the administrative audit log.

2a. Operator and Administrator Data Access

ZMetcha is operated by ZMETCHA LLC. Platform owners, operators, administrators, and staff ("Operators") may, for purposes of moderation, safety review, fraud investigation, technical support, and compliance with legal process, access user profile data, photos, messages, and verification materials. Operator access is logged in an immutable audit trail. Operators who also maintain a personal dating profile on the Service are technically blocked from taking administrative actions on any user they have interacted with on their personal profile(matched, messaged, or swiped).

Limited Administrative Access. Administrative access to user data is limited to what is necessary for safety, moderation, and operational purposes and is subject to internal controls and restrictions. Operators do not have ambient access to user messages, photos, or profile data; access is scoped to specific operational tasks (such as reviewing a reported account or verifying a submitted ID) and is recorded in the audit log.

No Use for Personal Advantage. Administrative access is not used for personal, dating, romantic, sexual, social, or any other non-operational purpose. Operators are prohibited from using administrative tools to view, search, or act on users for personal interest or advantage on the dating side of the Service.

3. How We Share Your Data

3a. With Other Users

Your profile information, photos, and selected preferences are visible to other users according to your privacy settings. Photos support four visibility tiers: public (all users), matches-only (mutual matches),subscribers-only (paid subscribers who have matched with you), and private (only you, unless a matched user spends credits to reveal). NSFW-tagged photos are always blurred until the viewer actively taps to reveal. We track when content is revealed or accessed for safety, abuse prevention, and service functionality. Health data (STD status, food allergies) is shared only with matched users if you set the visibility to "matches" or "public." We never share your data with unmatched users beyond what your profile displays.

3b. Service Providers

We share data with the following service providers, solely for operating the Service:

  • Telnyx - phone number verification via SMS.
  • Our payment processor - subscription billing, recurring payments, and refund handling. The processor receives the data necessary to charge your card (cardholder name, billing address, card number, expiration, and CVV) directly through their hosted form; ZMetcha never stores your full card number.
  • Resend - transactional email delivery (verification codes, password resets, match notifications).
  • ipinfo.io - IP geolocation and abuse-risk lookup at sign-in. Only the IP address is shared, never user identity.

3c. Legal Requirements

We may disclose your data to law enforcement, government authorities, or other third parties when required by law, court order, or when we believe disclosure is necessary to protect the safety of our users or the public.

3d. What We Do NOT Do

  • We do not sell your personal data.
  • We do not share biometric data with any third party.
  • We do not share health data with advertisers or data brokers.
  • We do not use your data for targeted advertising from third parties.

4. Data Storage and Security

Your data is stored on servers located in the United States. Photos are stored locally on our own infrastructure - not on third-party cloud storage services like AWS S3 or Google Cloud. This gives us direct control over your data.

  • Data is encrypted in transit (HTTPS/TLS) and access-controlled at rest.
  • Database access is restricted to authorized systems only.
  • ID document images are encrypted and access-restricted to the verification process.
  • We conduct regular security reviews of our infrastructure.

No system is perfectly secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.

5. Data Retention

  • Profile data: retained for the duration of your account plus 6 months after deletion (for safety and dispute resolution).
  • Face verification data: deleted within 30 days of successful verification.
  • ID document images: deleted immediately after OCR processing and age/identity confirmation. We retain only the verified/not-verified result, not the document image.
  • Messages: retained for the duration of your account plus 90 days after deletion.
  • Payment and tax records: retained for 7 years as required by IRS regulations.
  • Safety and ban records: retained for as long as necessary for safety, fraud prevention, and legal compliance purposes, typically up to 7 years.
  • Health data (STD, allergies): deleted immediately upon account deletion.
  • Quiz responses and derived insights: retained only as long as necessary to provide the service or improve matching and safety features. Deleted upon account deletion.
  • Pseudonymized identifiers: certain information, including pseudonymized or hashed identifiers (such as hashed phone numbers or email addresses), may be retained after account deletion for fraud prevention, safety enforcement, and to prevent re-registration of banned users, as permitted by applicable law. These identifiers cannot be used to reconstruct your personal data without access to the original input.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: request a copy of all personal data we hold about you.
  • Correction: update or correct inaccurate profile information.
  • Deletion: delete your account and request removal of your personal data (subject to legal retention requirements).
  • Portability: receive your data in a machine-readable format.
  • Opt-out: unsubscribe from marketing communications at any time.
  • Withdraw consent: revoke consent for biometric or health data processing at any time.

To exercise your rights, contact us at [email protected]. We will respond within 30 days (45 days with extension if necessary under applicable law).

7. State-Specific Privacy Rights

7a. California (CCPA / CPRA)

California residents have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to Know: request the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
  • Right to Delete: request deletion of your personal information, subject to legal exceptions.
  • Right to Correct: request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: we do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
  • Right to Limit Use of Sensitive Personal Information: ZMetcha collects sensitive PI (sexual orientation, health data, biometric data, racial/ethnic origin). You may request that we limit the use of your sensitive PI to what is necessary for providing the Service. Contact [email protected].
  • Right to Non-Discrimination: we will not discriminate against you for exercising your rights.
  • Authorized Agents: you may designate an authorized agent to submit requests on your behalf with a signed authorization letter.
  • Financial Incentives: our premium subscription tiers offer additional features in exchange for payment, not in exchange for personal data. We do not offer data-for-service financial incentive programs.

Categories of PI collected in the preceding 12 months: identifiers (name, email, phone); protected classification characteristics (age, gender, sexual orientation, race, religion); biometric information (facial geometry); health information (voluntary STD disclosure, allergies); internet/electronic activity (usage data, interactions); geolocation (city/state level); professional information (none); education information (self-reported level); sensory data (photos, selfies); inferences drawn (compatibility scores, match percentages).

Sold in the preceding 12 months: none. Disclosed for a business purpose: identifiers and device data to Telnyx (SMS), our payment processor (subscription billing), Resend (email), and ipinfo.io (IP risk lookup). We conduct data protection impact assessments for high-risk processing activities.

7b. Illinois (BIPA)

Before collecting biometric data (facial geometry from selfie verification), we present a separate, standalone biometric consent form that discloses:

  • The specific purpose of collection: identity verification to prevent fraud and catfishing.
  • The length of time biometric data will be stored: a maximum of 30 days after successful verification.
  • Retention and destruction policy: biometric identifiers and biometric information are permanently destroyed when the initial purpose for collection has been satisfied or within 3 years of your last interaction with ZMetcha, whichever occurs first.
  • We do not sell, lease, trade, or otherwise profit from your biometric data.
  • Biometric data is never disclosed to third parties without your consent, except as required by law.
  • Your consent is revocable at any time by contacting [email protected].

7c. Texas (TDPSA & CUBI)

Texas residents have the following rights under the Texas Data Privacy and Security Act (effective July 2024) and the Capture or Use of Biometric Identifier Act:

  • Right to access, correct, delete, and receive a portable copy of your personal data.
  • Right to opt out of the sale of personal data, targeted advertising, and profiling. We do not engage in these activities.
  • Sensitive data consent: we obtain your consent before processing sensitive data (biometric, health, sexual orientation, racial origin).
  • Biometric: we obtain informed consent before capturing biometric identifiers and do not sell, lease, or disclose them without consent.

7d. Virginia (VCDPA)

Virginia residents have the right to:

  • Access, correct, and delete personal data.
  • Obtain a copy of your data in a portable format.
  • Opt out of targeted advertising, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects.
  • Right to appeal: if we deny a data rights request, you may appeal by emailing [email protected] with the subject line "VCDPA Appeal." We will respond within 60 days.

7e. Colorado (CPA)

Colorado residents have all rights listed under Virginia (Section 7d) above, plus:

  • Universal opt-out mechanism: we honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we treat it as a valid opt-out request for sale and targeted advertising.
  • Right to appeal within 45 days of denial. Email [email protected] with subject "CPA Appeal."

7f. Connecticut (CTDPA)

Connecticut residents have all rights listed under Virginia (Section 7d), plus:

  • Right to obtain a copy of personal data in a portable, readily usable format.
  • Sensitive data: we obtain your consent before processing sensitive data (sexual orientation, health, biometric, racial/ethnic origin, precise geolocation). This consent is obtained during signup via separate disclosure screens.
  • We honor Global Privacy Control (GPC) signals.

7g. Oregon (OCPA)

Oregon residents (effective July 2024) have the right to:

  • Access, correct, delete personal data, and obtain a portable copy.
  • Opt out of sale, targeted advertising, and profiling.
  • Right to a list of specific third parties: Telnyx (SMS provider), our payment processor (subscription billing), Resend (email provider), ipinfo.io (IP risk lookup). These are the only third parties to whom we disclose personal data.

7h. Washington (My Health My Data Act)

Washington residents have specific rights regarding consumer health data under the My Health My Data Act:

  • We obtain separate, express consent before collecting consumer health data (STD/STI status, food allergies, intimate questionnaire responses).
  • You have the right to delete your health data at any time.
  • We do not sell consumer health data.
  • We do not geofence around healthcare facilities.

Consumer Health Data Privacy Disclosure: the types of health data we collect include voluntary STD/STI status disclosures and food allergy/dietary restriction data. This data is collected solely to facilitate informed matching between consenting adults. Health data is deleted immediately upon account deletion. We share health data only with your matched users according to your privacy settings.

7i. Nevada

Nevada residents may opt out of the sale of covered personal information. We do not currently sell personal information. If you have questions, email [email protected].

7j. New York City (Biometric Identifier Information Law)

ZMetcha collects biometric identifier information (facial geometry) during the selfie verification process. We do not sell, lease, trade, or otherwise profit from biometric data. Collection occurs only with your informed consent.

7k. Additional States

Residents of Montana, Iowa, Delaware, New Hampshire, New Jersey, Tennessee, Indiana, Nebraska, Maryland, Minnesota, Rhode Island, and Kentucky may have consumer privacy rights under recently enacted state privacy laws. These laws generally provide rights to:

  • Access, correct, and delete your personal data.
  • Obtain a portable copy of your data.
  • Opt out of the sale of personal data, targeted advertising, and profiling.

To exercise any of these rights, contact [email protected]. We will respond within the timeframe required by your state's law (generally 30-45 days). If we deny your request, you have the right to appeal by emailing [email protected] with the subject line "Privacy Rights Appeal - [Your State]."

7l. Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) browser signals as valid opt-out requests for the sale and sharing of personal information, as required by applicable state laws including California, Colorado, and Connecticut.

7m. Data Protection Assessments

We conduct data protection impact assessments for processing activities that present a heightened risk to consumers, including the processing of biometric data, health data, sexual orientation data, and government identification documents, as required by California, Virginia, Colorado, Connecticut, Texas, and other applicable state laws.

8. Health Data Disclosure Warning

ZMetcha allows users to voluntarily disclose health information (such as STD/STI status) to facilitate transparent connections. You should be aware of the following:

  • Health data you share with matched users is shared at your own risk and discretion.
  • We are not a healthcare provider and do not verify the accuracy of health disclosures.
  • Health disclosures made on the platform may be discoverable in legal proceedings if compelled by court order or subpoena.
  • In some jurisdictions, certain health-related disclosures may carry legal implications. Users are responsible for understanding applicable laws and exercising discretion when sharing sensitive information.
  • We cannot guarantee the confidentiality of health data if required to disclose it under legal process.

We strongly encourage users to consult with a healthcare professional and, if necessary, legal counsel regarding their disclosure obligations in their jurisdiction.

9. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users and applicable state authorities in accordance with the breach notification laws of all 50 states. Notification will be provided in the most expedient time possible, and no later than the timeframe required by your state's law (typically 30-60 days after discovery). Notification will include the nature of the breach, the categories of data affected, and steps you can take to protect yourself.

10. Geographic Scope

ZMetcha is intended for use by residents of the United States who are 18 years of age or older. We do not knowingly offer the Service to individuals outside the United States. If you access the Service from outside the United States, you do so at your own risk and are responsible for compliance with your local laws.

11. Children's Privacy

ZMetcha is restricted to users 18 years of age and older. We do not knowingly collect data from minors. If we discover that a user is under 18, we will immediately terminate their account and delete their data. If you believe a minor is using the Service, please report it to [email protected].

12. Cookies and Tracking

  • Session cookies: required for authentication and maintaining your login session.
  • Functional cookies: remember your preferences (e.g., privacy settings, theme).
  • We do not use third-party advertising or tracking cookies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and in-app notification at least 30 days before the changes take effect. The effective date at the top of this page indicates when the policy was last updated.

14. Recent Feature Additions (Audit Log)

This audit log lists data-handling features added recently so reviewers and users can see at a glance what is new. Each entry points at the Privacy Policy section that contains the binding language. New features appear here within 30 days of release.

  • 2026-04-27. §1g Relationship Tracker -- user-side milestone log. Tracker entries are visible only to the owner; deletion is one-sided; auto-emitted milestones do not notify the partner; data is removed on account deletion under §5 retention rules.
  • 2026-04-26. §1f Daily Prompts and Public Responses -- responses are public to all users (not only matches), reactions display only aggregate counts, deletion removes the public response within 30 days. §1e Search Findability -- per-channel opt-out toggles for phone/email/name search; defaults are explicit opt-out at signup. §2a1 Match Scoring, Propagation, and Anti-Probing Safeguards -- 24h propagation floor, jittered display values, edit rate limits documented as privacy/safety features.
  • 2026-04-16. §1d Biometric Data updated to disclose facial-geometry vector storage for sybil-detection (separate from short-term verification artifacts), with explicit destruction-on-deletion guarantee. State-specific BIPA / TDPSA / CUBI sections refreshed.
  • 2026-04-27. §1h Safe Meetup -- scheduled meetup records (venue name / address / lat-lng / time / geofence), check-in events (with optional captured coordinates only at check-in moment), emergency-contact storage with double-opt-in consent gate, alert delivery audit trail (SMS recipient + kind + delivery status), and a third-party-service line item for Google Places and Telnyx. Auto-emit into Relationship Tracker on safe check-in.
  • 2026-04-27. §1i Background Check -- voluntary FCRA-compliant third-party check. ZMetcha stores status, decision date, 12-month expiry, optional admin summary note, and the provider's external reference ID. Detailed criminal history stays at provider. User-facing badge shows pass/fail only. Adds User.backgroundCheckPassed / At denormalized cache for fast badge reads.

This audit log is informational and does not change the rights or obligations described in the sections above. Material changes follow §13 (Changes to This Policy).

15. Contact Us

ZMETCHA LLC
Scottsdale, Arizona, USA
Phone: (480) 463-8997
Privacy inquiries: [email protected]
General inquiries: [email protected]

DRAFT - This document is a working draft prepared for attorney review and does not constitute final legal advice.