Privacy Policy

What we collect, what we do with it, who else touches it, and how to make us delete it.

Last updated: 28 April 2026

Short version. You upload a Tinder data export. We compute analytics on it. We never sell your data. We never share it with advertisers, brokers, or any third party except the specific service providers listed below — and even those only see what's necessary to run the app.

1. Who we are

Postmatch is operated by Tilen Mlakar, a sole proprietor based in Slovenia (EU). For the purposes of the EU General Data Protection Regulation (GDPR), Tilen Mlakar is the data controller. You can reach us at support@postmatch.dev.

2. What we collect

Three categories. Nothing outside them.

2.1 Account information

Your email address (either your real one, or the relay address Apple gives us when you choose "Hide my email" in Sign in with Apple).
The display name we derive from that email.
An Apple-issued identifier (the SIWA sub claim) so we can look you up when you sign in again. We don't see your Apple password.

2.2 Your Tinder data export

When you upload a Tinder export, we read and store:

Profile data — bio text, prompts, descriptors, photo count, verification status, age/distance filters as they appeared on your profile.
Photos — the image files inside the your_photos/ folder of your export. Stored on our database server while the analysis exists; deleted when you clear history or delete your account.
Messages you sent — Tinder's export only includes outbound messages (messages you sent), not inbound replies.
Usage counts — daily totals of swipes, likes, matches, and messages. We don't see who you matched with.
Purchase history — Tinder Gold / Platinum / Plus subscription periods and Boost purchase timestamps.

2.3 App usage events

Timestamps of your uploads, AI runs, and account actions, kept in an audit log so we can investigate abuse and respond to GDPR requests.
The session cookie (pulse_session) that keeps you signed in — HttpOnly, Secure, scoped to postmatch.dev.

3. What we use it for

Six things, in order of how often they happen:

Analytics on your own data — match rate, reply momentum, profile score, timing heatmaps, comparison vs your previous snapshot. Computed deterministically (it's just math), no AI involved.
Anonymized peer comparison — your numbers are compared to a cohort of users in roughly your age band and country. We never expose another user's individual data to you, and yours never reaches another user.
AI rewrites of insight summaries (optional, opt-in per feature) — if you tap "Run AI insights" we send a short text summary of your numbers to OpenAI, which rewrites the deterministic insight cards into more readable prose. We do not send your raw messages or personal identifiers in this path.
AI photo critique (optional, opt-in) — if you tap "Run AI insights" on the Photos tab, we resize each photo to 768px on the long edge and send it to OpenAI's vision model for critique.
AI chat critique (optional, opt-in) — if you tap "Run AI insights" on the Chat tab, we send a sample of your opener messages to OpenAI for critique.
Authentication and security — to keep you signed in, rate-limit abuse, and respond to incidents.

4. Who else processes your data (sub-processors)

We use a small set of service providers. Each one only receives the minimum data needed for its specific role.

Provider	What it does	What it sees
OpenAI, L.L.C.	AI insight rewrites, photo critique, chat critique	Only when you opt into AI features. OpenAI's API tier excludes this data from training (per our signed Data Processing Addendum).
Apple Inc.	Sign in with Apple; App Store distribution	Your Apple ID identifier (the `sub` claim) and, if you didn't choose "Hide my email", your email address.
Fly.io, Inc.	Server hosting and PostgreSQL database	Stores everything in §2 above on encrypted volumes in Ashburn, US East. The database connection itself is encrypted.
Cloudflare, Inc.	DNS resolution and this static website	Standard DNS query logs and access logs for this static page. The API itself doesn't proxy through Cloudflare.

We do not use any analytics, advertising, or tracking SDKs. No Google Analytics, no Meta Pixel, no Mixpanel, no Firebase, nothing. We don't have a Facebook page that we cross-reference, and we don't sell anyone's data to anyone, ever.

5. International data transfers

Our database is hosted on Fly.io in Ashburn, Virginia (US). When you use the AI features, data is also processed by OpenAI in the US. These transfers are covered by the EU-U.S. Data Privacy Framework and Standard Contractual Clauses included in our agreements with both providers.

6. How long we keep your data

Account info — until you delete your account.
Tinder export and derived analytics — until you tap "Clear history" or delete your account. Each tap deletes that snapshot's report, photos, and any AI summaries permanently.
Photos — same retention as the export they came from. Note: we plan to move photos off long-term storage in a future release; until then they live in our database until you clear them.
Audit log entries — kept for 12 months for security and abuse investigation, then deleted.
Session cookies — 7 days from last sign-in, then expired automatically.

7. Your rights under GDPR

If you're in the EU/EEA (and even if you're not, we'll honor these for everyone), you have the right to:

Access what we hold about you. The "Export my data" button in the app gives you a JSON file with everything.
Correct anything inaccurate. Email us — most fields are derived from your Tinder export, so usually the fix is a re-upload.
Delete your account and everything associated with it. The "Delete account" button in Settings does this immediately and irrevocably; it's also enforced server-side via cascade on every table that references you.
Restrict or object to processing in specific cases.
Withdraw consent for AI features at any time by simply not running them again. Past AI summaries can be cleared via "Clear history".
Lodge a complaint with your local supervisory authority. In Slovenia that's the Information Commissioner.

8. Children

Postmatch is not intended for anyone under 18 and we don't knowingly collect data from minors. Tinder itself requires users to be 18+, so a Tinder export by definition belongs to an adult.

9. Changes to this policy

If we make a material change — a new sub-processor, a new data category, or anything affecting what we share — we'll update this page and email everyone at the address on file. The "Last updated" date at the top always reflects the current version.

10. Contact

Questions, GDPR requests, or anything else: support@postmatch.dev. We reply to GDPR requests within 30 days; usually within a week.