# MatchForge Privacy Policy

**Version:** 2026-06-08  
**Effective:** June 8, 2026

MatchForge helps you perform **personal safety and basic due diligence** on publicly visible dating profile information you choose to analyze. This policy explains what we collect, how we use it, and your rights — including under Canadian privacy law.

## 1. Our Privacy Principles

- **Your data stays yours** — we do not sell or rent personal information
- **Public-source framing** — we process screenshots and text **you** upload from publicly visible or user-shared sources; we do not access private databases
- **Minimal collection** — only what the safety toolbox needs
- **Explicit consent** — you agree to processing before analysis begins
- **Deletion by default mindset** — remove profiles when you are done reviewing them

## 2. What We Process and Store

| Data | Purpose |
|------|---------|
| Email address | Account sign-in and verification |
| Profile settings | Your goals, optional bio, handle, avatar/selfie |
| Preference vector | Personalized compatibility weighting |
| Screenshots you upload | AI extraction, authenticity/safety scoring, ranking |
| Analysis results | Trust badges, compatibility scores, explanations |
| Evidence & agent inputs | Optional notes and images you attach for vetting |
| Policy acceptance | Timestamp and version proving your consent |
| Referral codes | Token attribution only |

We do **not** intentionally collect government ID, credit information, or precise GPS location unless you voluntarily enter optional fields.

**We do not** buy, broker, or merge third-party private databases about the people in your screenshots.

## 3. Lawful Basis & Your Consent (PIPEDA)

MatchForge processes personal information under **PIPEDA** (Canada) based on:

1. **Your explicit consent** — accepting this Policy and Terms, then uploading content for analysis
2. **Reasonable expectations** — operating the account and safety tools you requested
3. **Legitimate purposes** — securing the service, preventing abuse, and maintaining audit logs minimally necessary for operations

You may **withdraw consent** by stopping use of the service and requesting deletion. Withdrawal does not affect processing that was lawful before withdrawal, but we will delete account data subject to legal retention limits.

**Canadian rights under PIPEDA** include access, correction, deletion, and challenging our compliance. Contact the operator listed on your deployment to exercise these rights.

## 4. Where Data Lives

### Self-hosted
Data resides in **your** PostgreSQL database and file storage. External AI calls occur only if you configure API keys.

### Hosted (match-forge.com)
Data resides in your account on our managed infrastructure. When AI is enabled, uploaded images and text may be transmitted to configured providers (currently **xAI Grok**) **solely to perform analysis you requested**. We do not use your uploads to train third-party models.

## 5. AI Processing — What You Consent To

When you upload screenshots, selfies, avatars, or examples, you **consent** to automated processing for:

- Text and image extraction from **your uploads only**
- Authenticity, catfish-risk, and safety signal estimation
- Compatibility ranking against **your** stated preferences

**Important:** AI outputs are probabilistic. They are **not** factual determinations about any person. You remain responsible for your own safety decisions.

## 6. Public Information Only

MatchForge analyzes:

- Dating profile screenshots showing **publicly visible** fields (photos, bios, prompts visible to ordinary platform users)
- Optional **public web enrichment** when enabled — never private DMs, locked profiles, or paid database lookups

If content is not public and not shared with you, **do not upload it**.

## 7. What We Do Not Do

- Sell or rent personal information
- Share your screenshots with other users (unless **you** use the share feature)
- Publish ranked lists of identifiable people
- Guarantee zero logging by cloud AI vendors — review their policies if using hosted AI

## 8. Data Retention & Immediate Deletion

**Default:** Data is kept while your account is active so you can review your shortlist.

**Your controls:**

- **Delete a profile workup anytime** — removes that person's screenshots, rankings, evidence, and analysis from your account promptly
- **Stop uploading** — no new data is processed without a new upload
- **Request account deletion** — removes your user profile, preference data, and associated uploads

We encourage deleting profiles **as soon as you no longer need them** for due diligence. Hosted operators aim to honor deletion requests without undue delay.

Backups, if any, are purged on a reasonable schedule after deletion — contact us for hosted deployments if you need confirmation.

## 9. Security

We use HTTPS, access controls, and hashed authentication tokens. Protect your credentials. No system is perfectly secure.

## 10. Children

MatchForge is for adults (**18+**). We do not knowingly collect data from minors.

## 11. International Users

Primary compliance framing is **Canadian (PIPEDA)**. If you access from other jurisdictions, you are responsible for ensuring your use complies with local law.

## 12. Changes

We may update this policy. A new version number may require re-acceptance.

## 13. Contact

Privacy requests: the operator listed on your deployment's domain or GitHub repository.

---

*By clicking "I Agree", you confirm you have read and accept this Privacy Policy and our Terms of Service.*