Loyal Hearts Club — Privacy Policy

Last Updated: March 6, 2026 Version: 1.0 Copyright © 2026 Loyal Hearts Club, LLC. All rights reserved.

Loyal Hearts Club, LLC ("we," "us," "our," or the "Company") operates the Loyal Hearts Club platform (the "Platform," "App," or "Service"), a relationship platform built on the principle that relationships should be built on honesty. This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information when you use our Service.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the practices described herein. This Privacy Policy is incorporated into and subject to our Terms of Service.

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Information Sharing with Third Parties
  4. Cookies and Tracking Technologies
  5. Data Security
  6. Data Retention
  7. Your Rights
  8. Children's Privacy
  9. California Privacy Rights (CCPA)
  10. Texas Privacy Rights (TDPSA)
  11. Biometric Data
  12. Safety Ledger
  13. Consent Management
  14. International Users
  15. Changes to This Privacy Policy
  16. Contact Information

1. Information We Collect

We collect information in three categories: (a) information you provide at registration; (b) information you provide during use; and (c) information collected automatically.

1.1. Information You Provide at Registration (Required)

When you create an account, you must provide the following:

| Data | Purpose | |---|---| | Email address | Login, identity verification, communication | | Phone number | Anti-duplicate enforcement (one phone = one account), SMS verification via Firebase Identity Toolkit | | Password | Account authentication (stored using bcrypt hashing — your plaintext password is never stored, accessed, or transmitted after initial processing) | | First name and last name | Profile display | | Date of birth | Age verification (must be 18+), age display, discovery group assignment | | Gender (male, female, non-binary) | Profile display, discovery matching | | Sexual orientation (men, women, both) | Determines which gender pool you browse | | Discovery pool (men, women, both) | Determines which search pools your profile appears in | | City and state | Metro-area matching, discovery grouping |

Important: We do not collect GPS coordinates or precise geolocation data. Location is based solely on the city and state you provide.

1.2. Information You Provide During Use (Optional)

You may choose to provide additional information to enhance your profile and experience:

| Data | Purpose | |---|---| | Bio | Free-text self-description displayed on your profile | | Faith preference | 12 options plus "prefer not to say" — used for discovery sub-groups | | Children status | Has children, no children, or prefer not to say — used for discovery sub-groups | | Profile photos | Displayed on your profile; stored in 3 size variants (thumbnail, medium, full resolution) | | Photo verification selfie | Random pose challenge liveness photo used for identity verification | | Messages | Text, image, and system messages sent through the Platform | | Topic posts and replies | Community discussion content | | Support tickets | Account issues, verification disputes, billing, bug reports, and feedback | | Couple profile information | Display name, bio, "how we met," anniversary, interests, city, and photo (for Paired users) | | Monogamy Weekly RSVPs and questions | Session participation data |

1.3. Information Collected Automatically

When you access or use the Service, we automatically collect:

| Data | Purpose | |---|---| | IP address | Recorded at time of consent, in audit logs, and for rate limiting; used for security and fraud prevention | | User-Agent string | Recorded alongside consent records and for debugging | | Device fingerprints (hashed) | Fraud prevention, Safety Ledger | | Authentication tokens | JWT access tokens (15-minute expiry) in HTTP-only cookies; refresh tokens (7-day, Redis-backed) | | WebSocket authentication tickets | Single-use, 30-second lifetime, Redis-backed tokens for real-time messaging | | Request metadata | Correlation IDs, timestamps, and request data used for error tracking, debugging, and security monitoring |

1.4. Information We Do NOT Collect

We want to be transparent about data we explicitly do not collect:

  • GPS coordinates or precise geolocation — We use only the city and state you provide
  • Credit card numbers or full payment card details — Payment data is handled entirely by PayPal
  • Browsing history outside the Platform
  • Contacts or address book data
  • Data from other apps on your device

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1. Providing and Operating the Service

  • Creating and maintaining your account
  • Displaying your profile to other users within the discovery system
  • Facilitating connections, messaging, Dating Locks, and Pair Locks
  • Processing payments through PayPal
  • Operating Couples Corner, Topics, and Monogamy Weekly
  • Delivering notifications (in-app and future web push)

2.2. Identity Verification and Security

  • Verifying your email address via one-time passcode (OTP)
  • Verifying your phone number via SMS (Firebase Identity Toolkit)
  • Photo verification via liveness detection and face encoding comparison
  • Preventing duplicate accounts using phone number enforcement
  • Detecting and preventing fraud via the Safety Ledger
  • Enforcing rate limits on sensitive actions (registration, login, password reset, verification, payments, photo verification)

2.3. Content Moderation and User Safety

  • Scanning photos using Google Cloud Vision SafeSearch
  • Moderating bio text and messages
  • Managing the moderation queue (AI scan scores, severity, content snapshots)
  • Processing user reports and enforcing community standards
  • Maintaining a permanent audit trail for reports and moderation actions

2.4. Transparency Features ("The Open Book")

  • Displaying your active conversation count, Pair Lock history, member since date, photo verified status, admirer tier, validation count, and lock count to other users viewing your profile
  • This data usage is a core feature of the Platform and cannot be opted out of

2.5. Communication

  • Sending service-related emails (verification, password reset, account notifications)
  • Delivering in-app notifications (30+ notification types, with per-type user preference toggles)

2.6. Improving the Service

  • Error tracking and debugging via Sentry (with send_default_pii=False — no personally identifiable information is transmitted)
  • Monitoring system performance and security

2.7. Legal Compliance and Safety

  • Complying with applicable laws and regulations
  • Responding to legal process and government requests
  • Enforcing our Terms of Service
  • Protecting the rights, property, and safety of Loyal Hearts Club, our users, and the public

3. Information Sharing with Third Parties

We do not sell your personal information. We share information with third parties only as described below, and only to the extent necessary to provide and secure the Service:

3.1. Service Providers

| Service Provider | Purpose | Data Shared | |---|---|---| | PayPal | Payment processing for Connect Access ($10) and Pair Lock ($10 per person) fees | Payment amounts. We store only the PayPal payer ID, order ID, and capture ID. Your credit card or PayPal account details are handled entirely by PayPal and are never stored on our servers. | | Google Cloud Vision | Automated photo content moderation via SafeSearch | Uploaded photos are sent for safety analysis. No other personal data is transmitted. | | Firebase Identity Toolkit (Google) | SMS-based phone number verification | Phone numbers for sending verification SMS. | | Sentry | Application error tracking and monitoring | Error data and request metadata only. Configured with send_default_pii=False — no cookies, authentication tokens, or personal information are transmitted. | | Cloudflare R2 | Photo storage in production | User-uploaded photos stored securely. | | Open-Meteo | Weather data for metro area displays | City location data only. No personally identifiable information is transmitted. | | Google Meet | Hosting Monogamy Weekly community sessions | A Google Meet link is shared with users who RSVP. No personal data is transmitted to Google by us for this purpose. |

3.2. Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including:

  • Court orders, subpoenas, or other legal process;
  • Requests from law enforcement or government agencies;
  • As reasonably necessary to enforce our Terms of Service;
  • To protect the safety of any person or the public; or
  • To prevent or address fraud, security threats, or technical issues.

3.3. Business Transfers

In the event that Loyal Hearts Club, LLC undergoes a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Platform before your information becomes subject to a different privacy policy.

3.4. With Your Consent

We may share your information with other parties when you have explicitly consented to such sharing.

3.5. Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, or business purposes.

4. Cookies and Tracking Technologies

4.1. Cookies We Use

We use a single, essential cookie:

| Cookie Name | Type | Purpose | Duration | |---|---|---|---| | lhc_access | HTTP-only, essential | Contains your JWT access token for authentication | 15 minutes (token expiry) |

4.2. What We Do NOT Use

  • No advertising cookies. We do not use cookies for advertising or behavioral targeting.
  • No third-party tracking cookies. We do not allow third parties to place tracking cookies through our Service.
  • No analytics tracking cookies. We do not use Google Analytics, Facebook Pixel, or any similar tracking service.

4.3. Server-Side Sessions

Session management is handled server-side via Redis. Refresh tokens are stored in Redis with a seven (7) day expiry and are not placed in browser cookies.

4.4. WebSocket Authentication

Real-time messaging connections are authenticated via single-use tickets that expire after thirty (30) seconds. These tickets are stored in Redis and are consumed atomically upon use — they cannot be reused.

5. Data Security

We take the security of your personal information seriously and implement a comprehensive set of technical and organizational measures:

5.1. Authentication Security

  • Password hashing: All passwords are hashed using bcrypt before storage. Plaintext passwords are never stored, logged, or accessible to any person, including our staff.
  • JWT access tokens: Access tokens expire after 15 minutes and are delivered via HTTP-only cookies, preventing JavaScript access.
  • Refresh tokens: Stored server-side in Redis with 7-day expiry.
  • Two-factor authentication (2FA): Optional TOTP-based 2FA via authenticator apps, with encrypted secrets and backup codes.
  • WebSocket tickets: Single-use, 30-second lifetime, atomically consumed from Redis.

5.2. Rate Limiting

We enforce rate limits on security-sensitive endpoints, including:

  • Registration
  • Login
  • Password reset
  • Email and phone verification
  • Payment processing
  • Photo verification

5.3. Transport and Infrastructure Security

  • HTTPS enforcement with HTTP Strict Transport Security (HSTS)
  • Content Security Policy (CSP) headers
  • X-Content-Type-Options: nosniff
  • X-Frame-Options: protection against clickjacking
  • Referrer-Policy: strict referrer controls
  • Permissions-Policy: restricted browser feature access
  • CORS: strict cross-origin resource sharing configuration
  • Request body size limit: 1 MB maximum to prevent abuse
  • Correlation IDs: unique identifiers per request for security monitoring and debugging
  • Swagger UI disabled in production
  • Default secrets rejected in production

5.4. Data Protection

  • Face embeddings stored in PostgreSQL via pgvector extension, are non-reconstructive (a face cannot be reconstructed from the 128-float vector)
  • Safety Ledger hashes (phone, email, device fingerprint) use SHA-256 with an application-specific salt
  • 2FA secrets are encrypted at rest
  • Conversations are soft-deleted, never hard-deleted, to support safety investigations

5.5. Administrative Controls

  • Role-based access control (user, moderator, admin)
  • Immutable audit logs recording: who performed an action, what action was taken, whom it affected, detailed metadata (including before and after state), IP address, and timestamp
  • Logged administrative actions include: bans, deletions, role changes, verifications, admin searches, failed login spikes, and mass registration spikes

6. Data Retention

6.1. Active Accounts

While your account is active, we retain all information associated with your account as necessary to provide the Service.

6.2. Deactivated Accounts

If you deactivate your account, your data is preserved but your profile is hidden from other users. You may reactivate your account at any time by logging back in.

6.3. Deleted Accounts

Upon account deletion (admin-initiated):

  • Personally identifiable information is anonymized
  • A Safety Ledger entry is created containing only: hashed phone number, hashed email address, face embedding, ban record IDs, and hashed device fingerprints
  • The following data is NOT retained in the Safety Ledger: your name, photos, bio, preferences, messages, and conversations

6.4. Moderation and Safety Records

  • User reports are retained permanently as part of the audit trail
  • Moderation actions are retained permanently in the immutable audit log
  • Support tickets are retained permanently
  • Consent records are retained permanently (immutable audit trail)

6.5. Messaging Data

Conversations and messages are soft-deleted (never permanently erased) to support content moderation and safety investigations.

6.6. Safety Ledger Data

Safety Ledger entries are retained as described in our Safety Ledger Policy. See Section 12 of this Privacy Policy for an overview.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

7.1. Right of Access

You have the right to request a copy of the personal information we hold about you.

7.2. Right to Correction

You have the right to request that we correct any inaccurate or incomplete personal information. You may update most profile information directly through the Platform's settings.

7.3. Right to Deletion

You have the right to request deletion of your personal information, subject to certain exceptions. Upon deletion:

  • Your PII is anonymized;
  • A Safety Ledger entry may be created containing limited, non-reconstructive data as described in Section 12; and
  • Certain data may be retained as required by law or legitimate legal purposes (see Section 6).

Please note: The Safety Ledger retains limited non-reconstructive data after account deletion for fraud prevention purposes, as permitted under CCPA § 1798.105(d)(2) and TDPSA § 541.107. For full details, see our Safety Ledger Policy.

7.4. Right to Data Portability

You have the right to request your personal data in a structured, commonly used, machine-readable format.

7.5. Right to Withdraw Consent

You may withdraw consent to our legal documents at any time. However:

  • Withdrawing consent to the Terms of Service, Privacy Policy, or Biometric Data Policy will result in automatic account deactivation, as these are necessary for providing the Service.
  • Consent withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

7.6. Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights.

7.7. Exercising Your Rights

To exercise any of these rights, please contact us at:

  • Email: legal@loyalheartsclub.com
  • Support: support@loyalheartsclub.com

We will respond to your request within the timeframe required by applicable law (generally 45 days under CCPA and TDPSA, with extensions as permitted).

8. Children's Privacy

8.1. The Service is intended solely for users who are at least eighteen (18) years of age. We do not knowingly collect personal information from anyone under the age of 18.

8.2. Age verification is performed at registration based on the date of birth you provide. If we learn that we have collected personal information from a person under 18, we will promptly delete that information and terminate the associated account.

8.3. If you believe that a person under 18 has provided us with personal information, please contact us immediately at support@loyalheartsclub.com.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act and the California Privacy Rights Act (collectively, "CCPA"):

9.1. Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which your personal information was collected, the business or commercial purpose for collecting your personal information, and the categories of third parties with whom we share your personal information.

9.2. Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions. As disclosed in this Privacy Policy and our Safety Ledger Policy, we retain limited non-reconstructive data after account deletion under the CCPA exception at § 1798.105(d)(2) to detect security incidents and protect against fraudulent or illegal activity.

9.3. Right to Correct

You have the right to request correction of inaccurate personal information.

9.4. Right to Opt Out of Sale

We do not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.

9.5. Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

9.6. Categories of Information Collected

For the purposes of CCPA disclosure, we collect the following categories of personal information:

| CCPA Category | Examples | Collected? | |---|---|---| | Identifiers | Name, email, phone number | Yes | | Customer records | Name, phone, payment records | Yes | | Protected classifications | Age, gender, sexual orientation | Yes | | Commercial information | Payment history, product interactions | Yes | | Internet/electronic activity | IP address, device info, platform interactions | Yes | | Geolocation data | City and state (self-reported, not precise) | Yes | | Biometric information | Face encoding (128-dimensional vector) | Yes (with separate consent) | | Sensory data | Photos, images | Yes | | Professional/employment info | N/A | No | | Education information | N/A | No |

9.7. Submitting a Request

To submit a CCPA request, contact us at legal@loyalheartsclub.com. We will verify your identity before processing your request and respond within 45 days.

10. Texas Privacy Rights (TDPSA)

If you are a Texas resident, you have the following rights under the Texas Data Privacy and Security Act ("TDPSA"):

10.1. Right to Know

You have the right to confirm whether we are processing your personal data and to access that data.

10.2. Right to Correct

You have the right to correct inaccuracies in your personal data.

10.3. Right to Delete

You have the right to request deletion of your personal data, subject to certain exceptions. As disclosed in this Privacy Policy and our Safety Ledger Policy, we retain limited non-reconstructive data after account deletion under TDPSA § 541.107 to prevent or detect fraud, identity theft, and harassment.

10.4. Right to Data Portability

You have the right to obtain your personal data in a portable, readily usable format.

10.5. Right to Opt Out

You have the right to opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, and profiling. We do not engage in any of these activities.

10.6. Right to Non-Discrimination

We will not discriminate against you for exercising your TDPSA rights.

10.7. Sensitive Data

Under the TDPSA, certain data we process qualifies as sensitive data, including:

  • Biometric data (face encoding) — collected only with your separate, affirmative consent
  • Sexual orientation — provided by you at registration for matching purposes
  • Precise geolocation — we do NOT collect precise geolocation; we use only your self-reported city and state

We process sensitive data only with your consent and for the purposes described in this Privacy Policy.

10.8. Submitting a Request

To submit a TDPSA request, contact us at legal@loyalheartsclub.com. We will respond within 45 days, with extensions as permitted by law.

11. Biometric Data

11.1. Overview

Our Platform offers optional photo verification that involves the collection of biometric data in the form of a 128-dimensional face encoding. This encoding is:

  • Extracted from a liveness-detection selfie using a random pose challenge;
  • Compared against your primary profile photo for identity verification;
  • Non-reconstructive — a face cannot be rebuilt from the 128-float vector; and
  • Stored securely in PostgreSQL via the pgvector extension.

11.2. Purposes

Biometric data is used for:

  • Identity verification — confirming you are the person in your profile photos
  • Duplicate detection — detecting multiple accounts by the same person
  • Fraud prevention — maintaining safety through the Safety Ledger
  • Chain of trust — ensuring re-verification after photo changes matches your stored identity

11.3. Consent

Biometric data is collected only after you provide separate, affirmative consent to our Biometric Data Policy. This consent is distinct from the consents granted at registration. You may withdraw biometric consent at any time, which will revoke your verification badge and deactivate your account.

11.4. Retention

Your face embedding may be retained in the Safety Ledger after account deletion for fraud prevention purposes, as non-reconstructive data. See Section 12 and our Safety Ledger Policy for details.

11.5. Full Details

For comprehensive information about the collection, processing, storage, retention, and your rights regarding biometric data, please refer to our Biometric Data Policy.

12. Safety Ledger

12.1. Overview

The Safety Ledger is a post-deletion fraud prevention system designed to protect our user community from banned users attempting to re-register and from other safety threats.

12.2. Data Retained

The Safety Ledger retains only the following non-reconstructive data:

  • Hashed phone number (SHA-256 with application-specific salt)
  • Hashed email address (SHA-256 with application-specific salt)
  • Face embedding (128-dimensional float vector, non-reconstructive)
  • Ban record IDs
  • Hashed device fingerprints (SHA-256 with application-specific salt)

12.3. Data NOT Retained

The Safety Ledger does not retain:

  • Name
  • Photos
  • Bio or profile content
  • Preferences
  • Messages or conversations
  • Any other personally identifiable information in readable form

12.4. When Entries Are Created

Safety Ledger entries are created when:

  • An account is deleted (clean deletion);
  • An account is banned; or
  • An account is deleted after a ban.

12.5. Legal Basis

The Safety Ledger is maintained under:

  • CCPA § 1798.105(d)(2) — exception to deletion rights for detecting security incidents and protecting against fraudulent or illegal activity
  • TDPSA § 541.107 — exception permitting retention to prevent or detect fraud, identity theft, and harassment

12.6. Full Details

For comprehensive information about the Safety Ledger, including data security, your rights, and retention periods, please refer to our Safety Ledger Policy.

13. Consent Management

13.1. Consent Types

We manage the following consent types, each independently versioned and tracked:

| Consent Type | When Required | Withdrawable? | Effect of Withdrawal | |---|---|---|---| | Terms of Service | At registration | Yes | Account deactivation | | Privacy Policy | At registration | Yes | Account deactivation | | Safety Ledger Policy | At registration | Yes | Account deactivation | | Biometric Data | Before first photo verification | Yes | Verification badge revoked, account deactivation |

13.2. Record Keeping

Each consent record includes:

  • User ID
  • Consent type
  • Document version
  • Timestamp
  • IP address at time of consent

13.3. Immutable Audit Trail

Consent records are immutable — when you grant new consent, a new record is created. Prior consent records are never modified or deleted. This creates a complete audit trail of your consent history.

13.4. Re-Consent on Document Updates

When we update any legal document to a new version, you will be prompted with an interstitial requiring you to review and accept the updated document before continuing to use the Service.

14. International Users

14.1. The Service is currently operated from and intended for users in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

14.2. By using the Service, you consent to the transfer and processing of your information in the United States.

15. Changes to This Privacy Policy

15.1. We may update this Privacy Policy from time to time. When we make material changes, we will:

(a) Update the "Last Updated" date at the top of this document;

(b) Increment the version number;

(c) Notify you via email or in-app notification; and

(d) Present a re-consent interstitial requiring your acceptance of the updated Privacy Policy before you may continue using the Service.

15.2. We encourage you to review this Privacy Policy periodically.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Privacy and Legal Inquiries: legal@loyalheartsclub.com
  • User Support: support@loyalheartsclub.com
  • Mailing Address: Loyal Hearts Club, LLC, Austin, TX

Loyal Hearts Club — Relationships, built on honesty.