Privacy Policy
Learn how Aneutral collects, uses, and protects your personal information.
Effective Date: April 1, 2026 · Last Updated: April 4, 2026
Aneutral LLC ("we," "us," "our," or "Aneutral") operates the Aneutral mobile application and related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use Aneutral.
By creating an account or using Aneutral, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, do not use the Service.
1. Information We Collect
1.1 Information You Provide Directly
Account Information
When you create an Aneutral account, we collect:
- Phone number (required, used for authentication via one-time passcode)
- Email address (optional, used as authentication fallback)
- Account role, status, and onboarding progress
Profile Information
When you build your profile, we collect:
- Display name
- Age
- Bio (free-text description)
- Interests (selected from categories)
- Intent (what you are looking for on the platform)
- Photos (uploaded images stored as files)
- Location (city, region, and country only; see Section 1.3)
- Notification preferences
Identity Verification and Biometric Data
To verify your identity and age, we collect:
- Government-issued identification documents (processed by Sumsub)
- Facial imagery for liveness detection and face comparison
- Sumsub applicant identifiers, verification status, review status, review results, and face match data
- Date of birth (transmitted to Sumsub for age verification)
This data constitutes biometric information. See Section 5 for detailed disclosures regarding biometric data.
Messages
When you communicate with other users through the in-app messaging feature, your message content is processed and stored by our messaging provider, Stream. Messages sent through Aneutral are not end-to-end encrypted. Stream may access message content for moderation purposes. See Section 3 for details.
Reports and Blocks
If you report or block another user, we collect the report reason, description, evidence references, message context, and the identities of the reporting and reported users.
1.2 Information Collected Automatically
Device and Usage Data
We automatically collect:
- Device push notification tokens (Expo push tokens and native platform tokens)
- Device platform (iOS or Android)
- Token creation, update, and expiration timestamps
- Last active timestamp
- Crash reports and error diagnostics (via Sentry)
- Behavioral analytics events (via Amplitude)
Authentication Tokens
Our authentication system (AWS Cognito) issues access tokens valid for 1 hour, ID tokens valid for 1 hour, and refresh tokens valid for 30 days. These tokens are stored on your device and transmitted to our servers to authenticate requests.
1.3 Location Data
Aneutral requests device location permission through the Expo location framework. Your device GPS coordinates are collected, reverse-geocoded to city, region, and country, and stored in that form only. We do not store raw latitude and longitude coordinates. Location data is used to show your general location to potential matches and to facilitate location-based discovery.
You may withdraw location permission at any time through your device settings. Withdrawing location permission will limit the functionality of location-based features.
1.4 Subscription and Payment Data
Subscription purchases are processed through Apple App Store or Google Play Store via RevenueCat. We receive and store subscription metadata including product identifier, entitlement, subscription status, and billing period. We do not receive or store your credit card number, bank account information, or other direct payment credentials. All payment processing is handled by Apple, Google, and RevenueCat.
1.5 Information We Do Not Collect
- We do not collect information from users under 18 years of age. See Section 12.
- We do not collect raw GPS coordinates. Location is stored as city, region, and country only.
- We do not process direct credit card or banking information.
2. How We Use Your Information
We use collected information for the following purposes:
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Account creation and authentication | Phone number, email, authentication tokens | Performance of contract (Art. 6(1)(b)) |
| Profile display to other users | Display name, age, bio, interests, intent, photos, location | Performance of contract (Art. 6(1)(b)) |
| Identity and age verification | Government ID, facial imagery, biometric data, date of birth | Legitimate interest in platform safety (Art. 6(1)(f)); Explicit consent for biometric data (Art. 9(2)(a)) |
| Matching and discovery | Profile data, location, interests, intent | Performance of contract (Art. 6(1)(b)) |
| In-app messaging | Message content | Performance of contract (Art. 6(1)(b)) |
| Content moderation | Photos, profile text, messages, reports | Legitimate interest in platform safety (Art. 6(1)(f)) |
| Face comparison (profile photo verification) | Facial imagery | Explicit consent (Art. 9(2)(a)) |
| Push notifications | Device tokens, notification preferences | Consent (Art. 6(1)(a)) |
| Analytics and product improvement | Usage events, behavioral data | Legitimate interest (Art. 6(1)(f)) |
| Crash reporting and error resolution | Device data, error logs | Legitimate interest (Art. 6(1)(f)) |
| Subscription management | Subscription metadata | Performance of contract (Art. 6(1)(b)) |
| Safety enforcement (blocks, reports) | Block records, report records | Legitimate interest in platform safety (Art. 6(1)(f)) |
| Compliance with legal obligations | Various, as required | Legal obligation (Art. 6(1)(c)) |
3. Third-Party Service Providers
We share information with the following third-party service providers to operate Aneutral:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services (AWS) | Authentication (Cognito), compute (Lambda), database (DynamoDB), storage (S3), search (OpenSearch), caching (ElastiCache), logging (CloudWatch), face comparison and image moderation (Rekognition) | Account data, profile data, photos, facial imagery, authentication credentials, usage logs |
| Amplitude | Behavioral analytics | Usage events, device identifiers, anonymized behavioral data |
| Sentry | Crash reporting and error monitoring | Device information, error stack traces, diagnostic data |
| Sumsub | Identity verification, age verification, biometric data processing | Government-issued ID, facial imagery, liveness data, date of birth, verification results |
| Stream | Messaging infrastructure | Message content, user identifiers, message metadata |
| RevenueCat | Subscription and in-app purchase management | User identifiers, subscription product, entitlement, status, billing period |
| Expo | Push notifications, location services, image handling, audio/video capture | Device tokens, location data (before reverse geocoding), photos, media |
| OpenAI | Content moderation (profile text and image moderation pipeline) | Profile text, image data submitted for moderation review |
We do not sell your personal information to third parties. We do not share your personal information with third parties for their own marketing purposes.
Messaging Disclosure
Messages you send through Aneutral are processed by Stream Chat. Messages are not end-to-end encrypted. Stream may access message content to provide the messaging service and for moderation purposes. Do not share sensitive personal information (such as financial account numbers or government ID numbers) through the messaging feature.
4. Data Storage and Security
All data is stored on AWS infrastructure within the United States.
- Database (DynamoDB): Encryption at rest enabled using AWS-managed keys.
- File Storage (S3): All public access is blocked. Server-side encryption (S3-managed keys) is enabled. Photos are stored under a per-user prefix (users/{userId}/) and are accessible only via authenticated, time-limited presigned URLs.
- Data in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
- Authentication: All API operations require valid JWT tokens with a 1-hour validity period. Refresh tokens are valid for 30 days.
- Optional MFA: Multi-factor authentication is available as an additional security measure. It is not required by default.
Operational logs (AWS CloudWatch) may briefly contain personal information from authentication and moderation operations. Access to logs is restricted, and log retention is limited.
For more information, see our Data Security Policy.
5. Biometric Information Disclosure
This section constitutes the required written disclosure under the Illinois Biometric Information Privacy Act (740 ILCS 14/15(b)) and similar state biometric privacy laws.
5.1 What Biometric Data We Collect
Aneutral collects and processes biometric identifiers and biometric information, including:
- Facial geometry data derived from photos you upload, used by AWS Rekognition for face comparison (verifying that your profile photos depict you) and for image moderation.
- Facial imagery and liveness data collected during the identity verification process by Sumsub, which may include a liveness check (active selfie or video) to confirm you are a real person.
5.2 Purpose
Biometric data is collected and used for:
- Verifying that profile photos depict the account holder (face comparison).
- Detecting and preventing fraudulent or fake accounts.
- Age and identity verification.
- Image moderation (detecting prohibited content).
5.3 Who Processes Biometric Data
- AWS Rekognition processes facial geometry for face comparison and image moderation.
- Sumsub processes facial imagery and liveness data for identity and age verification. Sumsub maintains SOC 2 Type II and ISO 27001 certifications.
5.4 Retention and Destruction
Biometric data used for face comparison by AWS Rekognition is processed in real time and is not stored in a persistent facial recognition database by Aneutral. Sumsub retains identity verification data in accordance with its own retention policies and applicable legal requirements. When you delete your account, we delete your verification records from our database and request deletion from Sumsub.
5.5 Consent
By creating an account and submitting to identity verification or uploading photos on Aneutral, you consent to the collection, use, and storage of your biometric data as described in this section. You may withdraw consent at any time by deleting your account, which triggers deletion of your biometric data from our systems.
5.6 Disclosure and Sale
We do not sell, lease, trade, or otherwise profit from your biometric data. We do not disclose your biometric data to third parties other than our processors (AWS and Sumsub) as described above, unless required by law or valid legal process.
6. Special Category Data (GDPR Article 9)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following data constitutes special category data under GDPR Article 9:
- Interests and Intent. Your selected interests and stated intent on Aneutral may reveal information about your sexual orientation, religious beliefs, political opinions, or other characteristics protected under Article 9. We process this data only with your explicit consent, which you provide when you voluntarily enter this information during profile creation.
- Biometric Data. Facial imagery and derived facial geometry data are special category data. We process this data based on your explicit consent provided during the verification flow.
You may withdraw consent for special category data processing at any time by removing the relevant information from your profile or by deleting your account. Withdrawal of consent does not affect the lawfulness of processing performed before withdrawal.
7. Data Retention
We retain your personal information for as long as your account is active and as necessary to provide the Service. Specific retention periods:
| Data Category | Retention Period |
|---|---|
| Account and profile data | Duration of active account |
| Verification and biometric records | Duration of active account, plus a post-deletion period for fraud prevention |
| Match records | Duration of active account |
| Block and report records | Duration of active account, plus a post-deletion period for safety review |
| Messages (Stream) | Governed by Stream's retention policies; deleted upon account deletion request |
| Subscription metadata | Duration of active account, plus a post-deletion period for billing dispute resolution |
| Device tokens | Duration of active account; tokens with TTL expire automatically after 90 days |
| Analytics data (Amplitude) | Governed by Amplitude's retention settings |
| Crash reports (Sentry) | Governed by Sentry's retention settings |
| Operational logs (CloudWatch) | Limited retention with automated cleanup |
When you delete your account, we initiate a cascade deletion that removes: user records, verification records, profile data, swipes, matches, blocks, reports, XP events, subscriptions, boosts, device tokens, notifications, group memberships, event RSVPs, moderation actions, appeals, compatibility data, all photos from S3, and your AWS Cognito account. This process is primarily a hard delete. Due to the distributed nature of our infrastructure, fragments of data may persist briefly in encrypted backups or operational logs before being overwritten or expiring according to automated retention schedules.
8. Your Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following rights:
Right to Know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information.
Right to Delete. You may request that we delete your personal information. You can exercise this right directly by using the "Delete My Account" feature in the app, which triggers a cascade deletion of your data as described in Section 7.
Right to Correct. You may request that we correct inaccurate personal information. You can correct most information directly through your profile settings.
Right to Limit Use of Sensitive Personal Information. Under the CPRA, your precise geolocation (even city-level), biometric data, and information revealing interests that may relate to sexual orientation are classified as sensitive personal information. You have the right to limit our use of this data to what is necessary to provide the Service. To exercise this right, contact us at info@aneutral.com.
Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA/CPRA rights.
Right to Opt Out of Sale or Sharing. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. If this practice changes, we will provide a "Do Not Sell or Share My Personal Information" mechanism.
To exercise your rights, contact us at info@aneutral.com or use the in-app account management features. We will verify your identity before processing requests. We will respond within 45 days, with a possible 45-day extension for complex requests.
Authorized Agents. You may designate an authorized agent to submit requests on your behalf. We may require the agent to provide proof of authorization and may verify your identity directly.
9. Your Rights Under the General Data Protection Regulation (GDPR)
If you are located in the EEA, UK, or Switzerland, you have the following rights:
Right of Access (Art. 15). You may request a copy of the personal data we hold about you and information about how it is processed.
Right to Rectification (Art. 16). You may request correction of inaccurate personal data. Most data can be corrected directly through your profile settings.
Right to Erasure (Art. 17). You may request deletion of your personal data. Use the "Delete My Account" feature in the app or contact us at info@aneutral.com.
Right to Restriction of Processing (Art. 18). You may request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of contested data.
Right to Data Portability (Art. 20). You may request a copy of the personal data you provided to us in a structured, commonly used, machine-readable format.
Right to Object (Art. 21). You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
Right to Withdraw Consent (Art. 7(3)). Where processing is based on consent (including biometric data and special category data), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of prior processing.
Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority in your country of residence.
To exercise your rights, contact us at info@aneutral.com. We will respond within 30 days.
Legal Basis for Processing. See the table in Section 2 for the legal basis applicable to each processing activity.
International Transfers. Your data is stored and processed in the United States. If you are located outside the United States, your data is transferred to the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for such transfers.
10. Your Rights Under the Texas Data Privacy and Security Act (TDPSA)
If you are a Texas resident, the Texas Data Privacy and Security Act (Tex. Bus. & Com. Code, Chapter 541) provides you with the following rights regarding your personal data:
Right to Know. You have the right to confirm whether we are processing your personal data and to access that data.
Right to Correct. You have the right to correct inaccuracies in your personal data, taking into account the nature of the data and the purposes of processing.
Right to Delete. You have the right to delete personal data you have provided to us or that we have obtained about you.
Right to Data Portability. You have the right to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller.
Right to Opt Out. You have the right to opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.
Sensitive Data. Under the TDPSA, sensitive data includes biometric data, precise geolocation data, and data revealing sexual orientation. We process sensitive data only with your consent, as described in this Privacy Policy.
To exercise your rights, contact us at info@aneutral.com. We will respond within 45 days. If we decline your request, you may appeal by contacting us at info@aneutral.com with a description of your concern. We will respond to your appeal within 60 days. If your appeal is denied, you may file a complaint with the Texas Attorney General.
11. Your Rights Under Other State Privacy Laws
Depending on your state of residence, you may have additional privacy rights under state law:
- Virginia (VCDPA): Rights to access, correct, delete, obtain a copy of, and opt out of targeted advertising, sale, and profiling.
- Colorado (CPA): Rights to access, correct, delete, obtain a copy of, and opt out of targeted advertising, sale, and profiling.
- Connecticut (CTDPA): Rights to access, correct, delete, obtain a copy of, and opt out of targeted advertising, sale, and profiling.
To exercise your rights under any applicable state privacy law, contact us at info@aneutral.com.
12. Children's Privacy
Aneutral is not intended for anyone under 18 years of age. We enforce an 18+ age gate during onboarding and verify age through our Sumsub identity verification integration. We do not knowingly collect personal information from anyone under 18. If we discover that a user is under 18, we will terminate their account and delete their data immediately. If you believe a minor has created an account, contact us at info@aneutral.com.
13. Data Breach Notification
In the event of a confirmed data breach affecting your personal information, we will notify affected users within 72 hours of confirmation. Notification will be provided via email (if available), in-app notification, or other appropriate means. We will also notify relevant regulatory authorities as required by applicable law, including the Texas Attorney General as required under the Texas Identity Theft Enforcement and Protection Act (Tex. Bus. & Com. Code, Chapter 521).
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy within the app and updating the "Last Updated" date. For significant changes, we will provide prominent notice (such as an in-app notification or email). Continued use of Aneutral after the effective date of changes constitutes acceptance of the updated Privacy Policy.
15. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, contact us:
Aneutral LLC
5103 Wildwood Dr, Manvel, Texas 77578
Email: info@aneutral.com
For GDPR inquiries, you may also contact our data protection point of contact at info@aneutral.com.