Privacy Policy

Effective date: April 9, 2026 · Last updated: April 9, 2026

Your privacy matters. This policy explains exactly what data we collect, why we collect it, and how you can control it. Vesper is built on trust — we collect only what we need to make meaningful connections possible.

1. Who We Are

Vesper ("Vesper", "we", "us", or "our") operates the Vesper dating platform available at vesperlove.com. For the purposes of the GDPR and similar data protection laws, Vesper is the data controller for personal data collected through the Service.

For privacy-related questions, contact us at: vesper@vesperlove.com

2. Data We Collect

Information You Provide Directly

Account data: email address, name, date of birth, gender, location (city/region).
Profile data: relationship goals, lifestyle information (drinking, smoking, religion, politics), height, personality prompts, interests, dealbreakers, and preferences.
Media: profile photo and up to three short video clips (including an intro video).
Messages: content of private messages sent between matched users.
Verification data: liveness verification video used to confirm you are a real person.
Security data: hashed password, 2FA credentials (encrypted TOTP secret, hashed backup codes).

Information Collected Automatically

Usage data: pages visited, features used, interactions (likes, skips, flowers sent), session duration.
Device & technical data: IP address, browser type, operating system, device identifiers.
Analytics data: anonymous visitor identifiers for aggregate platform analytics (no cross-site tracking).

Data From Third Parties

We do not currently purchase or import data from third-party data brokers. If you connect a social account for verification purposes, we collect only the data you explicitly authorise.

3. How We Use Your Data

Purpose	Legal Basis
Creating and managing your account	Contract performance
Matching you with compatible users	Contract performance
Enabling messaging between matched users	Contract performance
Liveness and identity verification	Contract performance & legitimate interest (safety)
Preventing fraud, abuse, and safety threats	Legitimate interest
Sending service notifications (matches, messages)	Contract performance & legitimate interest
Improving the platform (analytics)	Legitimate interest
Complying with legal obligations	Legal obligation

We do not sell your personal data to third parties. We do not use your data to serve targeted advertising.

4. Media Storage

Your profile photo and videos are stored securely in Cloudflare R2 (S3-compatible cloud storage). Media files are served over HTTPS. Liveness verification videos are used only for identity confirmation and are not publicly accessible.

When you delete your account, all associated media files are permanently deleted from our storage systems within the 30-day grace period.

5. Data Sharing

We share personal data only in limited circumstances:

Service providers: We use trusted third-party providers to operate the Service (cloud hosting, database, file storage, email delivery). These providers are contractually bound to process your data only as instructed.
Other users: Your profile information (name, age, photos, videos, prompts) is shown to other users on the platform as part of the matching experience. Your email and contact details are never visible to other users.
Legal requirements: We may disclose your data if required by law, court order, or to protect the safety of our users or the public.
Business transfers: If Vesper is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before this occurs.

6. Push Notifications

If you grant notification permission, we use the Web Push API to send you alerts for new matches, messages, likes, and flowers. You can manage or revoke notification permissions at any time in your Profile Settings or through your browser's notification settings.

7. Data Retention

We retain your personal data for as long as your account is active. When you delete your account:

Your profile is immediately hidden from all discovery and search.
You have a 30-day grace period during which you can reactivate your account.
After 30 days, your profile, media, matches, conversations, messages, and authentication data are permanently and irreversibly deleted.

We may retain anonymised, aggregate analytics data indefinitely. We retain records of safety actions (bans, reports) for a limited period to prevent re-registration by bad actors.

8. Security

We take security seriously. Measures include:

Passwords hashed with scrypt (computationally hard to brute-force).
Two-factor authentication (TOTP) available for all accounts.
TOTP secrets encrypted using AES-256-GCM before storage.
All data transmitted over HTTPS/TLS.
Access to user data restricted to authorised personnel on a need-to-know basis.

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to vesper@vesperlove.com.

9. Cookies & Local Storage

Vesper uses browser localStorage (not cookies) to store your authentication token on the device. This is strictly necessary to keep you logged in. We do not use third-party tracking cookies or advertising cookies.

A single anonymous visitor identifier is stored in localStorage for aggregate platform analytics. This identifier cannot be used to identify you personally and is not shared with third-party ad networks.

10. Your Rights (GDPR & Similar Laws)

Depending on where you live, you may have the following rights over your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Correct inaccurate or incomplete data.
Erasure ("right to be forgotten"): Request deletion of your personal data. You can also exercise this by deleting your account.
Portability: Receive your personal data in a structured, machine-readable format.
Restriction: Request that we restrict processing of your data in certain circumstances.
Object: Object to processing based on legitimate interests.
Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at vesper@vesperlove.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

11. Children's Privacy

Vesper is intended solely for users aged 18 and over. We do not knowingly collect personal data from children under 18. If we become aware that a user is under 18, we will immediately terminate their account and delete their data. If you believe a minor has created an account, please contact us at vesper@vesperlove.com.

12. International Transfers

Vesper operates globally. Your data may be stored and processed in countries outside your own, including countries that may have different data protection laws. Where required, we implement appropriate safeguards (such as standard contractual clauses) to protect your data during international transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by displaying a notice in the app. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy. We encourage you to review this page periodically.

14. Contact Us

For privacy-related questions, data requests, or to report a concern:

vesper@vesperlove.com

We aim to respond to all privacy enquiries within 5 business days.