Privacy Policy

FlexMatches LLC, a Pennsylvania limited liability company ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services at www.flexmatches.com (the "Service").

By using FlexMatches, you agree to the collection and use of information in accordance with this policy.

We use the information we collect to:

• Create and manage your account
• Match you with compatible fitness partners nearby
• Facilitate communication between matched users
• Process payments and manage subscriptions
• Send push notifications about matches, messages, and activity
• Improve our services and develop new features
• Ensure safety and prevent fraud or abuse
• Comply with legal obligations

We do not sell your personal information. We may share your information with:

• Other users: Profile information you choose to make visible (name, photo, sports, bio) is shown to potential matches
• Service providers: Supabase (database & auth), Stripe (payments), Vercel (hosting) — bound by data processing agreements
• Legal authorities: When required by law or to protect the safety of our users

Your data is stored on secure servers provided by Supabase (hosted on AWS). We implement industry-standard security measures including:

• Encrypted data transmission (HTTPS/TLS)
• Row-level security policies on all database tables
• Optional two-factor authentication (2FA) for your account
• Passwords are hashed and never stored in plain text

No method of transmission over the internet is 100% secure. We strive to protect your data but cannot guarantee absolute security.

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information via your profile settings
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a portable format
• Opt-out: Disable push notifications at any time in app settings

To exercise these rights, contact us at privacy@flexmatches.com.

Your account also includes the following self-service privacy controls, which you can change at any time in Settings > Privacy:

• Hide from male users / Hide from female users: Two symmetric toggles. When enabled, your profile is filtered out of Discover for any user whose gender matches the toggle. The filter is applied on our server before profiles are returned. You can use either, both, or neither. Reversible at any time. The same toggles are available regardless of your own gender.
• Who I want to train with (filter): A separate preference (Everyone, Women only, Men only) that sharpens your own Discover feed. This does not affect whether others see you — only what you see.
• Approximate location: Other users never see your exact coordinates. The map fuzzes everyone’s location to a roughly 1 km area before it is ever sent to other devices.
• Hide city: You can remove your city from your public profile in privacy settings.
• Block and report: Blocking another user is instant and silent. The blocked user is not told. Reports submitted through the app are reviewed and acted on where appropriate, and they also factor into the public trust tier shown on every profile (New, Active, Trusted, Vouched).

The trust tier is calculated by us from account age, completed sessions, verified phone status, and reports against the user. It is shown publicly on profiles so other users can see at a glance whether someone is established or brand new. Individual reports and the underlying counts are never shown to other users.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights regarding your personal information.

Categories of personal information we collect (in the past 12 months):

• Identifiers (name, email, username, IP address)
• Customer records (profile data, payment information processed by Stripe)
• Internet activity (usage data, device data, log data)
• Geolocation data (approximate location, with consent)
• Inferences drawn from the above (e.g., partner matching scores)

Your rights under CCPA / CPRA:

• Right to know: request a copy of the categories and specific pieces of personal information we have collected about you
• Right to delete: request deletion of your personal information (subject to certain legal exceptions)
• Right to correct: request correction of inaccurate personal information
• Right to opt out of sale or sharing: we do not sell your personal information, and we do not share it for cross-context behavioral advertising
• Right to limit use of sensitive personal information: we do not use sensitive personal information for purposes outside those permitted by CCPA
• Right to non-discrimination: we will not deny service, charge different prices, or provide a different level of service because you exercised these rights

To exercise any of these rights, email privacy@flexmatches.com with the subject line "California Privacy Request." We will respond within 45 days as required by law.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 give you specific rights regarding your personal data.

Legal basis for processing. We process your personal data based on the following lawful bases:

• Performance of a contract: to provide the Service you signed up for (account, matching, messaging, sessions)
• Consent: for location access, push notifications, and any optional data you choose to provide
• Legitimate interest: to operate, secure, and improve the Service, prevent fraud and abuse, and enforce our Terms
• Legal obligation: to comply with applicable laws, court orders, or regulatory requests

Your rights under GDPR:

• Access: obtain a copy of your personal data
• Rectification: correct inaccurate or incomplete data
• Erasure ("right to be forgotten"): have your data deleted in certain circumstances
• Restriction: ask us to limit how we use your data
• Data portability: receive your data in a structured, commonly used, machine-readable format
• Object: object to processing based on legitimate interest, including profiling
• Withdraw consent: for any processing based on consent (without affecting prior lawful processing)
• Lodge a complaint: with your local data protection authority

To exercise any of these rights, email privacy@flexmatches.com. We will respond within 30 days as required by GDPR.

International data transfers. Your personal data is stored on servers located in the United States. Where we transfer personal data outside the EEA / UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and equivalent UK transfer safeguards, with our service providers (Supabase, Stripe, Vercel) acting as data processors bound by these clauses.

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

FlexMatches is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal information, we will delete it promptly.

Our app may contain links to third-party websites (e.g., affiliate store products). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

We use essential cookies and local storage to maintain your session and preferences. We do not use tracking or advertising cookies.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise any of the rights described above:

FlexMatches LLC
Privacy: privacy@flexmatches.com
Legal: legal@flexmatches.com
Website: www.flexmatches.com

For California-specific requests, use the subject "California Privacy Request." For GDPR requests, use the subject "GDPR Request" along with the country you reside in.