Privacy policy

Last updated: June 23, 2026

1. Service provider

Safety in Relationships Oy Ltd (Business ID 3621636-4, VAT FI36216364), Helsinki, Finland, is the data controller for Happy & Safe under the GDPR. Contact: kaisa@safetyinrelationships.com. Sister site: safetyinrelationships.com.

2. Introduction

Happy & Safe is a dating app that requires applicants to complete a structured self-reflection (the reflection passport) before an account can be created. This policy explains what we collect, why, on what lawful basis, and how you can exercise your rights.

3. What data we collect

Account data (email, age, country, preferred language), reflection passport answers (free text on therapy history, past relationships, safety values), profile content (display name, public bio, photos, interests), and technical data (request logs, device fingerprint, locale preference cookie).

4. How we use your data

Strictly to operate Happy & Safe: validate eligibility through the reflection passport, create and maintain your account, surface eligible profiles, prevent fraud and abuse, and send service notifications. We never sell your data and we do not use it for advertising profiling.

5. Lawful basis (GDPR Article 6 and 9)

Account creation and core service: contract (Article 6(1)(b)). Reflection passport answers in special categories (health information about therapy, sexual orientation when shared): explicit consent per category (Article 9(2)(a)), captured separately and revocable at any time. Fraud prevention and safety: legitimate interests (Article 6(1)(f)).

6. Data sharing

We share data only with processors needed to operate the service: Supabase (managed hosting and database in the EU), the AI provider that powers the reflection audit (configurable; current provider disclosed in the data processor list available on request), and email delivery for transactional messages. No advertising networks, no data brokers, no relationship data shared with third parties.

7. International transfers

Data is processed in the EU and EEA by default. If a processor outside the EEA is used, transfers rely on EU Standard Contractual Clauses (SCCs) and a Transfer Impact Assessment.

8. Retention

Active account data is kept while the account is active. Sensitive reflection passport answers from rejected applicants are deleted within 30 days. Moderation and safety records (for example removal decisions) are retained up to 24 months when justified to prevent removed users from returning.

9. Security

TLS in transit, encryption at rest, Postgres row-level security with per-user policies, separated service-role access for privileged operations, principle of least privilege, audit logging of administrative actions, and regular security reviews.

10. Your rights

Access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent at any time, as easily as you gave it. You can also lodge a complaint with your national supervisory authority (in Finland: Office of the Data Protection Ombudsman, tietosuoja.fi).

11. Automated decision-making (Article 22)

The reflection passport is reviewed automatically and the decision is immediate. You have the right to contest any decision that meaningfully affects you and to request a human re-review.

12. Children

Happy & Safe is for adults only. You must be 18 or older to apply. We enforce an age gate at onboarding.

13. Contact

Privacy questions, rights requests, and breach notifications: kaisa@safetyinrelationships.com. We respond within 30 days as required by the GDPR.