Privacy Policy

2. Who is responsible for your data (controller)

The data controller responsible for your personal data is Nevolut S.A.R.L.U., together with its European Union branch Nevolut S.R.L. (jointly “Nevolut”, “we”, “us”). For users in the European Union, European Economic Area, and United Kingdom, Nevolut S.R.L. (Romania) acts as our establishment and point of contact for data-protection matters. You can reach us at any time at privacy@ontryst.com.

3. Summary

This summary is informational only and does not replace the rest of this Policy.

• We collect what you give us (your account details, profile, photos, voice and video, messages, and posts) and some data automatically (approximate and precise location, device and usage data).
• Because Ontrystis a dating service, some of the data you choose to share — such as your sexual orientation or religion — is “special category” data that we only process with your explicit consent.
• We use your data to operate the Service: to build your profile, suggest and show you other people, enable likes, matches, messaging, posts, voice notes, and live broadcasts, and to keep the platform safe.
• Other users see the profile, photos, posts, and content you choose to share. We do not sell your personal data.
• You can access, correct, download, or delete your data at any time from your account settings or by emailing us.
• We operate from the Democratic Republic of Congo and the European Union, so your data may be transferred internationally under appropriate safeguards.

4. Information we collect

(a) Information you give us

• Account and identity: your email address and/or mobile phone number, country code, a password (stored only as a secure one-way hash), and one-time verification codes (OTP) sent by SMS or email. If you choose to sign in with Google or Apple, we receive the basic identifiers those providers share with us.
• Profile: first name, display name, date of birth (used to confirm you are 18+ and to show your age), gender, city and country, biography, interests, profile prompts and answers, languages, and the photos and any video or voice prompts you add.
• Special-category data (sensitive): if you choose to share them, details such as your sexual orientation, religion, or other characteristics relevant to dating. The fact that you use a dating service may itself reveal information about your sex life or sexual orientation. We only process this data with your explicit consent (see Section 5).
• Your content: direct messages, attachments, reactions, voice notes, posts, stories, comments, and live broadcasts (including their comments and reactions) that you create or send through the Service.
• Likes and matches:the people you like, pass on, super-like (“crush”), match with, block, or report.
• Payments: if you purchase paid features, the transaction is handled by the Apple App Store, Google Play, or our payment processor. We receive confirmation of purchase and subscription status, but we do not store your full card number.
• Support and reports: the content of messages you send us and any reports you file about other users or content.

(b) Information collected automatically

• Location: with your permission, your approximate and/or precise device location, which we use to show you and other members who are nearby. You can turn location permission off in your device settings, although some discovery features may then be limited.
• Device and technical data: device type, operating system, app version, language, IP address, and identifiers such as push-notification tokens.
• Usage data: how you interact with the Service (screens viewed, features used, profiles seen), session timing, and similar diagnostics.
• Diagnostics and crash data: error and crash reports, collected through our error-monitoring provider, to keep the app stable.
• Cookies and local storage (web): on the Ontryst website we use strictly necessary cookies and local storage to keep you signed in and to remember your preferences.

(c) Information from third parties

If you sign in with Google or Apple, those providers share basic account identifiers with us in accordance with the permissions you grant. App stores share purchase and subscription information with us. We do not buy personal data about you from data brokers.

5. How and why we use your data (legal bases)

We process your personal data for the purposes below. Where the EU General Data Protection Regulation (GDPR) or equivalent law applies, the legal basis for each purpose is shown.

• To provide the Service— create and manage your account and profile, authenticate you, and enable likes, matches, messaging, posts, voice notes, and live broadcasts. Basis: performance of our contract with you.
• To suggest and show you people— use your location, preferences, and activity to recommend profiles and build your discovery feed. Basis: contract; your consent for location.
• To process special-category data— show and match on attributes such as sexual orientation or religion that you choose to share. Basis: your explicit consent, which you may withdraw at any time.
• To keep the platform safe— detect and act on fraud, fake profiles, harassment, prohibited content, and child-safety violations, using a combination of automated tools and human review. Basis: legitimate interests in protecting our users and the Service; legal obligation; and, for child-safety reporting, substantial public interest.
• To verify age and identity— confirm you are 18+ and, where offered, verify your identity. Basis: contract; legal obligation.
• To communicate with you— send service messages, security and billing notices, and (where you allow it) push notifications about matches and activity. Basis: contract; legitimate interests; your consent for non-essential notifications.
• To handle payments— process subscriptions and purchases and prevent payment fraud. Basis: contract; legal obligation.
• To improve the Service— understand how the app is used, fix bugs, and develop new features. Basis: legitimate interests.
• To comply with law— meet legal, regulatory, and law-enforcement obligations and establish or defend legal claims. Basis: legal obligation; legitimate interests.

6. Matching and automated processing

Ontryst uses automated systems to recommend profiles, order your feed, and surface people nearby, based on factors such as location, the preferences you set, and your activity. These recommendations do not produce legal or similarly significant effects on you, and you remain free to like, pass, or ignore any suggestion.

We also use automated tools, alongside human review, to detect prohibited content and unsafe behaviour. A decision to remove content, limit features, or suspend an account may follow from that review; you can contest such decisions by contacting support@ontryst.com.

7. How your data is shared

(a) With other users

Ontrystis a social, dating service, so by design other members see the content you choose to make visible: your profile and photos, your posts and stories, your live broadcasts and their comments, and the messages you send to people you match or interact with. Please think carefully before sharing information you would not want others to see, and do not share another person's personal data without their consent.

(b) With service providers (processors)

We share data with carefully selected providers who process it on our behalf and under contract, only as needed to run the Service, including:

• cloud hosting and storage infrastructure on which the Service runs;
• real-time voice, video, and live-streaming infrastructure that powers calls and live broadcasts;
• push-notification delivery (Google Firebase Cloud Messaging for Android, Apple Push Notification service for iOS);
• SMS and email delivery for verification codes and notices;
• sign-in providers (Google Sign-In, Sign in with Apple) and mapping services, where you use them;
• error-monitoring and analytics providers that help us keep the app stable (our error monitoring is hosted in the European Union);
• the Apple App Store, Google Play, and our payment processor for purchases and subscriptions.

(c) For legal and safety reasons

We may disclose data where we believe in good faith that it is necessary to comply with the law or a valid legal request, to enforce our Terms, to detect or prevent fraud or security issues, to protect the rights, property, or safety of our users or the public, or in connection with child-safety reporting to the competent authorities.

(d) Business transfers

If Nevolut is involved in a merger, acquisition, reorganisation, or sale of assets, your data may be transferred as part of that transaction, subject to this Policy.

We do not sell your personal data, and we do not share it with advertisers for cross-context behavioural advertising.

8. International data transfers

We operate from the Democratic Republic of Congo and the European Union, and some of our providers operate elsewhere. As a result, your personal data may be transferred to, stored in, or accessed from countries outside your own, including outside the European Economic Area, whose data-protection laws may differ from those where you live.

Where we transfer personal data of users in the EU, EEA, or UK to a country that has not been recognised as providing an adequate level of protection, we put in place appropriate safeguards, such as the European Commission's Standard Contractual Clauses, and take additional measures where needed. You may request a copy of the relevant safeguards by emailing privacy@ontryst.com.

9. How long we keep your data

We keep your personal data for as long as your account is active and for as long as needed to provide the Service. When you delete your account, we delete or anonymise your personal data within thirty (30) days, except where we must retain certain information for longer to:

• comply with legal, tax, or accounting obligations;
• keep records necessary for safety, fraud prevention, or to enforce a ban — for example, retaining limited data about accounts removed for serious violations or child-safety reasons;
• establish, exercise, or defend legal claims.

Short-lived data such as login sessions, one-time codes, and “who viewed me” records are kept only for limited periods (for example, verification codes for a few minutes and profile-view records for around 30 days) and then automatically purged.

10. How we protect your data

We use technical and organisational measures designed to protect your data, including encryption of data in transit, storing passwords only as salted one-way hashes, time-limited and signed links for access to private photos and media, protected login sessions, and access controls that limit who can reach your data. No method of transmission or storage is completely secure, but we work continuously to safeguard your information and to respond promptly to any incident.

11. Your rights and choices

Depending on where you live, and in particular if the GDPR applies to you, you have the right to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• delete your data (“right to be forgotten”);
• restrict or object to certain processing;
• receive your data in a portable, machine-readable format and have it transmitted to another controller;
• withdraw any consent you gave (including for location and special-category data) at any time, without affecting processing already carried out;
• not be subject to a decision based solely on automated processing that produces legal or similarly significant effects; and
• lodge a complaint with a data-protection supervisory authority.

You can exercise most of these rights directly in your account settings — for example, to edit your profile, manage notifications and location permission, or delete your account — or by emailing privacy@ontryst.com. We will respond within the time limits required by applicable law. If you are in the EU/EEA, your lead supervisory authority is the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP); you may also complain to the authority in your country of residence.

12. Children and age requirement

Ontryst is strictly for adults aged 18 and over. We do not knowingly collect data from anyone under 18. If we learn that a minor has created an account, we will remove it. We operate a zero-tolerance policy on child sexual abuse and exploitation, described in our Child Safety Standards, and we report such material to the competent authorities as required by law.

13. Notifications and communications

We may send you service messages by email, SMS, in-app message, or push notification, including about security, billing, matches, and account activity. You can manage non-essential notifications in your account settings and turn off push notifications in your device settings. Some essential service messages cannot be switched off while you hold an account.

14. Changes to this Policy

We may update this Policy from time to time. Where the changes are material, we will notify you through the Service or by email and update the effective date at the top of this page before the changes take effect. Your continued use of the Service after the changes take effect constitutes your acknowledgement of the updated Policy.

15. Contact and legal information

For any privacy question, or to exercise any of the rights described above, contact privacy@ontryst.com or support@ontryst.com.