Privacy Policy

1. Introduction

Ethos Labs Pty Ltd (ABN 20 694 353 332) ("Ethos", "we", "us", or "our") operates the Ethos matchmaking platform and website (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform.

We are committed to protecting your privacy and complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also comply with the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Indian Digital Personal Data Protection Act, 2023 (DPDPA).

For the purposes of the GDPR, Ethos Labs Pty Ltd is the data controller responsible for your personal data. Our contact details are set out in Section 14 below.

By creating an account or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Platform.

2. Information We Collect

2.1 Information you provide directly

Account information. When you register, we collect your name, email address, date of birth, gender, and profile photos. You authenticate via a secure one-time verification code sent to your email address; we do not collect or store passwords.

Profile information. Information you choose to include in your profile, such as your biography, education, occupation, location, and relationship preferences.

Values and compatibility data. Your responses to our compatibility questionnaire, including information about your core values, life goals, lifestyle preferences, and relationship approach. This data is central to how Ethos generates compatibility scores and matches you with compatible partners.

Communications. Messages you send to other users through the Platform, as well as any correspondence with our support team.

Payment information. If you purchase a subscription or premium features, our payment processor (Stripe) handles your payment details. We receive confirmation of payment status, transaction identifiers, and subscription state, but we do not store your full credit card number, bank account details, or payment credentials on our servers. If you subscribe through the Apple App Store or Google Play Store, your payment is processed by Apple or Google respectively, and is subject to their privacy policies.

User-generated content. Any other content you voluntarily provide, including photos, profile text, and feedback or support requests.

2.2 Information collected automatically

Location data. With your consent, we collect your approximate location to show you relevant matches in your area and to support date planning features. Location data may be derived from your device's GPS, IP address, or Wi-Fi signals. You can adjust location permissions in your device settings at any time, though doing so may limit certain features of the Platform.

Usage data. We collect information about how you interact with the Platform, including pages and screens viewed, features used, actions taken, time spent, and referring URLs.

Device information. We collect device type, operating system and version, browser type, screen resolution, IP address, unique device identifiers, and mobile network information.

Cookies and similar technologies. We use cookies, local storage, and similar tracking technologies to maintain your session, remember your preferences, and analyse Platform usage. See Section 9 for more details.

2.3 Information from third-party sources

App store data. If you download Ethos from the Apple App Store or Google Play Store, we may receive basic information about your download and subscription status from those platforms.

Location and mapping services. We use the Google Maps Platform to power location-based features including date venue suggestions and location search. When you use these features, certain information (such as your search queries and approximate location) may be shared with Google in accordance with Google's privacy policy.

3. How We Use Your Information

We use your personal information for the following purposes:

• To create and manage your account and profile
• To generate compatibility scores and match you with other users based on shared values and preferences
• To provide, maintain, and improve the Platform and its features, including date planning and location-based services
• To process transactions and send related information, including purchase confirmations and subscription renewals
• To send you service-related notices, updates, security alerts, and administrative messages
• To respond to your enquiries and provide customer support
• To monitor and analyse trends, usage, and activity on the Platform to improve user experience
• To detect, investigate, and prevent fraud, abuse, harassment, and other harmful or unauthorised activity
• To enforce our Terms of Service and Community Guidelines
• To comply with legal obligations, including responding to lawful requests from law enforcement or regulatory bodies
• To protect the safety and wellbeing of our users and the public
• To create and publish anonymised, aggregated insights and statistics derived from user activity and questionnaire responses, from which no individual user can be identified

For more information on staying safe while using the Platform, please review our Safety Tips.

4. Automated Decision-Making and Compatibility Scoring

Ethos uses automated processing, including algorithmic compatibility scoring, to generate match suggestions for you. Your compatibility scores are calculated based on your responses to our values questionnaire and reflect the degree of alignment between your answers and those of other users across categories such as core values, life goals, lifestyle preferences, and relationship approach.

These scores are used to rank and suggest potential matches but do not constitute binding decisions. You are free to explore and connect with any user presented to you, regardless of compatibility score. No automated decision made by the Platform produces legal effects or similarly significant effects concerning you.

If you are located in the European Union or European Economic Area, you have the right to request meaningful information about the logic involved in automated decision-making, as well as the significance and envisaged consequences of such processing. To exercise this right, please contact us using the details in Section 14.

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

With other users. Your profile information, including your name, photos, biography, and compatibility indicators, is visible to other users of the Platform as part of the matching experience. Your specific questionnaire responses are not shared directly with other users; only aggregated compatibility scores and category-level alignment indicators are displayed.

With service providers. We share information with third-party service providers who perform services on our behalf, subject to contractual obligations to use your information only to provide their services to us and in accordance with this Privacy Policy:

• Supabase — database hosting, authentication, and real-time services
• Vercel — website and application hosting and analytics
• Stripe — payment processing (for direct purchases)
• Apple / Google — payment processing and subscription management (for app store purchases)
• Resend — transactional email delivery (verification codes, notifications, receipts)
• Google Maps Platform — location search and date venue suggestions

For safety and legal reasons. We may access, preserve, and disclose your information, including account data and message content, if we have a good-faith belief that doing so is reasonably necessary to: (a) comply with applicable law, regulation, legal process, or enforceable governmental request; (b) enforce our Terms of Service or Community Guidelines; (c) detect, prevent, or address fraud, security, or technical issues; (d) respond to user support requests; (e) protect the rights, property, or personal safety of Ethos, our users, or the public; or (f) investigate potential violations of our policies, including harassment, threats, or other harmful conduct, whether on or off the Platform.

Business transfers. In connection with any merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information and will outline your choices regarding your information.

With your consent. We may share your information in other circumstances where we have obtained your explicit consent.

6. Data Storage and Security

Your data is stored on servers operated by our service providers, which may be located in Australia, the United States, or other jurisdictions. Your personal information may be disclosed to overseas recipients in these countries, which may not have privacy or data protection laws equivalent to those in Australia or the EU/EEA. In accordance with Australian Privacy Principle 8, we take reasonable steps to ensure that overseas recipients handle your personal information in a manner consistent with the APPs and this Privacy Policy, including by entering into contractual arrangements that require compliance with applicable privacy standards and, where required by the GDPR, implementing appropriate safeguards such as standard contractual clauses.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS) and at rest, role-based access controls, regular security reviews, and secure passwordless authentication via email-based verification codes.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. We encourage you to use a secure email account for authentication and to keep your device secure.

6.1 Data breach notification

In the event of an eligible data breach as defined under Part IIIC of the Privacy Act 1988 (Cth) (the Notifiable Data Breaches scheme), we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable in accordance with our obligations under that scheme. Where the GDPR applies, we will also notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms. Where the DPDPA applies, we will notify the Data Protection Board of India and affected Data Principals in accordance with the requirements of the DPDPA.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. If you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes, including:

• Resolving disputes or enforcing our agreements
• Complying with legal or regulatory obligations (such as record-keeping requirements)
• Preventing fraud or abuse, including maintaining records of banned accounts to prevent re-registration
• Meeting tax, accounting, or financial reporting requirements

Anonymised or aggregated data that can no longer be associated with you may be retained indefinitely for analytical, research, product improvement, and promotional or educational purposes.

Transactional records related to purchases may be retained for up to seven years in accordance with applicable tax and accounting laws.

8. Your Rights and Choices

8.1 All users

Regardless of your location, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete personal information
• Delete your account and associated personal information
• Withdraw consent for optional data processing (such as location data or marketing communications)
• Request a copy of your data in a portable format
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

8.2 Additional rights for EU/EEA users (GDPR)

If you are located in the European Union or European Economic Area, you additionally have the right to:

• Object to processing of your personal data based on legitimate interests
• Restrict processing of your personal data in certain circumstances
• Request information about the logic involved in automated decision-making, including compatibility scoring
• Lodge a complaint with your local data protection authority

Our legal bases for processing your data under the GDPR include:

• Performance of a contract (Article 6(1)(b)) — processing necessary to provide the Platform, generate compatibility scores, manage your account, and deliver the services you have requested
• Consent (Article 6(1)(a)) — where you have given consent, such as for location data or marketing communications, which you may withdraw at any time
• Legitimate interests (Article 6(1)(f)) — improving our services, ensuring safety, and preventing fraud, where these interests are not overridden by your rights
• Explicit consent for special category data (Article 9(2)(a)) — where we process sensitive personal data such as religious beliefs or cultural background through the compatibility questionnaire, we do so only with your explicit consent (see Section 11)

8.3 Additional rights for California users (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose about you
• Request deletion of your personal information
• Opt out of the sale of your personal information (note: we do not sell personal information)
• Not be discriminated against for exercising your privacy rights

In the preceding 12 months, we have collected the categories of personal information described in Section 2 of this Privacy Policy. We do not sell personal information as defined under the CCPA.

8.4 Additional rights for Indian users (DPDPA)

If you are located in India, the Digital Personal Data Protection Act, 2023 (DPDPA) provides you with the following rights as a Data Principal:

• Access a summary of your personal data and the processing activities related to it
• Correct and update inaccurate or incomplete personal data
• Erase your personal data (subject to legal retention requirements)
• Nominate another individual to exercise your rights on your behalf in the event of your death or incapacity
• Lodge a grievance with our Grievance Officer (see Section 14)
• Lodge a complaint with the Data Protection Board of India if you are not satisfied with our response

For the purposes of the DPDPA, Ethos Labs Pty Ltd acts as a Data Fiduciary responsible for determining the purpose and means of processing your personal data. We process your personal data on the basis of your consent, which you provide when you create an account and use the Platform. You may withdraw your consent at any time by contacting us or deleting your account, though this may affect our ability to provide the services.

8.5 Managing subscriptions

App Store purchases. If you subscribed through the Apple App Store, you must manage or cancel your subscription through your Apple ID settings. Refunds for App Store purchases are handled by Apple, not by Ethos.

Google Play purchases. If you subscribed through Google Play, you must manage or cancel your subscription through the Google Play Store. Refunds for Google Play purchases are handled by Google, not by Ethos.

Direct purchases. If you subscribed directly through the Platform, you can manage or cancel your subscription in your account settings. Cancellation takes effect at the end of the current billing period.

8.6 How to exercise your rights

To exercise any of these rights, or to make a privacy-related enquiry, please contact us at support@ethosapp.co. We will respond to your request within 30 days (or sooner where required by applicable law). We may need to verify your identity before processing your request. If we cannot verify your identity, we may decline the request to protect your account security.

9. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Essential cookies — required for the Platform to function, including authentication (session tokens) and session management. These cannot be disabled without affecting Platform functionality.
• Analytics cookies — help us understand how users interact with the Platform so we can improve the experience. These collect anonymised usage data.
• Preference cookies — remember your settings and preferences for a more personalised experience.

We do not currently use advertising cookies or share data with advertising networks. If we introduce advertising or marketing analytics in the future, we will update this Privacy Policy accordingly and, where required by law, obtain your consent before enabling such features. You will be able to manage advertising preferences through your account settings or device privacy settings.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Platform.

10. Children's Privacy

The Platform is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected personal information from a minor, we will take steps to delete that information promptly and terminate the associated account. If you believe a minor has provided us with personal information, please contact us immediately at support@ethosapp.co.

11. Sensitive Information

Some information you provide through our compatibility questionnaire may constitute sensitive information under the Privacy Act 1988 (Cth), including information about your religious beliefs, cultural background, or relationship values. Under the GDPR, such information may be considered special category data (as defined in Article 9).

We collect this information only with your explicit consent (constituting the legal basis under GDPR Article 9(2)(a)) and use it solely for the purpose of providing our matching services. You may choose not to answer any question you are uncomfortable with, though this may affect the accuracy of your compatibility results. We do not use sensitive information for any purpose other than compatibility scoring and matching. You may withdraw your consent at any time by contacting us or deleting your account, though this may affect our ability to provide the matching service.

12. Third-Party Links and Services

The Platform may contain links to third-party websites or services, including venue listings and mapping services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access through our Platform.

When you use features powered by the Google Maps Platform, your use is also subject to Google's Privacy Policy and Google Maps Terms of Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on the Platform and updating the effective date at the top of this document. For material changes that affect your rights or how we process your data, we will also notify you via email or in-app notification at least 14 days before the changes take effect. Where required by law, we will seek your consent to material changes.

Your continued use of the Platform after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, you must stop using the Platform and may delete your account.

14. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

Ethos Labs Pty Ltd
ABN 20 694 353 332
Email: support@ethosapp.co
Website: ethosapp.co

We aim to respond to all enquiries within 30 days.

If you are not satisfied with our response to a privacy complaint, you may contact the following authorities:

Australia
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992

European Union
You may contact your local data protection authority. A list of EU data protection authorities is available at: edpb.europa.eu

United States (California)
Office of the Attorney General, California Department of Justice
Website: oag.ca.gov/privacy

India
For grievances relating to the processing of your personal data under the DPDPA, you may first contact our Grievance Officer at support@ethosapp.co. If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India.