Back to home

To Hull and Back Dating

Privacy Policy

Last updated: [DATE]

In short

To Hull and Back Dating (“THAB Dating”) is a local dating app for adults (18+) in Hull and East Yorkshire. This policy explains what personal data we collect, why we collect it, the legal grounds we rely on, who we share it with, how long we keep it, and the rights you have. We only collect what we need to run a safe dating service, and we never sell your personal data.

1. Who we are (the data controller)

This app, To Hull and Back Dating (also written “THAB Dating”), is a sub-brand of the “To Hull & Back” brand and is operated in the United Kingdom by [COMPANY NAME](“we”, “us”, “our”). We are the “data controller” responsible for your personal data under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

  • Trading / registered address: [TRADING ADDRESS]
  • Data protection contact: [CONTACT EMAIL]
  • Website / app: https://dating.123abc.co.uk
  • We are registered with the UK Information Commissioner’s Office (ICO) under registration number [ICO REG NUMBER].

We are not required by law to appoint a Data Protection Officer, but the person named above is responsible for privacy matters. If you have any question about this policy or how we handle your data, please contact us at [CONTACT EMAIL].

2. Age restriction — this is a strictly 18+ service

THAB Dating is only for people aged 18 or over. We do not knowingly collect or process the personal data of anyone under 18. During sign-up you must confirm your date of birth, and you must be 18+ to create an account. If we discover, or have reasonable grounds to believe, that a user is under 18, we will suspend the account and delete the associated personal data. If you believe a minor is using the service, please report it immediately to [CONTACT EMAIL].

3. The personal data we collect

We collect the following categories of personal data:

a) Account & verification data

  • Your mobile phone number, used to send a one-time verification code by SMS and to secure your account.
  • Optionally, your email address, which can be used as an alternative way to verify and sign in.
  • A session token (a JWT stored in a cookie) that keeps you logged in — see the Cookies section below.

b) Profile data you provide

  • Your first name.
  • Your date of birth — used to confirm you are 18+ and to calculate your age. We display your age on your profile, not your date of birth.
  • Your gender and the gender(s) of the people you would like to see.
  • Your bio, interests, and your answers to profile prompts.
  • Photos you choose to upload. Photos are resized in your browser before upload and stored on our own servers.

c) Location data (optional)

  • Your approximate location (latitude/longitude from your browser’s geolocation), used only to work out distances for matching. Sharing your location is optional — if you decline, we fall back to an approximate area centre so you can still use the app.

d) Activity data

  • Your swipes, likes and matches.
  • Chat messages you exchange with people you have matched with, and reports you make about other users.

e) “Verified Hull Local” selfie verification (optional)

  • If you choose to get verified, you can submit a selfie that we (or an automated process) compare against your profile photos to confirm you are a real person. This is a form of biometric data — see section 5 for the special protections that apply.

f) Technical data

  • Device and browser information, IP address, and essential cookies / session tokens needed to run the app and keep it secure.

g) Payment data (when Premium is enabled)

  • We plan to offer paid Premium features. When enabled, payments will be processed by Stripe. Your card details are entered directly with Stripe and are not stored on our servers; we receive limited information such as a payment reference and your subscription status.

4. How and why we use your data, and our lawful basis

Under the UK GDPR we must have a “lawful basis” for each use of your personal data. The table below explains what we do, why, and the basis we rely on.

What: Create and run your account; verify your phone/email; keep you logged in

Why: To provide the dating service you have signed up for

Lawful basis: Performance of a contract with you

What: Show your profile to other users, power matching, likes, matches and chat

Why: These are the core features of the service

Lawful basis: Performance of a contract with you

What: Use your approximate location for distance-based matching

Why: So we can show you people who are nearby

Lawful basis: Consent (you can turn this off; withdrawing consent will not affect other features)

What: Process your selfie for 'Verified Hull Local' verification

Why: To confirm you are a real, local person and reduce fake profiles

Lawful basis: Explicit consent (this is special category / biometric data — see section 5)

What: Keep the community safe: detect and act on fraud, catfishing, abuse, prohibited content and rule-breaking; handle reports and moderation

Why: To protect our users and the integrity of the service

Lawful basis: Legitimate interests (keeping users safe and preventing misuse), and compliance with legal obligations where they apply

What: Diagnose problems, maintain security, prevent unauthorised access, and keep records for accountability

Why: To run a secure, reliable service

Lawful basis: Legitimate interests, and compliance with legal obligations

What: Send you service messages (e.g. verification codes, security or account notices)

Why: These are necessary to operate your account

Lawful basis: Performance of a contract / legitimate interests

What: Send you marketing or promotional messages about THAB Dating (only if you opt in)

Why: To tell you about features and offers

Lawful basis: Consent (you can withdraw it at any time)

What: Take payment for Premium and manage your subscription (when enabled)

Why: To provide paid features you have purchased

Lawful basis: Performance of a contract with you

Where we rely on legitimate interests, we have considered whether those interests are outweighed by your rights and freedoms, and we believe running a safe dating service in a proportionate way strikes the right balance. You can object to processing based on legitimate interests — see section 8.

5. Special category data

Some of the data you may share is treated as “special category data” under the UK GDPR, which has extra protection. On a dating app this can include:

  • Information that reveals or suggests your sexual orientation(for example, the gender(s) you say you want to see).
  • Biometric data where you use selfie verification to prove your identity.
  • Any special category information you voluntarily choose to reveal in your bio, prompts or photos (for example about your health, religion, ethnicity or beliefs).

We rely on your explicit consent (UK GDPR Article 9(2)(a)) to process this kind of data for the purpose of providing the dating service and, where relevant, verification. You give this consent by choosing to provide the information and use those features. You can withdraw your consent at any time by editing or removing the information, turning off verification, or deleting your account. Please only share special category information that you are comfortable being visible to other users.

6. Who we share your data with

We do not sell your personal data. We share it only as needed to run the service:

  • Other users: your profile (name, age, photos, bio, interests, prompt answers, approximate distance and verification badge) is shown to other users so they can decide whether to connect, and your chat messages are shared with the user you are matched with.
  • Twilio — our SMS provider (a “processor”), which sends verification codes to your phone on our behalf.
  • Stripe — our payment provider (a processor), for Premium payments when that feature is enabled.
  • Hosting and infrastructure providers who store and serve the app and its data on our behalf, under contract.
  • Authorities, regulators or advisers where we are legally required to disclose data, or to establish, exercise or defend legal claims, or to protect the safety of our users or the public (for example responding to a valid law enforcement request).
  • A successor organisation if the business is sold or reorganised, in which case your data would continue to be protected under this policy or an equivalent one.

All processors act only on our instructions under written contracts that require them to keep your data secure and use it only for the agreed purposes.

7. International transfers

We aim to keep your data within the UK where practical. However, some of our providers (for example Twilio and Stripe) may process data outside the UK, including in the United States. Where personal data is transferred outside the UK, we make sure it is protected by an appropriate safeguard recognised under UK data protection law — such as the UK Government’s adequacy regulations, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses. You can ask us for more detail about the safeguards we use by contacting [CONTACT EMAIL].

8. Your rights

Under UK data protection law you have the right to:

  • Be informed about how we use your data (this policy).
  • Access a copy of the personal data we hold about you (a “subject access request”).
  • Rectify data that is inaccurate or incomplete.
  • Erase your data (the “right to be forgotten”) — you can delete your account at any time from Settings.
  • Restrict or object to certain processing, including processing based on our legitimate interests and any direct marketing.
  • Data portability — receive certain data you gave us in a structured, commonly used, machine-readable format.
  • Withdraw consent at any time where we rely on consent (for example location, verification, or marketing). Withdrawing consent does not affect processing that already took place.
  • Rights relating to automated decision-making. We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing.

To exercise any of these rights, email [CONTACT EMAIL]. We may need to verify your identity first. We will respond within one month, though we can extend this by up to two further months for complex requests (we will let you know if so). Exercising your rights is free in most cases.

9. How long we keep your data (retention)

We keep your personal data only for as long as we need it. In general:

  • While your account is active: we keep your profile and activity data so the service works.
  • When you delete your account: we delete or anonymise your profile, photos and personal data within a short period (target: within 30 days), except where we need to keep limited information for the reasons below.
  • Safety and abuse records: we may keep a limited record of serious rule-breaking, bans, reports or safety concerns for longer, so we can enforce our rules and prevent a banned user from returning.
  • Legal and financial records: where required, we keep certain records (for example transaction/tax records for Premium payments) for as long as the law requires — typically up to 6 years.
  • Verification data: where possible we keep only the result of a verification (pass/fail and the badge), and delete the underlying selfie once verification is complete or shortly after.

Chat messages are stored so you and your match can see your conversation history; if either of you deletes your account or unmatches, we remove or restrict access accordingly.

10. Cookies and similar technologies

We use a small number of cookies and similar storage technologies. The main one is a strictly necessary session cookie (a JWT) that keeps you securely signed in and is essential for the app to work. Under the Privacy and Electronic Communications Regulations (PECR), strictly necessary cookies do not require your consent, but we tell you about them here for transparency.

We do not use advertising or third-party tracking cookies. If we introduce any non-essential cookies (for example analytics) in future, we will ask for your consent first and update this policy. Your browser also lets you geolocate — that only happens if you allow it when prompted, and you can turn it off in your browser settings.

11. How we keep your data secure

We take the security of your data seriously and use appropriate technical and organisational measures, including encrypted connections (HTTPS), secure storage of credentials, access controls, and signing in via one-time codes rather than passwords. No online service can be completely secure, so we cannot guarantee absolute security, but we work to protect your data and to detect and respond to any breach. If a breach is likely to result in a risk to your rights, we will notify the ICO and, where required, you.

12. Your responsibilities and staying safe

Please think carefully about what you share in your profile and in chat. Information you put in your bio, prompts, photos or messages may be seen by other users, who are outside our control. Never share sensitive personal or financial details with people you have matched with. See the safety section of our Terms & Conditions for more safety guidance.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make significant changes we will take reasonable steps to let you know (for example by a notice in the app). The “Last updated” date at the top shows when it was last revised. Continuing to use the app after a change means you accept the updated policy.

14. How to complain

If you are unhappy with how we have handled your personal data, please contact us first at [CONTACT EMAIL] so we can try to put things right. You also have the right to complain to the UK’s data protection regulator:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113 · ico.org.uk

By using To Hull and Back Dating you acknowledge that you have read and understood this Privacy Policy. Please also read our Terms & Conditions.