Chivals is a members-only social dining and experience club. We take your privacy seriously. This Privacy Policy explains what personal data we collect, how we use it, and your rights as a member. Please read it carefully before using our app.
1. Information We Collect
When you apply for or use a Chivals membership, we collect the following categories of personal information:
- Identity & Contact: Full name, email address, phone number, date of birth, and gender.
- Profile Information: Profile photo, Instagram username, and any personal bio or preferences you choose to provide.
- Application Data: Answers to membership application questions and any references you provide.
- Usage Data: Information about how you interact with our app โ features accessed, events viewed, RSVPs, and session metadata (device type, OS version, IP address, timestamps).
- Communications: Messages you send to Chivals staff through in-app support or email.
We do not collect financial or payment card information directly. Any payments are processed by third-party payment processors governed by their own privacy policies.
2. How We Use Your Information
We use the personal data we collect solely for the following purposes:
- To review and process your membership application.
- To provide and operate the Chivals app and membership experience.
- To manage event RSVPs, invitations, and attendance.
- To communicate with you about events, your account, and member updates.
- To curate experiences and matches within the Chivals community.
- To improve the app, diagnose technical issues, and understand usage patterns.
- To enforce our Terms of Service and community guidelines.
- To comply with applicable legal obligations.
We will never use your data for automated decision-making that produces legal or similarly significant effects without your explicit consent.
3. Data Sharing
We do not sell, rent, or trade your personal data to third parties.
We use a limited number of trusted service providers to operate our platform:
- Supabase Inc. โ our primary data infrastructure and backend processor. Supabase stores and processes your data on our behalf under a Data Processing Agreement compliant with applicable data protection laws. Data is stored on servers in the European Union.
We may share data with law enforcement or government authorities only when legally required to do so, and only to the minimum extent necessary.
In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified by email before any such transfer.
4. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:
- Active members: Data is retained for the duration of your membership.
- Declined applicants: Application data is deleted within 90 days of the decision.
- Deleted accounts: Upon account deletion, we delete your personal data within 30 days, except where we are required to retain certain information by law (e.g., financial records, legal holds).
- Usage logs: Anonymized usage analytics may be retained for up to 24 months.
5. Your Rights (GDPR & EU Users)
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of Access: You may request a copy of the personal data we hold about you.
- Right to Rectification: You may request correction of inaccurate or incomplete data.
- Right to Erasure: You may request deletion of your personal data ("right to be forgotten"), subject to legal obligations.
- Right to Portability: You may request your data in a structured, machine-readable format for transfer to another service.
- Right to Restrict Processing: You may request that we limit how we process your data in certain circumstances.
- Right to Object: You may object to processing based on our legitimate interests.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at legal@chivals.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
6. Cookies & Tracking
The Chivals app does not use third-party advertising or behavioral tracking technologies. We do not share your data with advertising networks, data brokers, or analytics aggregators.
We use minimal first-party session identifiers (equivalent to session cookies) solely to maintain your authenticated session within the app. These are not used for cross-app or cross-site tracking.
Our website (chivals.com) may use basic, privacy-respecting analytics to understand aggregate traffic. No personal identifiers are shared with any analytics vendor.
7. Children's Policy
Chivals is strictly an 18+ platform. We do not knowingly collect or process personal data from individuals under the age of 18. If we become aware that a person under 18 has created an account, we will immediately terminate the account and delete all associated data.
If you believe a minor has submitted information to us, please contact us at legal@chivals.com.
8. Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact:
Memelut Ltd
Registered in the British Virgin Islands
Email: legal@chivals.com
We aim to respond to all privacy-related inquiries within 30 days.
9. Governing Law
This Privacy Policy is governed by the laws of the British Virgin Islands. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts of the British Virgin Islands, without prejudice to your rights under applicable local laws including GDPR where applicable.
We reserve the right to update this Privacy Policy from time to time. Significant changes will be communicated via in-app notification or email. Your continued use of Chivals after such changes constitutes acceptance of the updated policy.