Privacy Policy
How Tillit handles your personal data.
This Privacy Policy explains what personal information Tillit Dating collects, why we collect it, how we use and protect it, and the rights you have over your data.
1. Introduction
Tillit Dating ("Tillit", "we", "us", or "our") is operated by ESA-Consulting. We are committed to protecting your privacy and handling your personal data responsibly, in full compliance with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.
This Policy applies to all users of the Tillit Dating mobile application (available on Android and iOS) and any related websites or services. By creating an account or using our Service, you acknowledge that you have read and understood this Policy.
If you are under 18 years of age, you may not use the Service.
2. Data We Collect
We collect only the data necessary to provide and improve the Service. The categories below describe what we collect and why.
| Category | Examples | Source |
|---|---|---|
| Account & identity | Name, date of birth, email address, phone number, gender, sexual orientation (optional) | Provided by you at registration |
| Profile content | Profile photos, bio, relationship goals, interests, prompts and answers | Provided by you |
| Location | Approximate location (city / region) used for nearby matching; precise GPS (only if explicitly granted) | Device, with your permission |
| Device & technical | Device type, operating system, app version, IP address, advertising ID, push notification token | Collected automatically |
| Usage data | Features accessed, swipes, matches, messages sent, session length, in-app events | Collected automatically |
| Communications | Messages sent between matched users (stored encrypted), support correspondence | Provided by you |
| Payment data | Transaction reference, subscription tier, purchase date (card details are handled solely by your app store provider — we never see them) | App store (Apple / Google) |
| Verification data | Selfie or ID document used for optional photo / identity verification | Provided by you, if you opt in |
We do not collect sensitive categories such as racial or ethnic origin, religious beliefs, health data, or financial account details beyond what is described above.
3. Legal Basis for Processing
We process your personal data only where we have a lawful basis under the GDPR:
- Contract performance — processing necessary to provide the Service you signed up for (e.g., creating your account, enabling matches and messaging).
- Legitimate interests — processing that serves our legitimate interests without overriding your rights (e.g., fraud prevention, improving the app, security monitoring).
- Consent — where we ask for your explicit permission (e.g., precise location access, optional photo verification, marketing communications). You may withdraw consent at any time.
- Legal obligation — where processing is required to comply with applicable law.
4. How We Use Your Data
- Create and manage your account.
- Generate match suggestions using our compatibility algorithm (see Algorithm Transparency in our Terms & Conditions).
- Enable messaging between matched users.
- Process subscription payments and manage your plan.
- Send you service notifications (e.g., new matches, messages, policy changes).
- Send marketing messages — only with your consent and with an easy opt-out.
- Detect and prevent fraud, spam, illegal content, and policy violations.
- Comply with legal obligations and respond to lawful requests from authorities.
- Analyse usage trends and improve features (using aggregated or pseudonymised data where possible).
- Conduct identity or photo verification if you opt in.
5. How We Share Your Data
We do not sell your personal data. We share data only in the following limited circumstances:
5.1 Other users
Your public profile (photos, name, bio, interests) is visible to other users as part of the matching experience. Private information (email, phone number, exact location) is never shared with other users.
5.2 Service providers
We share data with trusted third-party vendors who assist us in operating the Service, including cloud hosting providers, analytics tools, customer support platforms, and push notification services. All providers are bound by data processing agreements and may only use your data as instructed by us.
5.3 Business transfers
If Tillit is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before any such transfer and give you the opportunity to delete your account.
5.4 Legal requirements
We may disclose your data if required by law, court order, or governmental authority, or where disclosure is necessary to protect the rights, property, or safety of Tillit, our users, or the public.
6. International Data Transfers
Our primary infrastructure is located within the European Economic Area (EEA). Where we transfer data outside the EEA (e.g., to a service provider in the United States), we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission — so that your data remains protected to an equivalent standard.
7. Data Retention
We keep your personal data only as long as necessary:
- Active accounts — data is retained for as long as your account exists.
- Deleted accounts — most data is deleted within 30 days of a confirmed deletion request. Some data may be retained for up to 90 days for fraud prevention, legal, or security purposes before being permanently erased.
- Legal hold — data subject to a legal obligation or dispute may be retained for the duration required by law.
- Backups — anonymised backups may be retained for up to 6 months before being purged.
- Verification data — biometric / document data collected during identity verification is deleted promptly after verification is complete, unless longer retention is required by law.
You can request deletion of your account at any time on our account deletion page.
8. Security
We implement industry-standard technical and organisational measures to protect your data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest.
- Encrypted storage of private messages.
- Access controls limiting data access to authorised personnel only.
- Regular security assessments and penetration testing.
- Incident response procedures aligned with GDPR breach notification requirements (72-hour reporting window).
No method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately at support@tillit.app.
9. Children's Privacy
Tillit Dating is intended exclusively for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us at support@tillit.app and we will delete the account and associated data promptly.
10. Your Rights
Under GDPR and applicable national law, you have the following rights regarding your personal data:
- Right of access — request a copy of the data we hold about you.
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure — ask us to delete your data ("right to be forgotten"), subject to legal retention obligations.
- Right to restriction — ask us to pause processing of your data in certain circumstances.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests or for direct marketing at any time.
- Rights related to automated decision-making — request human review of any automated decisions that significantly affect you.
- Right to withdraw consent — withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at support@tillit.app. We will respond within 30 days. We may ask you to verify your identity before fulfilling the request.
You also have the right to lodge a complaint with your local supervisory authority. For users in the EU, this includes the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.
11. Cookies and Tracking Technologies
Our mobile app does not use browser cookies. We may use equivalent technologies such as device identifiers (e.g., advertising IDs) and local storage for the following purposes:
- Essential — keeping you signed in and maintaining session state.
- Analytics — understanding how the app is used in aggregate to improve the experience.
- Advertising (optional) — where you consent, personalised promotional content may be shown based on pseudonymous identifiers.
You can reset or opt out of advertising identifiers at any time through your device's privacy settings (Android: Settings → Privacy → Ads; iOS: Settings → Privacy & Security → Tracking).
12. Third-Party Links and Services
The Service may contain links to third-party websites or integrate with third-party services (e.g., social login). This Policy does not cover those third parties. We encourage you to read their privacy policies before sharing any personal information.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by:
- Displaying a prominent notice in the app, and / or
- Sending a notification to your registered email address.
The updated Policy will take effect 14 days after we notify you, unless a shorter period is required by law. Continued use of the Service after the effective date constitutes acceptance of the updated Policy. If you do not accept the changes, you may delete your account before they take effect.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our data protection team:
- Email: support@tillit.app
- Postal address: ESA-Consulting, Röntgenstrasse 7-9, 60388 Frankfurt/Main, Germany
We aim to respond to all requests within 30 days.