Privacy Policy

Introduction

This Privacy Policy ("Policy") describes how Da Birthday Club Limited, trading as Smash App ("we," "us," "our," or "Company"), a company registered in New Zealand, collects, uses, discloses, and protects personal information in connection with the Smash mobile application ("App," "Smash," or "Service").

Registered Address

Da Birthday Club Limited
257 Bell Road
Waikato 2471
New Zealand

Contact Email: [email protected]

By accessing or using the App, you ("User," "you," or "your") acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any part of this Policy, you must immediately cease using the App.

1. Information We Collect

We collect information to provide, maintain, improve, and secure our Service. The types of information we collect include:

1.1 Personal Information

• Identity Information: Full name, date of birth, email address, phone number, gender, and sexual orientation.
• Authentication Data: Apple ID credentials, authentication tokens, and session information.
• Verification Data: Government-issued identification documents, facial recognition data, and identity verification results provided through third-party verification services (including Sumsub).
• Profile Information: Photos, videos, bio descriptions, interests, and preferences.

1.2 Location Data

• Precise Geolocation: Real-time GPS coordinates for matchmaking and safety features.
• Background Location: Location data collected when the App is not actively in use, for match notifications and safety features.
• Location History: Records of locations associated with app usage.

1.3 Usage and Behavioral Data

• App Activity: Actions taken within the App, including views, swipes, matches, and messages.
• Communication Data: Messages, chats, voice notes, photos, and videos sent through the App, including metadata such as timestamps and read receipts.
• Matchmaking Data: Match preferences, swipe history, and matching patterns.
• Device Information: Device type, operating system, unique device identifiers, IP address, and mobile network information.

1.4 Third-Party Integrations

• Ride-Sharing Data: Uber trip details, ride history, and driver information.
• Payment Information: Payment methods and transaction history processed through our payment service providers.

1.5 Automatically Collected Information

• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to track usage and collect data.
• Analytics Data: App performance metrics, crash reports, and error logs.
• AI Content Moderation: Automated scanning and analysis of photos, videos, and text content for safety and compliance purposes.

2. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal information based on the following legal grounds:

2.1 Contract Performance

Processing necessary to provide our services, including matchmaking, messaging, and account management.

2.2 Consent

Where you have given explicit consent for specific processing activities, such as:

• Location tracking (you can withdraw consent in device settings)
• Marketing communications (you can opt out at any time)
• Cookies and tracking technologies (you can manage via browser/device settings)

2.3 Legitimate Interests

Processing necessary for our legitimate business interests, including:

• Safety and security (fraud prevention, abuse detection, content moderation)
• Service improvement and analytics
• Business operations and optimization

2.4 Legal Obligations

Processing required to comply with legal requirements, including:

• Age verification and child protection
• Law enforcement requests and court orders
• Tax and financial regulations

3. How We Use Your Information

3.1 Service Provision

• Providing core App functionality, including matchmaking, messaging, and location-based services.
• Personalizing your experience and tailoring content to your preferences.
• Facilitating ride coordination through third-party services.

3.2 Safety and Security

• Verifying user identities through third-party services (including Sumsub).
• Monitoring for fraudulent activity, abuse, harassment, and policy violations.
• Using automated AI systems to scan and moderate user-generated content.
• Investigating reports of misconduct and criminal activity, including but not limited to assault, harassment, stalking, and other safety concerns.
• Cooperating with law enforcement and regulatory authorities.

3.3 Communication

• Sending notifications, updates, and service-related communications.
• Responding to inquiries and providing customer support.
• Sending marketing communications (with your consent, where required).

3.4 Analytics and Improvement

• Analyzing usage patterns to improve features and user experience.
• Conducting research and development for new products and services.
• Measuring business performance.

3.5 Legal Compliance

• Complying with applicable laws, regulations, and legal processes.
• Enforcing our Terms of Service and other agreements.
• Protecting our rights, property, and safety, as well as those of our users.

4. Information Sharing and Disclosure

We share your information with third parties in the following circumstances:

4.1 Service Providers

• Technology Providers: Supabase (database and authentication), Google Places (location services), Uber (ride-sharing), Stripe (payments), Sumsub (identity verification).
• Analytics Partners: Companies that provide analytics and measurement services.
• AI Moderation Services: Third-party services that assist with automated content moderation and safety.

4.2 Business Transactions

In connection with any merger, acquisition, financing, sale of company assets, or similar corporate transaction, we may transfer your information to the acquiring or surviving entity.

4.3 Law Enforcement and Legal Requests

• Mandatory Disclosure: We will disclose your information when required by law or in response to valid legal processes (e.g., subpoenas, warrants, court orders).
• Voluntary Disclosure: We may disclose your information to law enforcement or other authorities if we believe, in good faith, that disclosure is necessary to investigate, prevent, or take action regarding suspected illegal activities (including but not limited to assault, harassment, stalking, prostitution, solicitation, child exploitation, fraud, or other criminal conduct), protect safety, or respond to emergencies.

4.4 Advertising Partners and Data Monetization (With Opt-Out Rights)

We may share certain information with advertising and marketing partners to provide personalized advertising. In addition, Smash App reserves the right to:

• (a) Use your de-identified profile data, behavioral patterns, and interaction history to train artificial intelligence models, machine learning algorithms, and recommendation systems;
• (b) Develop derivative works, insights, and analytics based on aggregated user data for product development, research, and commercial purposes;
• (c) License anonymized and aggregated datasets to third-party research institutions and technology companies for academic research and commercial analysis;
• (d) Share de-identified behavioral profiles with marketing and fraud-detection partners;
• (e) Retain derivative works and aggregated insights indefinitely, even after you delete your account.

You may opt out of data sharing by emailing [email protected] with the subject "Opt Out of Data Sharing." We will honor requests within 30 days. California residents: see Section 8.2 for your specific opt-out rights.

4.5 Aggregated Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you.

4.6 With Your Consent

We may share your information with third parties when you provide explicit consent or direct us to do so.

4.7 Public Information

Information you choose to make public (e.g., profile photos, bio) may be visible to other users.

5. Data Retention

5.1 Active Accounts

We retain your personal information for as long as your account is active and as necessary to provide our services.

5.2 Deleted Accounts

When you delete your account, we will remove your profile from public view and cease active use of your personal information. However, we retain certain information where we have a legitimate reason to do so, including but not limited to:

• Legal Compliance: To comply with legal obligations, tax requirements, and financial record-keeping (typically 7 years).
• Safety and Security: To prevent fraud, investigate safety incidents, and assist in criminal investigations (including assault, harassment, stalking, and other criminal acts).
• Legal Claims: To defend against legal claims and resolve disputes.
• Technical Requirements: Backup systems and technical logs may retain data for limited periods.

5.3 Retention Periods

Specific retention periods vary by data type and purpose. Where data is no longer needed for legitimate purposes, we will securely delete or anonymize it.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to request access to your personal information and receive a copy in a portable format. Contact us at [email protected] with your request.

6.2 Correction

You may update or correct your personal information through the App settings or by contacting us at [email protected].

6.3 Deletion

You may delete your account at any time through the App settings. Upon deletion, your profile will be removed from public view, though we may retain certain information as described in Section 5.2 above.

6.4 Objection and Restriction

You may object to certain processing of your information or request restrictions. Contact us at [email protected]. We will comply with such requests where required by law.

6.5 Withdrawal of Consent

Where processing is based on consent, you may withdraw consent at any time. This will not affect the lawfulness of processing prior to withdrawal.

6.6 Marketing Opt-Out

You may opt out of receiving marketing communications by following the unsubscribe instructions in such communications or contacting us at [email protected].

6.7 Data Portability (GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. Email [email protected] to request your data export.

6.8 Exercising Your Rights

To exercise any of the above rights, contact us at [email protected]. We may require verification of your identity before responding. We will respond to requests within 30 days where required by law.

7. Region-Specific Rights

7.1 European Economic Area (EEA), UK, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to lodge a complaint with a supervisory authority
• Right to restrict processing in certain circumstances
• Right to object to processing based on legitimate interests
• Right to data portability

For GDPR-related inquiries, contact us at [email protected].

7.2 California (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information for targeted advertising purposes. To exercise this right, email [email protected] with the subject line "Do Not Sell My Personal Information."
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your California privacy rights, email [email protected].

7.3 Brazil (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the right to access, correct, delete, and port your data. Contact us at [email protected] to exercise these rights.

7.4 Canada (PIPEDA)

If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access and correct your personal information. Contact us at [email protected].

7.5 Australia (Privacy Act)

If you are located in Australia, you have rights under the Privacy Act 1988, including the right to access and correct your personal information. Contact us at [email protected].

7.6 New Zealand (Privacy Act 2020)

Da Birthday Club Limited is an "agency" as defined in the New Zealand Privacy Act 2020. We collect personal information in accordance with Information Privacy Principle 1 (lawful purpose) and retain it consistent with Principle 9 (security and accuracy). You have the right to access, correct, and request deletion of your personal information. You may lodge complaints with the Office of the Privacy Commissioner at privacy.org.nz.

8. Cookies and Tracking Technologies

8.1 What We Use

We use cookies, web beacons, pixels, and similar technologies to:

• Remember your preferences and settings
• Analyze app performance and usage
• Provide personalized content and advertising
• Ensure security and prevent fraud

8.2 Your Choices

You can control cookies through your device and browser settings. Note that disabling certain cookies may limit functionality.

8.3 EU Cookie Consent

For users in the EU, we obtain consent before placing non-essential cookies on your device, in accordance with the ePrivacy Directive.

9. Data Security

We implement reasonable technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction, including encryption, access controls, and secure servers. However, no system is completely secure, and we cannot guarantee the absolute security of your information. You acknowledge and accept the inherent risks of transmitting information over the internet.

10. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States and other jurisdictions. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

By using the App, you consent to such international transfers.

11. Children's Privacy

The App is intended solely for users aged 18 years and older. We do not knowingly collect information from individuals under 18. If we become aware that we have collected information from a person under 18, we will immediately delete such information and terminate the associated account. We may also report such incidents to law enforcement where appropriate.

12. Third-Party Links and Services

The App may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies before providing any information.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last Updated" date and, where required by law, provide additional notice (such as an in-app notification or email). Your continued use of the App after changes become effective constitutes acceptance of the revised Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Policy or our privacy practices, please contact us at:

Email: [email protected]

Mailing Address:
Da Birthday Club Limited
257 Bell Road
Waikato 2471
New Zealand

For region-specific inquiries:

• GDPR (EEA, UK, Switzerland): [email protected]
• CCPA (California): [email protected] (Subject: "California Privacy Rights")
• LGPD (Brazil): [email protected] (Subject: "Brazil Privacy Rights")

15. Supervisory Authority (GDPR)

If you are located in the EEA, UK, or Switzerland and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

16. Governing Law

This Policy is governed by and construed in accordance with the laws of New Zealand. For users in the EEA, UK, Switzerland, California, Brazil, Canada, and Australia, nothing in this section limits your rights under applicable local data protection laws.

17. Acknowledgment

By using the App, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, disclosure, and retention of your information as described herein.

This Privacy Policy is effective as of January 14, 2025, and was last updated on April 1, 2026.