Pairpour

Find your pour-buddy.

Privacy Policy

Effective: 2026-04-26  ·  Last updated: 2026-04-26

This Privacy Policy describes how Pairpour ("we", "us", "the App") collects, uses, and protects information when you use the Pairpour mobile application.

By using Pairpour, you agree to the collection and use of information in accordance with this policy. If you do not agree, do not use the App.

1. Who we are

Pairpour is operated by an independent developer based in Limassol, Cyprus. For privacy-related inquiries:

• Email: legal@pairpour.app
• Support: support@pairpour.app

We act as the data controller for the personal data described below.

2. What data we collect

2.1 Information you provide

When you create an account and use Pairpour, you provide:

• Account credentials — email address and password (password is stored hashed; we never see it).
• Profile content — display name, age, location (free-text city, not GPS), short bio, persona-derived title, your selected interests, your visibility flag (whether you appear in the discovery feed), and your matching intent (friends / dates / both).
• Match interactions — your right- and left-swipe decisions on other users' profiles.
• Messages — text messages you send to people you have matched with.
• Block list — identifiers of users you have blocked.

2.2 Information generated automatically

• Match records — when you and another user mutually right-swipe, we record the match including a server-assigned bar suggestion based on shared interests.
• QR redemption sessions — a 16-character QR code split between you and your match, with an expiry timestamp, and an optional redemption timestamp once a participating bar scans both halves.
• Counters — number of pairs, bars visited, drinks redeemed (used to display engagement on your own profile).
• Subscription flag — whether you have an active premium subscription (currently inactive in this build).
• Timestamps — created-at and updated-at fields for the records above.

2.3 What we do NOT collect

• We do not collect precise GPS location.
• We do not collect contact lists, photos library, microphone audio, or device sensors.
• We do not collect data from third-party social networks unless you explicitly link an account in a future version.
• We do not use third-party advertising trackers.

3. How we use your data

We use the data above to:

1. Provide the core matching functionality (showing you compatible profiles, registering your swipes, generating matches and QR codes).
2. Suggest a bar appropriate to your shared interests and let participating bars verify the QR code at redemption time.
3. Deliver messages between matched users.
4. Enforce safety features such as blocking and abuse prevention.
5. Communicate with you about your account, security, and material changes to this policy.
6. Maintain and improve the service.

We do not sell your personal data.

4. Legal basis (GDPR)

If you are in the European Economic Area or the United Kingdom, our legal bases for processing are:

• Performance of a contract (Article 6(1)(b) GDPR) — to provide the matching, messaging, and redemption features you signed up for.
• Legitimate interests (Article 6(1)(f) GDPR) — to keep the service safe (block and abuse-prevention features), to detect fraud at redemption, and to operate and improve the App.
• Consent (Article 6(1)(a) GDPR) — for any optional features that explicitly ask for your consent (none currently).
• Legal obligation (Article 6(1)(c) GDPR) — when we are required to retain or disclose data by Cypriot or EU law.

You can object to processing based on legitimate interests; see Section 8.

5. Who we share data with

We share data only with the following categories of recipients:

• Supabase Inc. — our backend hosting, authentication, database, and realtime provider. Data is stored in the EU (Frankfurt region). Supabase acts as a data processor under our instructions.
• Participating bars — at the moment a QR redemption is scanned, the bar's staff app (a separate application) sees the match identifier, the partial QR halves, and the assigned reward kind (e.g. "coffee", "cocktail"). Bar staff do not see your name, age, location, bio, or messages.
• Apple App Store — Apple may receive aggregate analytics about app installs, crashes, and device classes through standard App Store telemetry.
• Law enforcement or courts — when required by a valid legal request under Cypriot or EU law.

We do not transfer your personal data to recipients outside the EEA / UK other than through Supabase (which uses EU-region storage) and Apple (governed by their published terms).

6. Data retention

• Account data — retained for as long as your account is active.
• Match records, messages, QR sessions — retained for as long as the underlying match exists.
• Block records — retained as long as the block is in effect.
• Backups — Supabase backups are retained for up to 30 days.

When you delete your account (Section 8), the records above are deleted within 30 days, except where we are legally required to retain them longer (e.g. abuse reports may be retained for up to 12 months for safety purposes).

7. Security

We rely on industry-standard practices:

• All traffic between the App and the backend is encrypted in transit (TLS).
• Passwords are stored hashed by Supabase Auth using industry-standard algorithms.
• Database access is restricted by row-level security policies that enforce per-user visibility — you can only read your own profile fields and data scoped to your matches.
• Sensitive profile fields (subscription state, engagement counters) are not exposed to other users.

No system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you in accordance with applicable law.

8. Your rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — fix inaccurate or incomplete data (you can edit your profile from within the App).
• Deletion — delete your account and associated data (see Section 9).
• Portability — receive your data in a structured, machine-readable format.
• Object or restrict processing — for processing based on legitimate interests.
• Withdraw consent — where processing is based on consent.
• Lodge a complaint with your supervisory authority. In Cyprus, this is the Office of the Commissioner for Personal Data Protection (dataprotection.gov.cy).

To exercise any of these rights, email legal@pairpour.app from the address associated with your account. We respond within 30 days.

9. How to delete your account

You can delete your account at any time by:

1. Opening Profile in the App.
2. Tapping "Delete account" and confirming.

OR

3. Emailing legal@pairpour.app from your account address with the subject "Delete my account".

Deletion removes your profile, swipes, matches, messages, QR sessions, and block list within 30 days. Aggregate, non-identifying analytics may be retained.

10. Children

Pairpour is not intended for users under 17 years of age. We do not knowingly collect personal data from anyone under 17. If you believe a minor is using the App, contact legal@pairpour.app and we will investigate.

11. International users

The App is currently launched for users in Cyprus. If you access the App from outside the EEA, you understand that your data is processed in the EU under Cypriot and EU law, which may differ from your local regime.

12. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date and, where required by law, notify you in-App or by email. Continued use of the App after a change indicates your acceptance of the updated policy.

13. Contact

For privacy questions, account deletion, or to exercise your rights:

• Email: legal@pairpour.app
• Postal: available on request to the email above