Privacy Notice (GDPR)
RizzDate — AI Dating Coach For Users in the European Economic Area and United Kingdom
Effective date: June 02, 2025 Last updated: June 02, 2025
1. Introduction
ICI Tech Teknoloji A.Ş. processes your personal data in compliance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and, where applicable, the UK GDPR.
| Data Controller | ICI Tech Teknoloji A.Ş. |
| Website | /en/ |
| app@icitech.com.tr | |
| Country of establishment | Republic of Turkey |
EU Representative (Article 27 GDPR): We are in the process of designating an EU representative. Updated contact details will be published at /en/privacy once appointed.
Data Protection Officer: We do not currently meet the mandatory DPO threshold under Article 37 GDPR. Contact: app@icitech.com.tr.
2. Sensitive Nature of Conversation Data
RizzDate processes romantic and personal conversation content. While this data does not automatically qualify as special category data under GDPR Article 9, it is sensitive in nature and we apply heightened care to it.
Conversation content may reveal information about your romantic life, relationship patterns, emotional state, and personal circumstances. Content you paste from other people's messages may also reveal information about third parties who have not consented to this processing.
We process conversation content only on the basis of the performance of our contract with you (Art. 6(1)(b)) and, for Context Memory, with your explicit consent (Art. 6(1)(a)).
3. AI Provider and Data Transfers
When you submit a coaching request, conversation content is transmitted to a third-party AI service provider via API to generate suggestions. This constitutes an international transfer of personal data.
The identity of the current AI provider and the applicable transfer mechanism are disclosed at /en/privacy/ai-provider. We rely on Standard Contractual Clauses or the provider's own GDPR-compliant transfer mechanism for this transfer.
We select AI providers that commit to: not using API inputs for general model training; applying appropriate data security measures; and complying with GDPR data processing obligations. A data processing agreement under Article 28 GDPR is in place with our AI provider.
4. Third-Party Content in Coaching Requests
When you paste messages from other people (your matches) into RizzDate, you are introducing third-party personal data into our system. Under GDPR:
You are acting as a data controller for the content you share about others. We process it as your data processor for the purpose of the coaching service. You should ensure you have a lawful basis for using those individuals' messages in this way — this is typically a legitimate interest in improving your own communication, provided the use is proportionate. You should not enter third parties' sensitive personal data, financial information, or other highly sensitive content unnecessarily.
5. Data We Process
Account information: Email address, password (hashed), optional display name and profile photo.
Conversation and coaching content: Messages and context you enter for coaching. Transmitted to AI provider for processing. Stored locally and in cloud.
Context Memory data: Conversation history stored for personalization. Processed only with your explicit consent.
Coaching outputs and interaction data: Suggestions, rationale explanations, tone choices, feature interactions.
Confidence score and progress data: Coaching scores, weekly progress, challenge completions.
Profile review data: Dating profile content shared for optimization feedback.
Subscription data: Subscription tier, purchase date, transaction ID.
Device and technical data: Device type, OS version, app version, truncated IP address, crash logs.
6. Legal Bases (GDPR)
| Purpose | GDPR Legal Basis |
|---|---|
| Account creation and management | Art. 6(1)(b) — Performance of contract |
| Processing conversation content for coaching | Art. 6(1)(b) — Performance of contract |
| Transmitting content to AI provider | Art. 6(1)(b) — Performance of contract |
| Context Memory storage | Art. 6(1)(a) — Explicit consent |
| Confidence scoring and progress | Art. 6(1)(b) — Performance of contract |
| App quality and crash analysis | Art. 6(1)(f) — Legitimate interests |
| Security monitoring | Art. 6(1)(f) — Legitimate interests |
| Subscription management | Art. 6(1)(b) — Performance of contract |
| Support requests | Art. 6(1)(b) — Performance of contract |
| Legal obligations | Art. 6(1)(c) — Legal obligation |
| Marketing | Art. 6(1)(a) — Consent |
7. What We Do Not Do
We do not sell personal data or conversation content. We do not use conversation content for advertising targeting. We do not use conversation content to train our own AI models. We do not share conversation content with Meta, TikTok, Google Ads, or advertising networks. We do not use advertising identifiers. We do not make fully automated decisions with significant legal effects based on your data (Art. 22 GDPR). We do not operate matchmaking or social features — RizzDate has no mechanism for connecting users with each other.
8. Your Rights Under GDPR
Right of access (Art. 15): Obtain a copy of your personal data — email app@icitech.com.tr.
Right to rectification (Art. 16): Correct inaccurate data in-app or via email.
Right to erasure (Art. 17): Delete your account and coaching history via Settings → Account → Delete Account.
Right to restriction (Art. 18): Limit processing — contact app@icitech.com.tr.
Right to data portability (Art. 20): Receive your data in machine-readable format — Settings → Privacy → Export or contact us.
Right to object (Art. 21): Object to legitimate interest processing — contact app@icitech.com.tr.
Right to withdraw consent (Art. 7(3)): Withdraw Context Memory consent via Settings → Memory → Clear All and disable feature. Withdraw marketing consent via Settings → Privacy → Marketing Preferences.
Right to lodge a complaint (Art. 77): Contact your national supervisory authority.
Email app@icitech.com.tr — subject "GDPR Data Subject Request — RizzDate". We respond within one month, free of charge.
9. Right to Lodge a Complaint
| Country | Authority | Website |
|---|---|---|
| 🇫🇷 France | CNIL | https://www.cnil.fr |
| 🇩🇪 Germany | BfDI + state DPAs | https://www.bfdi.bund.de |
| 🇪🇸 Spain | AEPD | https://www.aepd.es |
| 🇬🇧 United Kingdom | ICO | https://ico.org.uk |
| Other EEA | Your national DPA | https://edpb.europa.eu/about-edpb/about-edpb/members_en |
10. International Data Transfers
ICI Tech Teknoloji A.Ş. is established in Turkey. No adequacy decision exists for Turkey under GDPR Article 45. For transfers from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) for infrastructure providers, the AI provider's own GDPR-compliant transfer mechanism, and UK IDTAs for UK transfers. Details of transfer mechanisms for our AI provider are at /en/privacy/ai-provider.
11. Data Retention
Account data: duration plus 3 years after deletion. Conversation and coaching content: duration plus 1 year after deletion. Context Memory: deleted within 30 days of consent withdrawal or account deletion. Subscription records: 10 years. Support communications: 3 years. Crash logs: 12 months rolling.
12. Security
TLS 1.2+ in transit; encryption at rest. AI provider transmissions use encrypted connections. Conversation content protected with strict access controls. Breach notification: Supervisory authority notified within 72 hours (Art. 33); users notified without undue delay for high-risk breaches (Art. 34).
13. Children's Privacy
RizzDate is for users 18 and older. Contact app@icitech.com.tr for immediate deletion if a child has submitted data.
14. Cookies
Our website uses cookies with a consent banner. Strictly necessary cookies are always active. Analytics and marketing cookies require your consent and can be managed via the cookie banner.
15. Changes
Material changes notified 14 days in advance. Current version: /en/privacy/gdpr.
16. Contact Us
Email: app@icitech.com.tr Subject: "GDPR Data Subject Request — RizzDate" Website: /en/
Acknowledge within 5 business days, resolve within one month.