Privacy Policy
This Privacy Policy describes how Kenet Tech Pte. Ltd. ("we," "us," or "Kizzlo") collects, uses, shares, and protects your personal information when you use the Kizzlo mobile application and website (collectively, the "Service").
Data Controller: Kenet Tech Pte. Ltd., 60 Paya Lebar Road, #06-28 Paya Lebar Square, Singapore 409051.
Privacy contact: privacy@kizzlo.com
Data Protection Officer (GDPR Art. 37): Kenet · Data Protection Officer · privacy@kizzlo.com
EU Representative (GDPR Art. 27): [EU Representative — to be appointed before EU launch]
UK Representative (UK GDPR): [UK Representative — to be appointed before UK launch]
1. Information we collect
1.1 Information you provide
- Account data: email, phone number, password (hashed), date of birth, gender, sexual orientation, dating intention.
- Profile data: photos, videos, voice clips, bio, height, occupation, education, lifestyle answers (drinking, smoking, religion, kids, pets, etc.), interests.
- Identity verification: selfie images submitted for face verification. See "Biometric data" below.
- Communications: messages, likes, group activity, reports and support tickets you submit.
- Payment data: we do not store full payment card details. Apple App Store and Google Play handle payment; we receive a transaction identifier and product entitlement.
1.2 Information we collect automatically
- Device & technical data: device model, OS version, app version, IP address, push token, advertising identifier (where permitted).
- Location: approximate location (city level) derived from device locale or, with your permission, GPS for distance-based matching.
- Usage data: sessions, screen views, feature usage, crash logs, performance metrics.
1.3 Biometric data & identity verification
If you opt into profile verification, your selfie is sent to Face++, a third-party face-recognition service operated by Megvii Technology Limited (a company organized under the laws of the People's Republic of China). We currently use the Face++ international endpoint (api-us.faceplusplus.com); requests are processed on the operator's overseas infrastructure rather than within mainland China. The selfie is used solely to compare against your profile photo and is not retained by us after the comparison completes. We store only the verification result (approved or rejected) and a confidence score. Verification is optional — you can use Kizzlo without verifying.
Risk disclosure (extra-territorial laws). Megvii is a company organized in the People's Republic of China. Under PRC laws including the National Intelligence Law (2017, Art. 7) and Data Security Law (2021), Chinese authorities may compel Megvii to provide access to data it processes, regardless of the physical location of the server. We have assessed this in a Transfer Impact Assessment and consider verification optional in part for this reason. If you prefer not to have your biometric data processed by a PRC-organized entity, do not enroll in verification.
Biometric privacy laws. Face geometry is "biometric data" under the Illinois Biometric Information Privacy Act (740 ILCS 14, "BIPA"), the Texas Capture or Use of Biometric Identifier Act ("CUBI"), the Washington Biometric Privacy Act (RCW 19.375), the Colorado Privacy Act, the Oregon Consumer Privacy Act, and similar state laws. Where these apply:
- We obtain your written consent in the app before processing your biometric data.
- The verification result and confidence score are retained for the lifetime of your account and deleted within 30 days of account deletion. Selfies themselves are deleted immediately after the comparison completes (i.e. within minutes).
- We do not sell, lease, trade, or otherwise profit from biometric data.
- We do not disclose biometric data to any party other than Face++ (the processor performing the comparison) without your consent or a valid court order.
2. CCPA / CPRA categories of personal information
Below is what we collect mapped to the categories defined by the California Consumer Privacy Act (Cal. Civ. Code §1798.140) and CPRA. We have not sold personal information in the past 12 months and do not engage in cross-context behavioral advertising ("sharing" under CPRA). We do not use personal information for targeted advertising on our own behalf.
| Category | Collected? | Sources | Business / commercial purpose | Disclosed for business purposes to | Sold or shared? |
|---|---|---|---|---|---|
| A. Identifiers (name, alias, email, phone, IP, device ID, account ID) | Yes | Directly from you, automatically from your device | Provide the Service; account security; fraud prevention; communicate with you | Cloud hosting, email/SMS providers, push delivery (Apple/Google/Firebase) | No |
| B. Customer records (name, signature, address) | Limited (name + email) | Directly from you | Provide the Service; billing | App Store / Play Store for billing | No |
| C. Protected classifications (age, gender, sexual orientation, religion if provided) | Yes (you choose what to share) | Directly from you | Match you with compatible users per your stated preferences; comply with 18+ requirement | Other users you match with see what you've made visible on your profile | No |
| D. Commercial information (purchases, subscription status) | Yes | Apple App Store / Google Play | Manage your subscription and entitlements | Apple, Google for payment processing | No |
| E. Biometric information (face geometry from Face++ verification) | Optional | You (if you opt in) | Verify the user holding the phone matches profile photos; reduce fraud | Face++ (Megvii) for the comparison only | No |
| F. Internet activity (browsing within the app, interactions, search history) | Yes | Automatically from your device | Operate and improve the Service; personalize the recommender | Analytics, crash-reporting, hosting providers | No |
| G. Geolocation (city level + GPS with permission) | Yes | Device locale, GPS (with permission) | Show profiles near you; comply with regional content rules | Cloud hosting | No |
| H. Sensory data (photos, videos, voice clips you post) | Yes (you post) | Directly from you | Display your profile to other users; safety review | Cloud storage; other users you've matched with | No |
| I. Professional information (job title, employer, school) | Optional (you choose) | Directly from you | Display on profile | Other users | No |
| J. Education information (education level, school) | Optional | Directly from you | Display on profile | Other users | No |
| K. Inferences (compatibility scores, recommendations) | Yes | Derived by us from the categories above | Personalize recommendations | None outside our processors | No |
2.1 Sensitive Personal Information (SPI)
Under CPRA, the following constitute "Sensitive Personal Information": account credentials, precise geolocation, biometric data (Face++ face geometry), and information revealing sexual orientation or sex life. We use SPI only for the purposes listed in §1798.121(a) of the California Civil Code: providing the service you requested, security, and fraud prevention. We do not use SPI to infer characteristics about you beyond the matching purpose, and we do not disclose SPI for any purpose other than as described in this Policy.
Right to limit use of SPI. California residents have the right to limit our use of SPI to the purposes specified above. Because we already limit our use to those purposes, no separate action by you is required, but you can confirm or restrict via email to privacy@kizzlo.com.
3. How we use information
- Provide and operate the Service (matching, messaging, groups, search).
- Enforce age restrictions and verify identity.
- Detect and prevent fraud, scams, harassment, and other abuse.
- Process subscriptions and in-app purchases.
- Send service messages (account, security, transactional).
- Send promotional messages where you have consented (you can unsubscribe at any time).
- Comply with legal obligations.
- Operate our recommender system. The main parameters and your controls are described in our Terms § 6.
4. Legal bases (EEA / UK / Switzerland)
- Performance of contract — to deliver the Service you signed up for.
- Legitimate interests — abuse prevention, product analytics, service improvement.
- Consent — biometric verification, marketing, optional location, sensitive-category data (e.g. sexual orientation).
- Legal obligation — responding to lawful requests; tax, anti-money-laundering, and consumer-protection laws.
5. Sharing
We share personal information only in these cases:
- Other users: your public profile (name, age, photos, bio, etc.) is visible to other Kizzlo users you match or interact with.
- Service providers (processors): cloud hosting, push notifications (Apple, Google, Firebase), payment processors (Apple, Google), analytics, crash reporting, biometric verification (Face++). All processors are bound by data-processing agreements.
- Legal & safety: law enforcement, regulators, or other parties when required by law, court order, or to protect rights, safety, or property.
- Business transfers: in a merger, acquisition, or sale, with notice to you.
We do not sell or share (within the meaning of CCPA / CPRA) your personal information.
6. International transfers
Your data may be processed in countries other than the one you live in, including the United States and the People's Republic of China (the latter only when you opt into Face++ identity verification). For transfers from the EEA, the UK, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission and, for UK transfers, the UK International Data Transfer Addendum.
- Transfer Impact Assessments under Schrems II for transfers to jurisdictions without an adequacy decision (notably China).
- Supplementary measures (encryption, minimization) where required.
You can decline transfers to China by skipping verification — verification is optional and unverified accounts can use Kizzlo.
7. Retention
- Active account data: until you delete your account.
- Deleted accounts: personal data is removed from active systems within 30 days; backups are purged within 30 days.
- Selfies submitted for verification: deleted immediately after the comparison completes (within minutes). The verification result and confidence score follow the account-data retention above.
- Messages: retained for the lifetime of the conversation; deleted when both users delete the conversation or close their accounts.
- Reports / safety records: retained up to 24 months after closure for abuse-prevention pattern analysis; this includes the identifier of the reported account even after the account is deleted, to detect re-registration.
- Tax / billing records: retained as required by applicable law (typically 7 years).
- BIPA-specific: biometric identifiers (face geometry) are not stored by us; the processor (Face++) holds them for the duration of the comparison only. Where BIPA's 3-year-from-last-interaction window would otherwise apply, our practice is more protective: we destroy biometric data immediately on completion of its purpose.
8. Your rights
8.1 EEA / UK / Switzerland (GDPR / UK GDPR / FADP)
- Access, rectification, erasure, restriction, portability, objection.
- Right to withdraw consent at any time, without affecting prior lawful processing.
- Right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you (GDPR Art. 22). Where automated moderation results in account suspension or termination, you can request human review through our appeals process (Terms § 7.3).
- Right to lodge a complaint with your supervisory authority. A list is at edpb.europa.eu; UK users may complain to the ICO at ico.org.uk.
8.2 California (CCPA / CPRA)
- Right to know what personal information we collect, use, share, or sell.
- Right to delete personal information we collected from you.
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information. We do not sell or share for cross-context behavioral advertising; if that ever changes we will publish a "Do Not Sell or Share My Personal Information" link.
- Right to limit use of Sensitive Personal Information — see § 2.1 above.
- Right to non-discrimination for exercising any CCPA right.
- Authorized agent. You may authorize an agent to make a request on your behalf by providing the agent with written permission and verifying your identity directly with us.
- Verifiable consumer requests. To verify your identity, we will ask you to confirm details we already hold (e.g. your account email and recent activity). We do not collect new information from you for verification.
Shine the Light: California Civil Code §1798.83 permits California residents to request a list of categories of personal information we have shared with third parties for those third parties' direct marketing purposes. We do not share for third-party direct marketing.
8.3 Other US states
If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Tennessee, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, New Hampshire, New Jersey, or Rhode Island, you have rights similar to the California rights described in § 8.2 — typically including the rights to access, correct, delete, port, opt out of sale, opt out of targeted advertising, and opt out of profiling that produces legal or similarly significant effects. To exercise any of these rights, email privacy@kizzlo.com. We honor recognized universal opt-out signals (including Global Privacy Control) where required by your state's law.
8.4 Brazil (LGPD)
Confirmation of processing, access, correction, anonymization or deletion, portability, withdrawal of consent, and complaint to the Autoridade Nacional de Proteção de Dados (ANPD).
8.5 How to exercise rights
Email privacy@kizzlo.com. We respond within 30 days (45 days for some states; we may extend by an additional 45 days where permitted, and will notify you). We may need to verify your identity. You can also delete your account directly in the app's Settings.
9. Children
Kizzlo is for adults 18 and older. We do not knowingly collect personal information from minors. If we learn that a user is under 18, we delete the account and all associated data. If you believe a minor is using Kizzlo, contact support@kizzlo.com.
10. Security
We use industry-standard safeguards including encryption in transit (TLS), encryption at rest for sensitive data, hashed passwords, and access controls. No system is perfectly secure; please use a strong unique password and keep your device secure. Where required by law, we will notify you of a data breach affecting your personal information without undue delay.
11. Cookies & tracking
The mobile app does not use cookies. The website (/, /privacy, /terms, etc.) uses only essential cookies necessary for the site to function and does not load third-party advertising, analytics, or fingerprinting cookies. We do not use cookies for cross-context behavioral advertising.
12. Third-party links
The Service may link to third-party sites (e.g. crisis hotlines, App Store). Their privacy practices are governed by their own policies.
13. Changes
We will notify you of material changes through the Service or by email. Continued use after the effective date constitutes acceptance.
14. Contact
Kenet Tech Pte. Ltd.
60 Paya Lebar Road, #06-28 Paya Lebar Square, Singapore 409051
Privacy / data rights: privacy@kizzlo.com
General support: support@kizzlo.com
Data Protection Officer: Kenet · Data Protection Officer · privacy@kizzlo.com
EU Representative (Art. 27): [EU Representative — to be appointed before EU launch]
UK Representative: [UK Representative — to be appointed before UK launch]
15. Regional notices
Residents of the following jurisdictions can read the country-specific addendum to this Policy: