Privacy Policy

0. Legal Definitions

For the purposes of this Policy, the following terms shall have the meanings indicated:

1. Introduction and Scope

This Privacy Policy applies to your use of the Agapé mobile application ("App"), the website meetagape.com, and any related services (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Policy.

We are committed to protecting your privacy and ensuring that you have full control over your data, regardless of your geographical location.

2. Data Controller

For the purposes of the General Data Protection Regulation (GDPR) of the EU, the UK Data Protection Act, and other applicable laws, the Data Controller of your data is:

• Owner: Iván Rojas Manzano
• Postal Address: CL DOCE DE OCTUBRE, 21, 7, 14001, CÓRDOBA, Spain.
• Data Protection Officer (DPO) Contact: support@meetagape.com

3. Categories of Data We Collect

We collect and process different types of personal data to provide our Service. Below, we detail what we collect:

A. Data Provided Directly by You

B. Data Collected Automatically (Usage and Device)

C. Data We Do NOT Collect

4. Legal Bases for Processing (GDPR)

We only process your data when we have a valid legal basis under European legislation:

• Performance of a Contract (Art. 6.1.b): To create your account, provide chat services, display profiles, and process subscriptions.
• Explicit Consent (Art. 9.2.a): To process your special category data (religion) and your precise geolocation. You have the right to withdraw this consent at any time (by deleting the data or disabling GPS).
• Legitimate Interest (Art. 6.1.f): To ensure network security, prevent fraud, detect bots, and technically improve the application.
• Legal Obligation (Art. 6.1.c): To keep records of tax transactions or cooperate with law enforcement if we receive a valid court order.

5. Purposes and Automated Decisions

We use your data to:

• Service Provision: Create accounts, facilitate matching, and messaging.
• Security: Verify accounts, moderate content, and combat abusive behavior.
• Communication: Send you push notifications about new messages or matches (you can disable these in settings).

Information on the Matching Algorithm

Agapé uses automated processes to recommend profiles to you. This algorithm analyzes your preferences (age range, maximum distance, interests, and spiritual data) to show compatible people. This profiling is necessary for the core functionality of the App, but does not produce legal effects nor significantly affect you negatively.

6. Artificial Intelligence & Machine Learning

In compliance with the EU AI Act (Regulation 2024/1689) and best practices for algorithmic transparency, we inform you about our use of automated systems:

A. AI Systems Used

• Recommendation Algorithm: Rule-based system that ranks profiles by preference compatibility (age, distance, interests). Does not use machine learning or neural networks.
• Content Moderation: Google Cloud Vision API to detect inappropriate content in photographs (nudity, violence). Classification: limited-risk AI system.
• Fraud Detection: Firebase App Check to verify application integrity and prevent bots.

B. Your Rights Regarding Automated Decisions (Art. 22 GDPR)

• Right to Human Intervention: You may request a human operator review any automated decision affecting you.
• Right to Explanation: You may request information about the logic applied in your profile recommendations.
• Right to Contest: You may contest an automated decision by contacting support@meetagape.com.

7. Recipients and International Transfers

Your personal data is confidential. We do not sell, rent, or trade your data to third parties under any circumstances. We only share it in the following limited situations:

A. Service Providers (Data Processors)

We use third-party infrastructure selected under strict security and privacy criteria:

• Google Cloud Platform / Firebase (USA): Database hosting (Firestore), authentication, file storage, crash analytics (Crashlytics), and push notifications (FCM). Google acts as a Data Processor under a Data Processing Agreement (DPA) compliant with Art. 28 GDPR.
• Google Play / Apple App Store: In-app payment processing. We do not store credit card data or financial information.

B. Transfers Outside the EEA/UK

Since our technology providers are based in the United States, your data may be transferred internationally. We ensure an adequate level of protection through:

• The EU-US Data Privacy Framework, adequacy decision C(2023) 4745 by the European Commission (July 10, 2023).
• The UK Extension to the Data Privacy Framework for transfers from the United Kingdom.
• Standard Contractual Clauses (SCCs) approved by Implementing Decision (EU) 2021/914 for providers without an adequacy decision.
• UK International Data Transfer Agreement (IDTA) Addendum when required.

C. Mandatory Legal Disclosure

We may disclose your personal data when legally required:

• In response to a valid court order, subpoena, or legitimate governmental request.
• To protect user safety against imminent threats of harm.
• To investigate, prevent, or take action against illegal activities, fraud, or abuse.
• In proceedings of merger, acquisition, or asset sale (with prior notice).

8. Sub-Processors and Authorized Service Providers

Below is the complete list of third-party providers who process personal data on our behalf:

Important: Sub-processors may only use your data to provide us the contracted services and are contractually obligated to maintain equivalent confidentiality and security levels.

9. Retention Periods

We apply the principle of storage limitation. Your data is not kept indefinitely:

10. Your Global Privacy Rights

Regardless of your nationality, Agapé grants you the following rights over your data:

• Right of Access: Know what data we have about you and obtain a copy.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data when it is no longer necessary.
• Right to Object: Object to data processing based on legitimate interest.
• Right to Portability: Receive your data in a structured and readable format.
• Withdrawal of Consent: You can withdraw your consent for geolocation or religious data processing at any time.

To exercise these rights, contact us at support@meetagape.com. We will respond within a maximum of 30 days.

If you reside in the European Economic Area, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) or your local authority.

11. Multi-Jurisdictional Compliance

Agapé is designed to comply with the world's strictest privacy laws. Below, we detail your specific rights based on your jurisdiction:

🇺🇸 United States (California, Virginia, Colorado, Connecticut, Utah)

• Notice at Collection (CCPA §1798.100): In the last 12 months, we have collected the categories of personal information listed in Section 3.
• No Sale/No Share: Agapé DOES NOT SELL your personal information to third parties nor "share" it for cross-context behavioral advertising as defined by CPRA.
• Sensitive Data: We use your sensitive data (religion) solely to provide the requested service, not to infer other characteristics.
• Right to Opt-Out: Not applicable since we do not sell data, but you may request information at any time.
• Authorized Agent: You may designate an authorized agent to exercise your rights by presenting a valid power of attorney.
• Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights.

🇧🇷 Brazil (LGPD - Lei 13.709/2018)

• Legal Basis for Sensitive Data: Explicit consent (Art. 11, I).
• General Legal Basis: Contract performance (Art. 7, V).
• Encarregado de Dados: Contact: support@meetagape.com
• LGPD Rights: Confirmation, access, correction, anonymization, portability, deletion, information about sharing, consent revocation, and petition to ANPD.

🇨🇦 Canada (PIPEDA)

• You have the right to access your personal information and request corrections.
• You may withdraw your consent at any time, subject to legal restrictions.
• You may file complaints with the Office of the Privacy Commissioner of Canada.

🇦🇺 Australia (Privacy Act 1988 + APPs)

• You have the right to access your personal information and request corrections.
• You may request anonymity or use of a pseudonym where practicable.
• You may file complaints with the Office of the Australian Information Commissioner (OAIC).

🇯🇵 Japan (APPI - Act on Protection of Personal Information)

• Special Care-Required Information: Your religious data qualifies as "special care-required" under APPI and is processed only with consent.
• Rights: Access, correction, cessation, disclosure of third-party transfers.
• PPC: You may file complaints with the Personal Information Protection Commission.

🇸🇬 Singapore (PDPA - Personal Data Protection Act)

• Consent: We collect and use your data based on your consent.
• Rights: Access, correction, and data portability.
• PDPC: You may file complaints with the Personal Data Protection Commission.

🇨🇭 Switzerland (nDSG - new Data Protection Act)

• We apply protections equivalent to GDPR for Swiss residents.
• Transfers are protected by SCCs or adequacy decisions.
• You may file complaints with the FDPIC (Federal Data Protection and Information Commissioner).

🇮🇳 India (DPDP Act 2023)

• Consent: We process your data based on express consent.
• Rights: Access, correction, erasure, and grievance redressal.
• Data Fiduciary: Agapé acts as Data Fiduciary for Indian users.

🇦🇪 United Arab Emirates (Federal Decree-Law 45/2021)

• We apply protections compliant with UAE data protection law.
• Cross-border transfers are conducted with appropriate safeguards.
• You may exercise rights of access, rectification, and erasure.

12. Children's Protection

Agapé is intended exclusively for users 18 years of age and older. We take children's protection extremely seriously:

• Age Verification: We require date of birth during registration to verify legal age.
• COPPA (USA): We comply with the Children's Online Privacy Protection Act. We do not collect data from children under 13 under any circumstances.
• UK Age Appropriate Design Code: Our service is not directed at children and we do not implement features that would attract them.
• Report Minors: If you suspect a minor is using the application, please report immediately to support@meetagape.com.

13. Security Measures

We implement a comprehensive security program based on industry standards:

A. Technical Measures

• Encryption in Transit: TLS 1.2/1.3 for all communications.
• Encryption at Rest: AES-256-GCM on Google Cloud servers.
• Password Hashing: Secure algorithms managed by Firebase Auth (scrypt).
• App Check: Application integrity verification to prevent attacks.
• Firestore Security Rules: Granular document-level access control.

B. Organizational Measures

• Principle of Least Privilege: Access restricted only to necessary personnel.
• Logging and Auditing: Recording of access to sensitive data.
• Incident Policy: Security breach response procedure compliant with Art. 33-34 GDPR (72-hour notification).

14. Cookies and Tracking Technologies

Our native mobile application does not use cookies in the traditional sense. However, we employ similar technologies:

• Firebase Analytics: SDK that collects anonymous usage data to improve the application. You can disable it in Settings → Privacy.
• Crashlytics: Collects error reports to improve stability.
• FCM Tokens: Identifiers for delivering push notifications.
• Local Storage: We store preferences locally on your device.

Our website may use essential cookies for basic functionality. We do not use third-party cookies for advertising.

15. Apple & Google App Store Requirements

In compliance with app store policies:

🍎 Apple App Store (iOS)

• App Tracking Transparency (ATT): Agapé does NOT request ATT tracking permission because we do not track users across third-party apps or websites. We do not use the IDFA.
• Privacy Nutrition Label: Our App Store privacy label accurately reflects the data collected per Section 3 of this Policy.
• Sign in with Apple: If you use this option, we respect your choice to hide your real email. We only receive Apple's relay email.
• Account Deletion: You can delete your account directly from Settings → Account → Delete Account, per Apple requirements.
• HealthKit/HomeKit/SiriKit: We do not use these APIs or access health or home data.

🤖 Google Play Store (Android)

• Data Safety Section: Our data safety declaration in Play Console accurately reflects the practices described in this Policy.
• Permissions: We only request essential permissions (camera, gallery, location, notifications) and clearly explain their use.
• Families Policy: Not applicable. Our app is exclusively for users 18 years and older.
• Account Deletion: Available in-app and via web at meetagape.com/delete-account.html
• Advertising ID: We do not use Google's Advertising ID for advertising purposes.

16. User Representations and Warranties

By using the Service, you represent, warrant, and declare that:

Breach of these representations may result in suspension or termination of your account without prior notice or refund.

17. Limitation of Liability

To the maximum extent permitted by applicable law:

• No Warranties: The Service is provided "AS IS" and "AS AVAILABLE," without warranties of any kind, express or implied.
• Third-Party Content: We are not responsible for content posted by other users, including inaccurate, offensive, or fraudulent information.
• User Interactions: We are not responsible for interactions, meetings, or relationships arising from use of the application.
• Indirect Damages: In no event shall we be liable for indirect, incidental, special, consequential, or punitive damages.
• Monetary Cap: Our total cumulative liability shall not exceed the amount you have paid for the Service in the last 12 months, or €100, whichever is greater.

Some jurisdictions do not allow the exclusion of certain warranties or limitations of liability. In such cases, the limitations shall apply to the maximum extent permitted.

18. Indemnification

You agree to defend, indemnify, and hold harmless Agapé, its owner, employees, contractors, and agents from any claim, damage, obligation, loss, liability, cost, or debt, and expenses (including reasonable attorney fees) arising from:

• Your use of or access to the Service;
• Your breach of this Privacy Policy or Terms of Service;
• Your violation of any third-party rights, including privacy, intellectual property, or publicity rights;
• Any content you upload or transmit through the Service;
• Your interactions with other users of the Service, online or offline.

This indemnification obligation shall survive the termination of your account and this Policy.

19. Binding Arbitration and Class Action Waiver

A. Arbitration Agreement

You and Agapé agree that any dispute, claim, or controversy arising out of or relating to this Policy or the Service ("Disputes") shall be resolved exclusively through binding arbitration, rather than in courts of general jurisdiction, except that you may bring claims in small claims court if your claims qualify.

B. Class Action Waiver

You and Agapé agree that each party may only bring claims against the other in an INDIVIDUAL capacity, and not as a plaintiff or class member in any class or representative proceeding.

Unless both parties agree otherwise in writing, the arbitrator may not consolidate claims of more than one person and may not preside over any form of class or representative proceeding.

C. Arbitration Administration

• For EU/EEA/UK users: Arbitration shall be administered pursuant to the Arbitration Rules of the Court of Arbitration of the Madrid Chamber of Commerce, or alternatively the ICC.
• For US users: Arbitration shall be administered by JAMS pursuant to its Streamlined Arbitration Rules and Procedures.
• Seat: Madrid, Spain (for EU users) or the most convenient location for the user (US).
• Language: Spanish or English, at the claimant's choice.

D. Right to Opt-Out

E. Exceptions

This arbitration clause does not apply to:

• Intellectual property claims;
• Requests for urgent injunctive relief;
• Small claims court proceedings;
• Any claim where the mandatory law of the user's country of residence prohibits mandatory arbitration.

F. Survival

This arbitration agreement shall survive termination of your relationship with Agapé.

20. Dispute Resolution and Governing Law

A. Governing Law

This Policy shall be governed by and construed in accordance with the laws of Spain, without giving effect to any principles of conflicts of laws, except to the extent that the mandatory laws of your jurisdiction of residence provide otherwise.

B. Subsidiary Jurisdiction

To the extent binding arbitration is not applicable (by user opt-out or legal provision), the parties submit to the exclusive jurisdiction of the Courts of Córdoba, Spain, expressly waiving any other venue that may correspond to them, except:

• EU/EEA users may bring claims in the courts of their country of residence;
• Consumers protected by mandatory laws of their jurisdiction retain their legal rights.

C. Statute of Limitations

Any claim arising out of or relating to this Policy or the Service must be brought within ONE (1) year from when the cause of action arose, or it shall be permanently barred, to the maximum extent permitted by applicable law.

D. Informal Resolution First

Before initiating any formal proceeding, the parties agree to attempt to resolve the dispute amicably for a period of 60 days from written notice of the dispute, by contacting support@meetagape.com.

E. Alternative Dispute Resolution (ODR)

The European Commission offers an online dispute resolution platform available at: https://ec.europa.eu/consumers/odr

21. Miscellaneous Provisions

A. Severability

If any provision of this Policy is held invalid, illegal, or unenforceable by a court or competent authority, such invalidity shall not affect the remaining provisions, which shall remain in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

B. Survival

Sections of this Policy that by their nature should survive termination shall continue in effect, including without limitation: Definitions, Data Retention, Your Rights, Limitation of Liability, Indemnification, Arbitration, Dispute Resolution, and this Miscellaneous Provisions section.

C. Waiver

The failure to exercise or delay in exercising any right under this Policy shall not constitute a waiver of such right. No waiver shall be effective unless in writing and signed by the waiving party. A one-time waiver does not constitute a continuing waiver or a waiver of other rights.

D. Entire Agreement

This Privacy Policy, together with the Terms of Service, Legal Notice, and EULA (if applicable), constitute the entire agreement between you and Agapé regarding the processing of your personal data and use of the Service, and supersede any prior agreement, communication, or representation, oral or written.

E. Assignment

You may not assign or transfer your rights or obligations under this Policy without our prior written consent. Agapé may assign its rights and obligations to any successor, acquirer, or entity resulting from merger, acquisition, or reorganization, upon notice per Section 22.

F. Force Majeure

Agapé shall not be liable for any failure caused by circumstances beyond its reasonable control, including without limitation: natural disasters, pandemics, acts of government, war, terrorism, civil unrest, power outages, telecommunications failures, cyberattacks, or third-party service interruptions.

G. Prevailing Language

This Policy is available in Spanish and English. In case of discrepancy between versions, the Spanish version shall prevail as it is the jurisdiction of the data controller, except where local law of the user requires their language to prevail.

H. Headings

Section headings are for convenience only and do not affect the interpretation of this Policy.

I. No Third-Party Beneficiaries

This Policy does not confer rights upon third parties, except as expressly stated regarding Sub-processors and their contractual obligations.

22. Changes to this Policy

We may update this Privacy Policy periodically. We will notify you of material changes through:

• In-App Notification: We will display a prominent notice when you open the application.
• Email: For changes that significantly affect your rights.
• Update Date: The "Last Updated" date at the beginning of this document will always reflect the current version.

We recommend reviewing this Policy periodically. Continued use of the Service after the publication of changes constitutes your acceptance of them.

23. Contact and Data Protection Officer

For any inquiries related to this Privacy Policy or the exercise of your rights:

For GDPR Rights Exercise

Include in your request:

• Your full name and email address associated with the account
• The specific right you wish to exercise (access, rectification, erasure, portability, objection, restriction)
• Copy of identity document (for verification)
• Any additional relevant information

Complaints to Authorities

If you believe the processing of your data violates regulations, you may file a complaint with:

• Spain: Spanish Data Protection Agency (AEPD)
• Your country: The data protection authority of your jurisdiction of residence

24. Acceptance and Electronic Signature

By creating an Agapé account, checking the acceptance box during registration, or continuing to use the Service after the publication of changes to this Policy, you declare that:

• ✅ You have read and understood this Privacy Policy in its entirety;
• ✅ You accept all its terms and conditions without reservation;
• ✅ You acknowledge that this electronic acceptance has the same legal validity as a handwritten signature;
• ✅ You confirm that you comply with all Representations in Section 16;
• ✅ You expressly consent to the processing of sensitive data (religious) for the Service's operation.

Your acceptance is recorded with a timestamp in our systems as evidence of consent.