UnfylteredUnfyltered
Back

Privacy Policy

Last updated · April 18, 2026

This Privacy Policy explains what information Unfyltered (operated by Netsphere Technologies) collects about you, why we collect it, who we share it with, and what choices you have. We wrote it in plain English — no weasel words. If something isn't clear, email hello@unfyltered.com.

1. What we collect

When you create an account and use the Service, we collect:

  • Account details — email, phone number (if you use OTP sign-in), and a password hash (we never store your password in plain text; we use bcrypt).
  • Profile information — display name, date of birth, gender, city, country, bio, and any photos you upload.
  • Activity on the platform — messages you send, profiles you view, matches, reports you submit, and in-app settings you change.
  • Payment information — when you purchase credits via UPI, we record the transaction amount, your UTR reference, and the payment timestamp. We do not store your bank account number, UPI PIN, or card details — all payment details are handled by your UPI app and your bank.
  • Device and technical data — IP address, browser type, OS, and approximate location derived from IP (not GPS). This is used for security, fraud detection, and debugging.
  • Product analytics (optional) — we use PostHog to understand how people use the Service in aggregate. You can opt out via the in-app privacy settings.

2. Why we collect it

  • To operate the Service — show your profile to potential matches, deliver messages, verify your email, detect duplicate accounts.
  • To keep you safe — detect harassment, spam, under-18 accounts, and impersonation. Block lists and report flows depend on us retaining some data about bad actors.
  • To process payments — confirm your UPI transaction and credit your account.
  • To communicate with you — verification emails, password resets, important service announcements. We do not send marketing email without your explicit opt-in.
  • To improve the Service — anonymized, aggregate usage patterns help us prioritize features.

3. Who we share it with

We never sell your data to advertisers, data brokers, or other third parties. We share it only with the following operational service providers, bound by data-processing agreements:

  • Resend — transactional email delivery (verification links, password resets).
  • Cloudflare R2 — photo storage.
  • Twilio / MSG91 — phone OTP delivery (only if you sign in with phone).
  • Hetzner (Germany) — hosting our application servers and PostgreSQL database.
  • PostHog — product analytics, opt-out available in-app.
  • Sentry — error monitoring (records exception stack traces; no message content or photos).

We may also share data when legally required — for example, in response to a valid court order or government request — and to prevent imminent harm to life or safety.

4. International transfers

Our servers are hosted in Germany(Hetzner Falkenstein datacenter). This means your data is transferred from India to Germany for processing. We rely on standard contractual clauses and Germany's adequacy status under applicable frameworks to protect this transfer.

5. How long we keep it

  • Active accounts — we retain your data for as long as your account exists.
  • Deleted accounts — within 30 days of deletion, we remove your profile, photos, and messages from production systems. We retain a limited record (your email hash + the ban/deletion reason) for safety purposes — to prevent banned users from creating new accounts — for up to 5 years.
  • Payment records — retained for 7 years as required by Indian tax and financial regulations.
  • Server logs — rotated and deleted after 30 days.

6. Your rights

Under India's Digital Personal Data Protection Act, 2023 (" DPDP Act"), you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correct — ask us to fix inaccurate data.
  • Erase — delete your account and associated data (subject to legal retention requirements described in §5).
  • Withdraw consent — for any processing you previously consented to (e.g., product analytics).
  • Grievance redressal — contact our data-privacy officer (below) with any complaint; we respond within 30 days.

To exercise any of these rights, email privacy@unfyltered.com from the email address associated with your account.

7. Security

We take reasonable technical and organizational measures to protect your data:

  • All traffic to and from the Service is encrypted with HTTPS/TLS.
  • Passwords are hashed with bcrypt at cost factor 12 before storage.
  • Database and cache servers are firewalled from the public internet and accessible only from our application layer.
  • We log and monitor administrative actions; access to production data is restricted to a small number of engineers under the principle of least privilege.

No system is perfectly secure. If we detect a data breach affecting your account, we'll notify you and the appropriate authorities as required by the DPDP Act and any applicable regulations.

8. Cookies and local storage

We use a small number of cookies and browser-local storage entries for strictly necessary functions: keeping you signed in (Auth.js session cookie), remembering accessibility preferences, and preventing CSRF attacks. We do not use third-party advertising or cross-site tracking cookies.

9. Minors

Unfyltered is for adults 18 and over. We do not knowingly collect personal data from anyone under 18. If we learn that an under-18 person has created an account, we will delete their data and terminate the account. If you are a parent or guardian and believe your child has provided us with personal data, email privacy@unfyltered.com and we will act promptly.

10. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes that affect how we use your personal data, we'll notify you in-app or by email at least 14 days before the change takes effect. The "Last updated" date at the top always shows the current version.

11. Contact

For privacy questions or to exercise any of the rights above, email our data-privacy contact at privacy@unfyltered.com. For general support, use hello@unfyltered.com.

Data fiduciary: Netsphere Technologies, [TODO: registered address — required under DPDP Act §9(5) notice requirement].