Legal
Privacy Policy
Effective date: June 10, 2026 Last updated: June 10, 2026
1. Introduction
The Date Post (referred to in this policy as "The Date Post," "we," "us," or "our") operates the website at https://thedatepost.com and the related dating service of the same name. We take your privacy seriously. This policy explains what personal information we collect, why we collect it, how we use it, and what control you have over it.
If you have questions about anything in this policy, contact us at hello@thedatepost.com.
This policy applies to all users of the service. Some sections call out specific rights that apply only in certain jurisdictions (California, the European Economic Area, the United Kingdom, or elsewhere). We will honour the strictest applicable rule rather than the loosest.
2. Who we are
The Date Post Inc. 2416 Main St., Suite 398 Vancouver, BC V5T 3E2, Canada +1 (604) 720-0397 (Mon–Fri 9am–5pm Pacific)
The Date Post service is operated by The Date Post Inc., a company incorporated in British Columbia, Canada. If the legal entity behind the service changes, we will update this policy and notify you of any material change before it takes effect.
For privacy-related communications, our primary contact email is hello@thedatepost.com.
3. What personal information we collect
We collect only what we need to run the service safely. The following table maps each category of data to why we collect it.
3.1 Account data
- Email address (required at signup)
- Phone number (optional; if you add one to your profile it is shared with a confirmed match so you can arrange the date, and may be used for two-factor authentication)
- Account preferences (selected city, notification settings)
3.2 Verification data
Verification is optional. If you choose to verify, the check is run by Stripe Identity: your government photo ID (passport, driver's licence, or provincial ID) and a live selfie are submitted directly to Stripe Identity, which performs the match.
We do not receive or store your ID image or your verification selfie — Stripe Identity handles and retains those under Stripe's own terms. What we store is the result: a timestamp confirming you passed (your verified badge) and the Stripe session reference. Your profile photo is one you upload yourself (see 3.3), not the verification selfie.
3.3 Profile data
- First name (shown on your profile)
- Bio (max 240 characters; shown on your profile)
- Profile photos (up to six, uploaded by you; the first is your main photo)
- Last-active timestamp (rounded for display)
3.4 Activity data
- Listings you've posted (city, time, status)
- Asks you've sent or received, with their resolution (accepted / declined / expired)
- No-show reports filed by or against you
- Strikes, freezes, and ban records against your account
3.5 Payment data
- Transaction records (date, amount, listing or ask the charge was for)
- Stripe customer ID (a token issued by Stripe)
- We do not store credit-card numbers, CVV codes, or full bank details. Card data is collected and stored by Stripe, which is PCI-DSS compliant. We receive only a transaction token and the metadata above.
3.6 Device and log data
- IP address (collected at every request; used for fraud, geolocation hints for the city picker, and abuse prevention)
- User-agent string and device type
- Timestamps of significant events (sign-in, listing publish, ask sent, etc.)
- Approximate location derived from IP (city-level only; never precise GPS, which we do not collect)
3.7 Communications data
- Support emails you send us, and our replies
- In-app reports you file (no-show, safety, solicitation, impersonation)
3.8 Cookies and similar technologies
See our separate Cookie Policy for the full list and purposes.
4. How we use your information
We use the data above for these purposes, and only these:
4.1 To provide the service
- Maintain your account and authenticate you
- Show your bio, listings, and asks to the relevant other users
- Process payments and refunds
- Run the city-picker, notification, and date-confirmation flows
4.2 For safety and integrity
- Confirm your identity through Stripe Identity, if you choose to verify
- Screen bios for solicitation language and contact-information patterns (Section 1.2 of Community Standards)
- Detect and block duplicate accounts, banned IDs, and abusive patterns
- Investigate and resolve reports
- Enforce bans and keep banned accounts from returning
4.3 For legal and regulatory compliance
- Comply with applicable law, including financial recordkeeping (Canadian sales-tax obligations as a GST/HST registrant), consumer protection law, and anti-money-laundering requirements if any apply
- Respond to lawful government and law-enforcement requests
- Enforce our Terms of Service and Community Standards
4.4 To communicate with you
- Send transactional emails (verification, sign-in, ask resolution, payment receipts, no-show reports)
- Send safety-relevant alerts (the Safety Contact email you trigger, account-status changes)
- Reply to support inquiries
We do not send marketing or promotional email by default. If we ever introduce optional marketing communications, you'll opt in explicitly; we will never auto-enrol you.
4.5 To improve the service
- Aggregate, anonymized analysis of how the platform is used (for example, "across all cities, what percentage of listings receive at least one ask"). We do not analyse individual user behaviour for product-development purposes.
5. Legal basis for processing (EEA / UK / similar regimes)
Where the General Data Protection Regulation or an equivalent regime applies, we rely on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Provide the service you signed up for | Contract performance |
| Verification, fraud prevention, abuse handling | Legitimate interest in maintaining a safe platform; legal obligation in some cases |
| Payment processing | Contract performance + legal obligation (financial recordkeeping) |
| Marketing emails (if introduced) | Consent — opt-in only, with easy withdrawal |
| Legal-process responses | Legal obligation |
You can withdraw consent at any time for purposes that rely on it. Withdrawal does not affect the lawfulness of processing before withdrawal.
6. Who we share your information with
We do not sell your personal information. Not to advertisers. Not to brokers. Not to third-party "matching" services. This is a deliberate product commitment, not a marketing position — see Section 9.2 of Community Standards.
We do share data, in tightly scoped ways, with the following categories:
6.1 Service providers we use to run the platform
These vendors process data on our instructions only. We have data processing agreements with each.
| Provider | What they do | What they receive |
|---|---|---|
| Clerk | Authentication (signup, sign-in, JWT issuance, email verification) | Email address, password hash (Clerk holds, not us), session tokens, IP at sign-in |
| Stripe | Payment processing, and identity verification via Stripe Identity | Payment-method data (card or bank), billing address, transaction amounts; and, if you choose to verify, your government ID and selfie (submitted to and held by Stripe, not us). Stripe is PCI-DSS compliant. |
| Supabase | Database hosting (PostgreSQL) | All structured data described in Section 3, encrypted at rest |
| Railway | Backend application hosting | All server-side traffic and logs |
| Cloudflare | DNS, CDN, DDoS protection, Pages hosting | All HTTP/HTTPS traffic to thedatepost.com |
| Resend | Transactional email delivery | Email address, message body |
If we add or change a provider, we'll update this list. Material additions (new categories of data, new jurisdictions) get notification before they take effect.
6.2 Other users
Some data is shown to other users by design: - Your first name, profile photo, bio, and listing details are visible to other verified users in the same city while you have an active listing. - When a date is confirmed, the phone number and/or email you have added to your profile are shared with the other party so the two of you can arrange the meeting directly. - Your Safety Contact, if you set one, is emailed only when you tap the alert button — it receives your name and the note you wrote. We do not notify them automatically. - Your government ID is handled by Stripe Identity — we never receive it, so it is never visible to us or to other users.
6.3 Law enforcement and legal process
We disclose data to law-enforcement, courts, or government authorities where we are required by law to do so (subpoena, court order, production order under Canadian law, valid foreign legal process where applicable). We co-operate with criminal investigations into safety incidents reported on or off the platform.
We will resist over-broad requests, and where law allows, we will notify the affected user before disclosing data.
6.4 Corporate transactions
If The Date Post is acquired, merged, or otherwise reorganised, your data may transfer to the successor entity. The successor would be bound by this policy or a successor with materially equivalent protections; we will notify you before any transfer takes effect.
6.5 With your consent
If we ever share data outside the cases above, we will ask you first and get your consent.
7. International data transfers
The service is hosted on infrastructure that may store or process data in multiple countries:
- Cloudflare, Stripe, and Clerk operate global networks. Your data may be processed at edge locations or data centres in Canada, the United States, or elsewhere.
- Supabase and Railway instances may be in the United States depending on the region we have provisioned. We are evaluating Canadian-region deployments.
When data is transferred out of Canada, the European Economic Area, or the United Kingdom, we rely on standard contractual clauses or equivalent safeguards with our service providers.
If you would prefer not to have data processed in a particular jurisdiction, contact us at hello@thedatepost.com — note that some processing (sign-in via Clerk, payment via Stripe) cannot be performed without their global infrastructure.
8. How long we keep your information
| Category | Retention |
|---|---|
| Account data, profile, and bio | While your account is active, plus 30 days after deletion |
| Verification result (a verified timestamp and Stripe session reference; your ID and selfie are held by Stripe, not us) | While your account is active; deleted on account deletion |
| Listings, asks, transaction records | 7 years after the transaction (financial recordkeeping requirement) |
| No-show reports, strikes, ban records | While your account is active, plus the period needed to enforce bans |
| Support emails | 3 years from last activity in the thread |
| Server logs, IP records | 90 days for normal operations; longer in cases under active investigation |
When data passes its retention period it is deleted from our active systems. Where database backups are kept, they age out on a rolling cycle, so data deleted from production also stops being recoverable from backups as those backups expire.
9. Your rights
You have the following rights with respect to your personal data:
9.1 Access
You can request a copy of all personal data we hold about you. We will respond within 30 days.
9.2 Correction
If any of your data is inaccurate or out of date, you can correct it in the app or by emailing hello@thedatepost.com.
9.3 Deletion
You can delete your account at any time by asking us — email hello@thedatepost.com from your account email (or use the contact form) and we will confirm and complete the deletion within 30 days. What happens when an account is deleted: - Your bio, profile photo, listings, and ask history are removed. - We keep your verification result (a verified timestamp) while your account is active; your ID and selfie are held by Stripe Identity, not by us. - Financial transaction records are retained for the period required by law (typically 7 years). - Aggregate, de-identified usage statistics may persist; these cannot be re-identified back to you.
9.4 Portability (data export)
You can export your data in a machine-readable format at any time by emailing hello@thedatepost.com from your account email — we'll send it within 30 days. The export contains everything in Section 3 except data about other users where producing it would violate their privacy. (Your verification ID and selfie aren't included — they're held by Stripe Identity, not by us.)
9.5 Withdraw consent
Where we rely on your consent to process data, you can withdraw it at any time. Withdrawal doesn't affect the lawfulness of processing before the withdrawal.
9.6 Object to or restrict processing
You can object to processing based on legitimate interest, or ask us to restrict processing while a complaint is investigated.
9.7 Lodge a complaint with a regulator
If you believe we are mishandling your data and we haven't resolved your concern, you can file a complaint with your local privacy regulator. In Canada, this is the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca/) or the relevant provincial commissioner; in the EU, your country's data protection authority; in the UK, the Information Commissioner's Office; in California, the California Privacy Protection Agency.
To exercise any of these rights, email hello@thedatepost.com with the subject line "Privacy request." We may need to verify your identity before acting — typically by confirming you can sign in to the account.
10. Security
We protect your data using: - Encryption in transit — all traffic to and from thedatepost.com uses TLS 1.2 or higher. - Encryption at rest — application database storage is encrypted on disk. - Access controls — production data is accessible only to engineers and senior moderators with a documented need; access is logged. - Vendor due diligence — every third-party service in Section 6.1 was selected in part for its security posture and contractual data-protection commitments. - Incident response — if a data breach affects your personal data in a way that creates a real risk of harm, we will notify you as soon as is reasonably possible, in accordance with applicable notification laws.
No system is impossible to compromise. We will be honest with you about what happens if a breach occurs.
11. Children's privacy
The Date Post is for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18, and you must confirm you are 18 or older to use the service.
If we discover that an account belongs to a minor, the account is removed, and we take steps to keep it from being recreated.
If you believe a minor has nonetheless created or been affected by an account on the platform, email support@thedatepost.com immediately.
12. Specific regional rights
12.1 California residents (CCPA / CPRA)
You have the right to know what personal information we collect, to delete it (with the exceptions in Section 9.3), to correct inaccuracies, to limit the use of "sensitive personal information," and to opt out of "selling" or "sharing." We do not sell or share your personal information for cross-context behavioural advertising.
You can exercise these rights by emailing hello@thedatepost.com.
12.2 European Economic Area / United Kingdom
Section 9 maps directly to the rights GDPR / UK GDPR provide. The legal bases in Section 5 explain our processing.
If you are in the EEA or UK and want to know our representative or filing authority, email hello@thedatepost.com — at the time this policy is drafted we are pre-launch in those markets and any required representative arrangements will be in place before we onboard EEA/UK users.
12.3 Other jurisdictions
We comply with the privacy laws of the jurisdictions we operate in. If you believe a specific local law applies and we haven't honoured it, contact us.
13. Changes to this policy
We will update this policy as the service evolves. The effective date at the top of the policy reflects when the current version took effect. Material changes — anything that expands the data we collect, the parties we share it with, or the purposes we use it for — will be notified in-app at your next sign-in and, where required by law, by email.
14. Contact
For privacy questions, requests, or complaints:
Email: hello@thedatepost.com (subject line "Privacy request" speeds up routing)
Mail: The Date Post Inc. Attn: Privacy 2416 Main St., Suite 398 Vancouver, BC V5T 3E2, Canada
Phone: +1 (604) 720-0397, Mon–Fri 9am–5pm Pacific.
This Privacy Policy will be reviewed at least annually and on any material change to our processing.