Consumer Health Data Privacy Policy

1. Scope

This Consumer Health Data Privacy Policy applies to Washington and Nevada residents and describes how Synceria handles consumer health data as defined by applicable state laws. This policy supplements our Privacy Policy.

2. Consumer Health Data We Collect

We do not collect medical records or health insurance information. Depending on what you choose to share, we may process information that could be considered consumer health data under state law. The specific categories we collect are:

• Gender identity — used for profile display and matching
• Sexual orientation — used for matching preferences
• Precise geolocation — used for distance-based matching
• Ethnicity — optional, used for matching preferences
• Substance use habits (drinking, smoking, vaping, cannabis) — optional, used for compatibility matching
• Religious preferences — optional, used for matching preferences
• Political preferences — optional, used for matching preferences
• Sex drive — optional, used for compatibility matching
• Relationship preferences — used for matching compatibility

We may also process consumer health data contained in information you include in support requests or safety reports.

3. How We Process Consumer Health Data

Consumer health data is stored in an encrypted-at-rest PostgreSQL database hosted by Supabase. Our matching algorithm uses health data fields to compute compatibility scores via server-side functions. These functions run on our backend infrastructure and are not exposed to other users.

No automated decision-making produces legal effects or similarly significant effects on you. Matching is a recommendation — it does not restrict your ability to use the Service or access any features.

We do not use consumer health data for advertising, behavioral profiling beyond matching, or sale to third parties.

4. Sources of Consumer Health Data

• You: Information you provide in your profile or support messages
• Your device: Location data with your permission
• Third parties: Limited data from service providers needed to operate the Service
• Authentication providers: If you use "Sign in with Apple" or "Sign in with Google," we receive your verified email address and basic profile information from those providers. This data may include sensitive personal information if you choose to share it in your Google or Apple profiles, but we only process what is necessary to authenticate your account. We do not receive or store any health or medical information from these providers.

5. How We Use Consumer Health Data

We use consumer health data to:

• Provide matching and personalization features
• Support safety and moderation operations
• Respond to support requests
• Comply with legal obligations
• Process your separate health data consent and maintain an audit trail of consent events

6. In-App Consent

We collect separate, specific consent before processing your consumer health data for matching. When you first use our matching features, we present a consent screen that enumerates all nine categories listed in Section 2 above and explains how each is used.

You can withdraw your consent at any time by navigating to Profile > Privacy Settings in the app. When you withdraw consent:

• Your profile is immediately removed from the discovery feed
• Optional health data fields (ethnicity, substance use habits, religious preferences, political preferences, sex drive) are deleted
• Required fields (gender identity, sexual orientation) are retained for account integrity
• Precise geolocation continues to be stored for account functionality but is no longer used for matching

To re-consent and restore your profile to the discovery feed, use the "Re-enable Discovery" option in the app.

7. How We Share Consumer Health Data

We share consumer health data only with service providers that help us operate the Service. The following processors may receive consumer health data:

• Supabase (auth, database, storage, Edge Functions) - stores consumer health data including sexual orientation, ethnicity, religious and political preferences, and substance use preferences
• Stream (GetStream) for chat services - may process consumer health data if voluntarily shared by users in chat messages

The following processors do not receive consumer health data:

• RevenueCat plus Apple/Google for subscription management and billing (does not receive consumer health data)
• PostHog for analytics and error tracking (does not receive consumer health data)
• Sentry for native crash reporting (does not receive consumer health data)
• Expo, Apple APNs, and Google FCM for push notifications (does not receive consumer health data)
• Google Cloud Vision for photo moderation (does not receive consumer health data)
• Upstash Redis for rate limiting and caching (does not receive consumer health data)
• Resend for transactional email delivery (does not receive consumer health data)

We do not sell consumer health data. We do not share consumer health data for targeted advertising.

8. Your Rights

You may have the right to:

• Access consumer health data we maintain about you
• Request deletion of consumer health data
• Request correction of inaccurate consumer health data
• Withdraw consent where applicable
• Appeal a denied request

To review your health data, use the data export feature in the app (Profile > Privacy Settings > Export My Data). To correct inaccurate data, update your profile directly in the app or email admin@vibinllc.com.

To exercise other rights, email admin@vibinllc.com with the subject line "Consumer Health Data Request." Appeals can be submitted with the subject line "Consumer Health Data Appeal."

9. Retention

We retain consumer health data only as long as needed for the purposes described in this policy. Specific retention periods by data category:

• Profile-based health data (sexual orientation, gender identity, substance use preferences, sex drive): Retained until you remove the data from your profile or delete your account. On account deletion, your profile is hidden immediately and data is permanently deleted within 30 days.
• Precise geolocation: Retained until account deletion. Overwritten each time the app updates your location.
• Safety and moderation data: Limited data may be retained for up to 90 days after account closure for safety, fraud prevention, or legal defense. Banned account identifiers may be retained for up to 2 years for abuse prevention.
• Unverified accounts: Deleted after 7 days if email is not verified.
• Support requests containing health data: Retained for up to 2 years from resolution for legal and safety purposes.

For full retention details across all data categories, see our Privacy Policy Section 8.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via in-app notification and by updating this page. If changes affect the basis for your consent, we will request fresh consent before continuing to process your consumer health data under the updated terms.

11. Contact Us

If you have questions about this policy, contact us: