Privacy Policy

Effective Date: April 6, 2025

Softnergy Limited ("we," "us") operates the CatholicBond app. This policy explains how we collect, use, disclose, share, and retain your personal data under UK GDPR and the Data Protection Act 2018.

1. Data We Collect

Data Type Purpose Legal Basis
Profile Data
(Name, email, age, gender, faith practices)		 Create your account and match with compatible Catholics Contractual necessity
Faith Details
(Mass attendance, prayer habits, etc.)		 Facilitate faith-based matching Consent
Photo Verification
(Uploaded ID photos)		 Authenticate user identity Legitimate interest (safety)
Face Biometric Data
(Live selfie scan)		 Authenticate real users and prevent spoofing Legitimate interest (security)
Usage Data
(Messages, matches, app activity)		 Improve service and prevent abuse Legitimate interest

2. How We Use Data

  • To match you with other Catholic singles based on shared values
  • To verify profiles via uploaded IDs and a live face scan to ensure each user is a real, unique individual
  • To respond to your requests (e.g., account deletion, data access)
  • To analyze trends (aggregated/anonymized data only) for service improvements
  • To prevent abuse and detect fraudulent or duplicate accounts

We never sell your data to third parties.

3. Data Sharing & Disclosure

We only share data with:

  • Other users: Your profile data (excluding biometric templates) is visible to matched members
  • Moderators: For photo verification and abuse reviews
  • Service Providers (under strict NDA and only as necessary):
    • Secure cloud hosting (MongoDB Atlas)
    • Biometric verification vendor (for face scan template matching only)
    • Analytics providers (aggregated/anonymized data)
  • Legal Authorities: When required by UK law (e.g., subpoenas, court orders)

4. Data Security

  • Encryption of sensitive data in transit (SSL/TLS) and at rest
  • Encrypted storage of face biometric templates with one-way hashing
  • Regular security audits and penetration testing
  • Access restricted to authorized personnel on a need-to-know basis
  • Multi-factor authentication for administrative access

5. Your Rights

Under UK GDPR, you have the right to:

  • Access your data (request a copy)
  • Correct inaccurate information
  • Delete your account and personal data (via app settings or email)
  • Object to certain processing activities
  • Withdraw consent for faith-based matching or other optional uses
  • Portability of your profile and usage data

To exercise any rights, contact us at legal@softnergy.co.uk. We respond within 30 days.

6. Data Retention

  • Active Accounts: All data retained until you request deletion
  • Inactive Accounts: Account and data deleted after 24 months of inactivity
  • Rejected Photos: ID photos deleted within 72 hours
  • Face Biometric Data: Deleted within 72 hours of successful verification or immediately upon account deletion
  • Aggregated/Anonymized Data: Retained indefinitely for analytical purposes

7. International Transfers

We store all data in the UK/EU. If we transfer data outside these regions, we use GDPR-approved safeguards such as Standard Contractual Clauses and ensure adequate protection.

8. Changes to This Policy

We may update this policy. For material changes, we’ll notify you via email or in-app notice at least 30 days before the change takes effect. Continued use after the effective date constitutes acceptance.

9. Contact Us

Data Controller: Softnergy Limited (SC619146)
5 S Charlotte St, Edinburgh EH2 4AN
Email: legal@softnergy.co.uk
Phone: +44 (0)131 555 1234