← Back to Home

Privacy Policy

Last updated: 21 April 2026

1. Introduction

Kichacha ("we", "us", "our") operates the Kichacha mobile application (available on iOS and Android) and the website at kichacha.com(together, the "Service"). Kichacha is a social discovery platform that connects people through shared dance interests. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights regarding that data.

By creating an account or using the Service, you agree to the collection and use of your information as described in this policy. If you do not agree, please do not use the Service.

2. Data We Collect

2.1 Information You Provide

  • Account registration: email address, mobile phone number, and password.
  • Profile information: first name, date of birth, gender, sexual orientation, bio (free-text description), profile photos, and optional profile introduction video.
  • Dance preferences: dance styles, experience level, preferred dance role (leader / follower / either), dance schedule, dance frequency, dance goals, and what you are looking for in a dance partner.
  • Discovery preferences: search radius (in kilometres), age range, gender preference, and other filters you configure.
  • Messages: text messages you send and receive through in-app conversations.
  • Event submissions: if you register as an Event Organizer, the event details you submit (title, date, time, location, description, price, ticket URL, category, and tags).
  • Support communications: any information you include when you contact us via email.

2.2 Information Collected Automatically

  • Location data: with your permission, we collect your device's GPS coordinates (latitude and longitude) to show you nearby users and calculate distances. You can revoke location permission at any time through your device settings, though this will limit discovery features.
  • Device information: device type (iOS or Android), a randomly generated device identifier stored locally for push notification delivery, and operating system platform.
  • Push notification tokens: your Firebase Cloud Messaging (FCM) token on Android, or Apple Push Notification service (APNs) token on iOS, used solely to deliver push notifications you have opted in to.
  • Usage data: interaction data such as swipe actions (like, pass, superlike) and discovery impressions, used to personalise your experience and improve matching.

2.3 Information We Derive

  • Match scores: we compute compatibility scores based on your profile attributes, dance preferences, location, and interaction history. These scores are recalculated periodically and cached for up to 24 hours.
  • Profile embeddings: we generate numerical vector representations of your bio text using OpenAI's text-embedding-3-small model to enable semantic similarity matching. Only the bio text is sent to OpenAI for this purpose; the resulting vector is stored on our servers.
  • Personalised preference weights: over time, we learn feature weights from your interactions (swipes, matches) to rank discovery profiles more relevantly for you.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Provide the Service: create and maintain your account, display your profile to other users, enable discovery and matching, facilitate messaging, and deliver push notifications.
  • Personalisation: tailor discovery results based on your preferences, location, interaction history, and compatibility scoring.
  • Safety and moderation: review event submissions before publication (organizer approval workflow), enforce community standards, and investigate reported issues.
  • Communication: send password reset emails, push notifications about new matches, messages, and match invites.
  • Improvement: analyse aggregated, de-identified usage patterns to improve matching algorithms, app performance, and user experience.
  • Legal obligations: comply with applicable laws, regulations, or legal processes.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Consent: for location data collection, push notifications, and processing your bio through OpenAI embeddings. You may withdraw consent at any time.
  • Contract performance: processing necessary to provide the Service you have signed up for (account management, profile display, matching, messaging).
  • Legitimate interests: improving our algorithms, preventing fraud, and ensuring platform safety — balanced against your privacy rights.
  • Legal obligation: where we are required by law to process or retain certain data.

5. Data Sharing and Third Parties

5.1 Other Users

Your profile information (first name, age, photos, video, bio, dance preferences, approximate distance) is visible to other Kichacha users through the discovery and matching features. Your exact GPS coordinates are never shared with other users; only an approximate distance is displayed.

5.2 Service Providers

We share data with the following third-party service providers who process data on our behalf:

  • Supabase (database hosting, authentication, file storage) — stores your account data, profile information, messages, and uploaded media. Hosted infrastructure.
  • OpenAI (AI processing) — receives your bio text solely to generate embedding vectors for semantic matching. OpenAI does not use this data to train their models under our API agreement.
  • Firebase Cloud Messaging (Google) — receives your device push token and notification content to deliver push notifications on Android devices.
  • Apple Push Notification service (Apple) — receives your device push token and notification content to deliver push notifications on iOS devices.
  • Railway (backend hosting) — hosts our application server infrastructure.
  • Google Maps Platform — provides map display within the app. Your interaction with maps is subject to Google's privacy policy.

5.3 Legal Disclosures

We may disclose your information if required to do so by law, or in good faith belief that such action is necessary to comply with a legal obligation, protect our rights or safety, or investigate potential violations of our Terms of Service.

5.4 No Sale of Data

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

6. Data Storage and Security

Your data is stored on servers managed by Supabase (PostgreSQL database with Row-Level Security) and Railway (application hosting). Uploaded media (photos and videos) are stored in Supabase Storage.

We implement the following security measures:

  • All data transmitted between the app and our servers is encrypted using TLS (HTTPS).
  • Authentication tokens are securely managed using Supabase Auth with JWT-based sessions.
  • Database access enforces Row-Level Security policies, ensuring users can only access their own data.
  • WebSocket connections (real-time chat and notifications) require valid authentication tokens.
  • Passwords are hashed by Supabase Auth and are never stored or transmitted in plain text.
  • API input validation prevents injection attacks through strict schema enforcement.

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Data Retention

  • Active accounts: your data is retained for as long as your account remains active.
  • Match scores: cached for up to 24 hours and automatically refreshed.
  • Interaction data: swipe history and preference weights are retained to improve your experience. Older interactions receive progressively lower weight in our algorithms (90-day and 180-day decay periods).
  • Deleted accounts: upon account deletion, all personal data listed in Section 2 is immediately removed from active systems. Database backups containing your data are purged within 30 days of deletion.
  • Anonymised data: aggregated, de-identified data that cannot identify you may be retained indefinitely for analytical purposes.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data via your profile settings.
  • Deletion: request permanent deletion of your account and all associated data. You can do this through the Account Deletion page or by contacting us.
  • Data portability: request your data in a machine-readable format.
  • Withdraw consent: revoke consent for location data, push notifications, or AI processing at any time.
  • Restriction: request that we limit processing of your data in certain circumstances.
  • Objection: object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@kichacha.com. We will respond within 30 days.

9. Age Restriction

Kichacha is intended for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. Age verification is enforced during account registration (date of birth validation). If we discover that a user is under 18, we will promptly delete their account and all associated data. If you believe a minor has created an account, please contact us immediately.

10. Cookies and Local Storage

The Kichacha mobile app uses device-local storage (AsyncStorage) to store your authentication tokens, discovery filter preferences, push notification device identifier, and onboarding status. This data remains on your device and is not transmitted to third parties.

The Kichacha website (kichacha.com) uses browser localStorage for session management on the organizer and admin portals. No third-party tracking cookies are used.

11. International Data Transfers

Your data may be processed in countries outside your country of residence, including where our service providers (Supabase, OpenAI, Google, Apple, Railway) maintain infrastructure. We ensure appropriate safeguards are in place for any international transfers, including reliance on standard contractual clauses where applicable.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at: