Privacy Policy

Effective Date: March 17, 2026  |  Last Updated: March 2026

1. Introduction — About This Policy

Rendez, Inc. ("Rendez," "we," "us," or "our") operates the Rendez mobile application and the website at getrendez.com (together, the "Service"). This Privacy Policy explains what personal information we collect, how we use and share it, how long we keep it, and the choices you have.

This policy applies to users in the United States only. Rendez is currently available to users in the U.S. only. Your use of the Service is also governed by our Terms of Service.

By creating an account or using Rendez, you agree to the collection and use of your information as described in this policy.

2. Information We Collect

a. Information You Give Us

• Registration: name, email address, phone number, and date of birth
• Profile: up to 6 photos, and optional "About Me" text
• Invites: event type, venue name, date and time, and invite description
• Messages: sent after both parties have accepted an invite and confirmed a date (post-acceptance only)
• Cancellations and attendance: if you cancel a confirmed date, we record the cancellation and its timing relative to the scheduled event. After a scheduled date, you may receive a prompt asking whether you attended — your explicit response (yes or no) is recorded. Non-response to this prompt is treated as attended and is not recorded as a penalty event (see Section 3).
• Payments: billing information for Rendez+ subscriptions and Boost purchases. Payments are processed by Stripe — Rendez never stores your card number or full payment credentials.
• Customer support: communications you send to our support team

b. Information We Collect Automatically

• Precise geolocation (GPS): collected only while the app is open and active in the foreground. We do not collect your location in the background. If you skip the location permission at onboarding, a default location is used until you update it manually in Settings. You can disable location access in your device settings at any time.
• Device information: device type, operating system version, device ID, and push notification token
• Usage data: screens viewed, taps, and session duration — sent to Mixpanel as pseudonymous events tied to your internal Rendez user ID only, not to your email address, phone number, or name
• Crash and error logs: via Sentry, which may capture device state and stack traces at the time of a crash. Crash logs do not include message content or payment data.
• IP address

c. Information from Third Parties

If you choose to sign in using Apple, Google, or Facebook, we receive your name and email address from that provider. We do not receive your password.

3. How We Use Your Information

We use your information to:

• Operate the Service: create and display your profile and invites, show you nearby invites on the map and feed, process requests to join invites, and enable messaging after an invite is accepted
• Verify your identity: process profile photos through AWS Rekognition to confirm you are a real person and detect inappropriate content
• Send push notifications: for new requests, accepted invites, and expiring invite reminders, delivered via Firebase Cloud Messaging
• Process payments: handle Rendez+ subscriptions and Boost purchases through Stripe and RevenueCat
• Improve the product: analyze usage patterns through Mixpanel to understand how the app is used and make it better
• Ensure safety: detect fraud, abuse, and policy violations; investigate reports submitted by other users; enforce our Terms of Service
• Handle safety reports and moderation: when you report a user or content, we retain a record of the report and the reported content to investigate safety concerns, take appropriate action, and protect our community. When you block another user, we retain the block record to prevent unwanted contact from that user.
• Compute and display your Reliability Score: We use your cancellation history and attendance confirmation responses to calculate a reliability badge that is displayed publicly on your profile, invite cards, and in the request management screen.
• Legal compliance: comply with applicable laws, respond to lawful requests from law enforcement or government authorities, and protect Rendez's legal rights

4. How We Share Your Information

We do not sell your personal information.

We do not share your personal information with third parties for cross-context behavioral advertising.

We share information with the following service providers, each of whom acts only on our documented instructions:

Provider	What They Receive	Why
AWS S3	Profile photos	Secure cloud storage (us-west-2 / Oregon region)
AWS Rekognition	Profile photos (facial scan data)	Identity verification and content moderation only
Firebase (Google)	Device push token, user ID	Push notifications
Twilio	Phone number	SMS verification at registration (OTP delivery only)
Stripe	Payment information	Processing Rendez+ subscriptions and Boost purchases
RevenueCat	Device ID, subscription status	Subscription lifecycle management
Sentry	Crash logs, device state at time of crash	Error reporting and monitoring
Mixpanel	Pseudonymous usage events (user ID only)	Product analytics
Google Maps / Google Places API	Venue search queries	Map display and venue lookup
Apple / Google / Facebook	Authentication tokens	Sign-in when you choose these options

We may also share your information:

• With other users: your profile, photos, invite details, and Reliability Score badge are visible to other Rendez users as part of normal Service operation
• With law enforcement: when required by law, court order, subpoena, or to protect the safety of our users or the public
• In a business transfer: if Rendez is acquired, merged, or substantially all of its assets are sold, your information may transfer to the acquiring entity, subject to this policy
• With your consent: for any other purpose you specifically authorize

5. Data Retention

We retain your information according to the following schedule:

Type of Data	Retention Period
Active account data (profile, photos, invites)	Retained while your account is active
Post-deletion safety window	3 months to 2 years after account deletion or ban, to investigate fraud, abuse, or safety incidents — data in this window may not be deleted upon request
Messages	12 months after last activity in the conversation or after the associated date event, whichever is later; deleted on account deletion (subject to the safety window above)
Invite and request activity records (including cancellation timing and attendance confirmations)	Retained while your account is active; subject to the standard post-deletion safety window above; used on a rolling 90-day basis for Reliability Score computation
Biometric scan data (AWS Rekognition facial data)	Deleted within 90 days of verification completion, or upon account deletion, whichever is first
Payment and tax records	7 years, as required by applicable accounting and tax law
Customer support communications	3 years after the support ticket is closed
Crash and error logs (Sentry)	90 days from capture
Safety reports and block records	Retained for the duration of the post-deletion safety window (up to 2 years); potentially longer for reports involving serious safety or legal concerns
Anonymized or aggregated analytics data	May be retained indefinitely

When you delete your account, we remove your profile, photos, and personal information from active systems, subject to the retention periods above.

6. How We Protect Your Information

We protect your information using:

• Encryption in transit: all data between your device and our servers is encrypted using TLS
• Encryption at rest: stored data, including messages and profile information, is encrypted at rest
• Access controls: access to personal information is limited to Rendez employees and contractors who need it to perform their job duties
• Biometric data isolation: facial scan data processed by AWS Rekognition is handled under a written service provider agreement that restricts AWS to using this data only for identity verification and content moderation on Rendez's behalf. AWS has no independent rights over this data. Biometric data is deleted per the schedule in Section 5.

No security system is perfect. We cannot guarantee that your information will never be accessed without authorization. If you believe your account has been compromised, contact us immediately at privacy@getrendez.com.

7. Your Choices and Controls

• Location: Disable location access in your iOS or Android device Settings at any time. If disabled, the app will use a default location until you re-enable access or update it manually in Settings.
• Push notifications: Turn off push notifications in your device Settings or in the Rendez app at Profile > Settings > Notifications.
• Profile photos: Delete individual photos from your profile at any time in the app.
• Account deletion: Delete your account at any time at Profile > Settings > Delete Account. This removes your profile and initiates deletion of your data per Section 5.
• Analytics opt-out: To opt out of Mixpanel analytics tracking, contact us at privacy@getrendez.com.
• Reliability Score: Your Reliability Score is derived from your invite and request activity records while your account is active. You cannot opt out of reliability scoring while active, as it is a core platform quality mechanism. Your underlying activity records are subject to the same deletion rights as all other data — see "Account deletion" above and the retention schedule in Section 5.

8. Children's Privacy

Rendez is intended for adults 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If we become aware that a user is under 18, we will immediately terminate the account and delete the associated information.

If you believe a minor is using Rendez, please contact us at privacy@getrendez.com.

9. Your California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

A. Categories of Personal Information We Collect

CCPA Category	Sources	Third Parties Shared With	Business Purpose
Identifiers (name, email address, phone number, device ID, IP address, internal user ID)	You directly; automatically from your device	Firebase, Twilio, Sentry, Mixpanel	Account creation, authentication, push notifications, crash monitoring, analytics
Personal records (date of birth, payment information)	You directly	Stripe, RevenueCat	Age verification (18+ gate), payment processing and subscription management
Protected characteristics (age; sex life or romantic preferences, as inferred from use of a dating platform)	You directly; inferred from app use	None	Service delivery
Commercial information (subscription and purchase history)	You directly; Stripe; RevenueCat	Stripe, RevenueCat	Billing and subscription management
Biometric information (facial scan data processed for identity verification)	You directly (via profile photos)	AWS Rekognition	Identity verification and content moderation only — no other use
Internet and network activity (screens viewed, taps, session duration; cancellation actions and attendance confirmation responses)	Automatically from your device	Mixpanel (pseudonymous user ID only — usage events only; cancellation and attendance data are retained by Rendez internally and not shared with Mixpanel)	Product analytics, improvement, and platform reliability scoring
Geolocation (precise GPS location)	Automatically from your device, with permission, foreground only	None	Displaying nearby invites; map view
Audio/visual data (profile photos)	You directly	AWS S3 (storage), AWS Rekognition (verification), other users (profile display)	Profile display, identity verification, content moderation
Inferences (dating preferences and behavior inferred from app activity)	Derived from your use of the Service	None	Service personalization, improvement, and reliability scoring
Sensitive personal information (precise geolocation; biometric data; sex life/romantic preferences; message contents)	You directly; automatically from your device	AWS Rekognition (biometric data only)	Service delivery, safety, and fraud prevention only

B. Sensitive Personal Information

We collect the following categories of sensitive personal information as defined by CPRA: precise geolocation; biometric information (facial scan data for identity verification); information about your dating and romantic preferences (inherent to using a dating platform); and the contents of your messages (sent after invite acceptance).

We do not use sensitive personal information for any purpose other than: (1) providing and improving our services to you, (2) protecting the safety and security of our platform and our users, and (3) preventing fraud and abuse. We do not use sensitive personal information to infer characteristics about you or for targeted advertising.

C. Your CCPA/CPRA Rights

You have the right to:

1. Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, and the purposes for which it is used.
2. Delete: Request deletion of your personal information. Note that we may retain certain data during the safety window described in Section 5 even after a deletion request.
3. Correct: Request correction of inaccurate personal information we hold about you.
4. Data Portability: Receive a copy of your personal information in a portable, usable format.
5. Opt-Out of Sale or Sharing: Rendez does not sell your personal information and does not share it with third parties for cross-context behavioral advertising. Because we do not engage in these practices, there is currently nothing to opt out of.
6. Limit Use of Sensitive Personal Information: Request that we limit our use of your sensitive personal information to the purposes permitted by CPRA.
7. Non-Discrimination: We will not discriminate against you for exercising any of your rights under this section.

D. How to Submit a Request

Email privacy@getrendez.com with the subject line "California Privacy Request." We will respond within 45 days. We may ask you to verify your identity before processing your request.

You may designate an authorized agent to submit a request on your behalf by providing us with written authorization or a valid power of attorney.

E. Shine the Light (Cal. Civ. Code § 1798.83)

California residents may request, once per calendar year, information about third parties to whom we disclosed personal information for their direct marketing purposes, and the categories of information disclosed. We do not disclose personal information to third parties for their direct marketing purposes. To submit a request, email privacy@getrendez.com.

F. Do Not Track

Some browsers and devices transmit a "Do Not Track" signal. We do not currently alter our data collection or use practices in response to Do Not Track signals. California law requires us to disclose this practice.

9G. Cookies and Website Tracking

The Rendez website at getrendez.com may use cookies and similar tracking technologies (such as pixels and local storage) to operate the site, remember your preferences, and analyze traffic. You can control cookie settings through your browser. We do not use cookies on getrendez.com for third-party advertising. For questions about our website tracking practices, contact privacy@getrendez.com.

10. Other U.S. State Privacy Rights

If you are a resident of Colorado, Virginia, Texas, or another state with applicable privacy laws, you may have similar rights regarding access, deletion, correction, and opt-out of data sales. To exercise these rights, contact us at privacy@getrendez.com. We will update this section as we expand to new markets and as additional state privacy laws take effect.

10B. European Privacy Rights (GDPR)

Rendez is currently available to users in the United States only. However, if you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland and access the Service, the General Data Protection Regulation (GDPR) and applicable national data protection laws may apply to our processing of your personal data.

Legal basis for processing. We process your personal data on the following legal bases:

• Contract performance: processing necessary to create your account and provide the Service
• Legitimate interests: analytics and product improvement, crash reporting, fraud and abuse prevention, platform safety
• Legal obligation: compliance with applicable laws and lawful requests from authorities
• Consent: where you have provided explicit consent, including for the processing of biometric data and precise location data

Your rights under GDPR include: access, correction, erasure, restriction of processing, data portability, objection to processing, and the right to lodge a complaint with your local supervisory authority.

International data transfers. Rendez is based in the United States. If you are in the EEA, UK, or Switzerland, your personal data is transferred to and processed in the United States. We rely on standard contractual clauses or other lawful transfer mechanisms to protect personal data transferred across borders.

To exercise your GDPR rights, contact us at privacy@getrendez.com. We will respond within 30 days.

11. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by in-app notification and/or email at least 30 days before the changes take effect. Your continued use of Rendez after the effective date of the updated policy constitutes your acceptance of the changes.

The "Last Updated" date at the top of this page indicates when this policy was most recently revised.

12. Contact Us

For privacy questions, requests, or concerns:

Rendez, Inc.
privacy@getrendez.com
440 N Barranca Ave #5494
Covina, CA 91723