Privacy Policy

Last updated: April 6, 2026

1. Introduction

Falcon Vista Group LLC ("we", "us", "our") operates SugarVista. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our platform.

2. Information We Collect

Information you provide:

  • Account data: username, email address, password (stored as a bcrypt hash — we never store your plaintext password), date of birth, user type
  • Profile data: city, country, bio, height, weight, body type
  • Photos: profile photos, album photos, verification selfies. EXIF metadata is stripped on upload.
  • Messages: text messages sent to other users
  • Payment data: transaction records. We do not store credit card numbers — payments are processed by third-party providers.

Information collected automatically:

  • Usage data: pages visited, features used, timestamps (via PostHog analytics)
  • Device data: browser type, operating system, screen resolution
  • IP address: used for rate limiting and security, not stored long-term
  • Cookies: authentication cookies (httpOnly, secure) and optional analytics cookies

3. How We Use Your Information

  • To provide and operate the Platform
  • To match you with other users (based on user type, location, preferences)
  • To display your profile to other users
  • To send notifications (messages, favorites, verification status)
  • To process payments for premium subscriptions
  • To moderate content and enforce our Terms of Service
  • To detect and prevent fraud, abuse, and security threats
  • To improve the Platform through anonymous, aggregated analytics

4. Information Sharing

We do not sell your personal information. We share data only in these circumstances:

  • With other users: your profile information, photos, and messages are visible to other users as described in your privacy settings
  • Service providers: we use Supabase (database/storage), Vercel (hosting), Resend (email), PostHog (analytics), and Sentry (error tracking) to operate the Platform
  • Legal requirements: we may disclose information if required by law, court order, or to protect the safety of our users
  • Business transfers: in the event of a merger, acquisition, or sale of assets

5. Data Storage and Security

Your data is stored on servers operated by Supabase (database) and Vercel (application) with encryption at rest and in transit. Photos are stored in private cloud storage with access controls.

We implement industry-standard security measures including:

  • Password hashing (bcrypt, cost factor 12)
  • Encrypted authentication tokens (RS256 JWT)
  • HTTPS everywhere with HSTS
  • Content Security Policy headers
  • Rate limiting on authentication endpoints
  • CSRF protection
  • Admin access protected by two-factor authentication (TOTP)

6. Cookies

We use the following cookies:

  • Essential cookies: authentication tokens (access_token, refresh_token) — httpOnly, secure, strictly necessary for the Platform to function. These cannot be opted out of.
  • Analytics cookies: PostHog analytics to understand how users interact with the Platform. These can be opted out of via the cookie consent banner.

You can manage cookie preferences through the consent banner displayed on your first visit.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: request a copy of your personal data (Settings → Export my data)
  • Correction: update your profile information at any time
  • Deletion: delete your account and all associated data (Settings → Delete my account)
  • Portability: export your data in a machine-readable JSON format
  • Opt out: disable email notifications and analytics cookies

To exercise these rights, use the in-app settings or contact us at privacy@sugarvista.com.

8. Data Retention

  • Active accounts: data is retained as long as your account is active
  • Deleted accounts: personal data is deleted immediately upon account deletion. Photos are removed from storage. Audit logs are retained independently.
  • Banned accounts: data is retained for 30 days after ban, then permanently deleted

9. International Transfers

Your data may be processed in countries outside your jurisdiction (including the United States and the European Union) through our service providers. We ensure appropriate safeguards are in place for such transfers.

10. Children's Privacy

SugarVista is not intended for anyone under 18 years of age. We do not knowingly collect information from minors. If we discover that a user is under 18, their account will be terminated immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Platform.

12. Contact

For privacy-related inquiries, contact us at privacy@sugarvista.com.

Falcon Vista Group LLC