Privacy Policy

Privacy Policy

Last updated: April 30, 2026

This Privacy Policy explains what personal data DateIQ collects when you use our Chrome extension and website (dateiq.ai, app.dateiq.ai, api.dateiq.ai), how we handle it, where it is stored, and with whom it is shared. By using DateIQ you agree to the practices described below.

DateIQ is operated by IQ Comp Holdings LLC, a Wyoming limited liability company with its registered office at 30 N Gould St, Ste R, Sheridan, WY 82801, USA. "DateIQ", "we", "us", and "our" refer to IQ Comp Holdings LLC. "You" refers to the end user of the extension.

IQ Comp Holdings LLC is the data controller for personal data processed in connection with DateIQ.

1. Data We Collect

We collect the following categories of data:

a) Account data (collected by us)

When you create a DateIQ account, we collect:

• Email address
• Password (stored as a salted hash, never in plaintext)
• Authentication tokens issued by us (access and refresh tokens)
• Subscription plan, billing status, and AI usage counters

b) Data captured locally by the extension (stays on your device unless you use the AI features)

While you browse Tinder with the extension enabled, DateIQ passively observes responses to requests that Tinder's own web app makes, and stores a local copy of:

• Match metadata (Tinder user IDs, display names, ages, bios, photos URLs, locations when provided by Tinder)
• Conversations between you and your matches (message text, timestamps, sender/recipient IDs)
• Notes, tags, and filters you create inside the extension
• Extension preferences and settings

This information is stored on your device using Chrome's built-in storage APIs (chrome.storage.local) and the browser's IndexedDB database, and is not transmitted to our servers for storage.

c) Data sent to our servers when you use AI features

When you actively trigger an AI feature (AI Replies, Coach, Auto-Swipe AI evaluation, or Score My Profile), the data needed to fulfill that request is transmitted to api.dateiq.ai, which forwards it to the AI provider (see Section 4). Specifically:

• Always sent: your authentication token, your selected style/voice preferences, and any optional profile fields you have filled in (e.g. looking-for, must-haves, dealbreakers, topics-to-avoid).
• AI Replies and Coach: the relevant match's display name, age, and bio; up to the most recent 30 messages of your conversation with that match (sender labels and message text); any optional per-request prompt you type ("be funny", "ask about her trip", etc.).
• Auto-Swipe AI evaluation: the candidate profile's name, age, bio, city, distance, height, looking-for, schools, jobs, interests, and lifestyle descriptors (e.g. zodiac, pets, drinking, smoking, workout, gender, verified status); your evaluation prompt; and, when image evaluation is enabled for that profile, the candidate's photos.
• Score My Profile: your own bio, your own photos, and your audit prompt.

Photos. When photos are sent for vision evaluation, the extension attempts to downsample them in your browser before transmission. If a resize cannot be performed, the extension sends the photo's source URL and our server fetches the image from Tinder's CDN on the AI provider's behalf. Photo data is forwarded to the AI provider for the evaluation request and is not stored in our database.

We do not send conversation, profile, or photo data to our servers in the background — only when you explicitly invoke one of the AI features above.

d) Location search queries

When you use the location search field (for filters), the text you type is sent to nominatim.openstreetmap.org to resolve it to geographic coordinates.

e) Technical data

When your browser contacts our servers (api.dateiq.ai), our infrastructure receives standard HTTP metadata including IP address, user-agent, and timestamps. We use this only for security, rate-limiting, and abuse prevention.

We do not collect: your Tinder password, your Tinder auth token, your browser history, cookies from other sites, or data from any site other than tinder.com.

2. How We Use Your Data (Handling)

We use the data described in Section 1 only for the following purposes:

• Provide the service — authenticate you, run AI reply generation, enforce plan limits, store your settings and subscription state.
• Billing — determine your plan tier and remaining AI usage quota.
• Security and abuse prevention — detect fraud, abuse of AI endpoints, and protect accounts.
• Support — respond to requests you send to our support email.
• Legal compliance — comply with applicable law or valid legal process.

We do not use your data to train AI models, to build advertising profiles, or for any purpose unrelated to operating the DateIQ service.

3. Data Storage

• Locally stored data (matches, conversations, notes, tags, settings): stored on your device in chrome.storage.local and in the browser's IndexedDB database. It is not backed up to any DateIQ server. Uninstalling the extension, or clearing the extension's storage and site data, deletes it.
• Account data (email, hashed password, tokens, plan, usage counters): stored in our production database, hosted on managed cloud infrastructure in the United States.
• AI request payloads: processed in memory on api.dateiq.ai and forwarded to the AI provider (see Section 4). We do not persist conversation content in our database. Short-lived operational logs may contain request metadata (timestamps, token counts, error codes) but not conversation content, and are retained for up to 30 days for debugging and abuse investigation.
• Backups: account data backups are retained for up to 30 days and then overwritten.

Data is protected in transit with TLS and at rest using provider-managed encryption. Access to production systems is limited to authorized personnel and requires multi-factor authentication.

4. Data Sharing

We share data only with the following categories of recipients, and only for the purposes described:

• AI provider (OpenRouter and its underlying model providers such as OpenAI and Anthropic). When you use an AI feature, the relevant conversation snippet and prompt are forwarded by our server to the AI provider solely to generate the response. We do not authorize the provider to use your data for training, and we rely on the provider's stated policies for that commitment. See:
  • OpenRouter Privacy Policy
  • OpenAI Privacy Policy
  • Anthropic Privacy Policy
• OpenStreetMap / Nominatim. Location search strings you type are sent directly from your browser to nominatim.openstreetmap.org. See the OpenStreetMap Foundation Privacy Policy.
• Infrastructure providers. Cloud hosting, database, and email providers process account data strictly on our behalf under data-processing agreements.
• Payment processor. If you purchase a paid plan, payment details are collected and processed directly by our payment processor; we receive only billing status and the last four digits of your card. Their privacy policy governs that processing.
• Legal authorities. We may disclose data when required by law, legal process, or to protect the rights, property, or safety of DateIQ, our users, or the public.
• Business transfers. In the event of a merger, acquisition, or asset sale, account data may be transferred as part of that transaction, subject to this policy.

We do not sell your personal data. We do not share your data with advertisers. We do not share your locally-stored match or conversation data with anyone except in the narrow AI-feature flow described above.

5. Data Retention

• Local data: retained until you delete it in the extension or uninstall the extension.
• Account data: retained for as long as your account exists. If you delete your account, account data is deleted within 30 days, except where we are required to retain it for legal, tax, or fraud-prevention purposes.
• Operational logs: up to 30 days.
• Backups: up to 30 days.

6. Your Rights

Depending on where you live, you may have the following rights:

• Access — request a copy of the personal data we hold about your account.
• Correction — ask us to correct inaccurate account data.
• Deletion — ask us to delete your account and associated data.
• Portability — request a machine-readable export of your account data.
• Objection / restriction — object to, or restrict, certain processing.
• Withdraw consent — where we rely on consent, you may withdraw it at any time.
• Complain — lodge a complaint with your local data protection authority.

To exercise any of these rights, email [email protected]. You can delete locally-stored data yourself at any time from the extension settings or by uninstalling the extension.

7. Legal Bases for Processing (EEA / UK / Switzerland)

We process your data on the following legal bases:

• Performance of a contract — to provide the service you sign up for.
• Legitimate interests — security, abuse prevention, and service improvement.
• Consent — for optional features such as AI reply suggestions, which you actively choose to use.
• Legal obligation — where required by applicable law.

8. International Transfers

Our servers are located in the United States. If you access DateIQ from outside the United States, your data will be transferred to, processed, and stored in the United States. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses for international transfers.

9. Extension Permissions

The Chrome extension requests the following permissions, used only for the stated purpose:

• storage — store settings and small metadata locally via chrome.storage.local. Larger data (matches, conversations, photos cache) is stored in the browser's IndexedDB database, which does not require a separate permission.
• activeTab — interact with the currently active Tinder tab.
• tabs — detect navigation within Tinder so the extension can refresh its view of the current screen.
• sidePanel — display the DateIQ side panel UI.
• Host access to https://tinder.com/* — read responses to Tinder's own network requests so the extension can organize your matches and conversations.
• Host access to https://nominatim.openstreetmap.org/* — location search.
• Host access to https://api.dateiq.ai/* — account authentication and AI features.

The extension does not request, store, or transmit your Tinder credentials or Tinder session token.

10. Children's Privacy

DateIQ is not directed to, and may not be used by, anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact [email protected] and we will delete it.

11. Security

We protect your data with industry-standard measures including TLS in transit, encryption at rest, hashed passwords, short-lived access tokens with refresh rotation, principle-of-least-privilege access controls, and regular security reviews. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in the extension or by email to the address associated with your account. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

For privacy questions, requests, or complaints:

IQ Comp Holdings LLC 30 N Gould St, Ste R Sheridan, WY 82801, USA

• Email: [email protected]
• Support: [email protected]
• Website: https://dateiq.ai