Soulcial Privacy Policy (v1.0)

Effective date: 2026-04-15

This Privacy Policy (this “Policy”) explains how Soulcial Tech Limited (“Soulcial”, “we”, “us”, or “our”) collects, uses, stores, transfers, and shares personal data when you use the Soulcial mobile application, website, and related services (collectively, the “Service”).

We are committed to handling personal data in accordance with the laws of the Hong Kong Special Administrative Region, including the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) and its Data Protection Principles.

By creating an account, accessing, or using the Service, you acknowledge that we may process your personal data as described in this Policy. If you do not agree to this Policy, please do not use the Service.

This Policy is provided in English and Traditional Chinese. If there is any inconsistency or ambiguity between the two versions, the English version shall prevail.

1. Who we are

Soulcial Tech Limited
Hong Kong Special Administrative Region

For privacy enquiries, complaints, or requests relating to personal data, please contact us at:

Email: support@soulcial.co
Social: @soulcial.dating

2. Scope and important notes

This Policy applies to personal data we process when you:

  • register for or log in to the Service;
  • create, complete, or use a profile;
  • interact with other users, including matching, meetups, limited in-app chat (where enabled), and reporting;
  • purchase tickets, add-ons, memberships, recurring plans, or other paid features, where offered;
  • contact customer support or otherwise communicate with us; and/or
  • complete identity verification (KYC), where required or offered.

When we ask you to provide personal data, some fields may be mandatory and others optional. We will generally indicate this at the point of collection. If you do not provide personal data that is required for a particular feature or process, we may be unable to create or maintain your account, provide the relevant feature, process a transaction, or complete safety or verification checks.

This Policy does not apply to third-party services that you use independently, such as Apple App Store, Google Play, payment networks, device operating systems, or social media platforms. Those services are governed by their own terms and privacy policies.

3. Personal data we collect

Depending on how you use the Service, we may collect the following categories of personal data:

3.1 Account and identifier information

  • phone number, which may be your primary login identifier;
  • email address, where provided, for backup login, contact, or account support purposes; and
  • account identifiers and basic account metadata reasonably necessary to operate the Service.

3.2 Profile information you provide

  • display name and profile details you choose to provide, such as gender, relationship intentions, languages, and profile preferences;
  • date of birth, age range, or age eligibility information, including the outcome of age checks;
  • profile biography, answers to prompts, and other profile content; and
  • preferences relevant to meeting, such as meetup types, availability, and related selections.

3.3 Photos and media

  • profile photos and other media you upload; and
  • related metadata reasonably necessary to store, display, secure, review, and moderate those uploads.

3.4 Location data (with your permission or as needed for the feature)

If you grant location permission or use location-dependent features, we may collect:

  • precise device location at the time you choose to share it with us, such as GPS coordinates; and/or
  • approximate area information derived from your device location or other information you provide, such as district or broad area labels.

You can manage location permissions in your device settings. If you disable location, some features may not function properly.

3.5 Messaging, meetup, and interaction data

To operate the Service, we may collect:

  • interaction signals, such as likes, skips, matches, replies, meetup option selections, and related actions;
  • meetup-related details and status, such as proposal, confirmation, rescheduling, cancellation, attendance, or disputes, to the extent needed to schedule and manage meetups;
  • limited in-app chat messages and timestamps, where such functionality is available; and
  • safety-related interactions, such as reports, appeals, and enforcement outcomes.

3.6 Safety, trust, and moderation data

To help keep the Service and community safe, we may process:

  • moderation or risk signals relating to profile content, conduct, or misuse of the Service;
  • reports made by users and supporting materials submitted in connection with those reports, where applicable; and
  • internal review outcomes, such as warnings, restrictions, suspensions, and related audit logs.

3.7 Payment, ticket, and subscription or membership information

If you use paid features, we may process and store information such as:

  • purchase amounts, currency, product type, payment status, and timestamps;
  • payment, order, ticket, customer, subscription, membership, or transaction reference identifiers; and
  • ticket balances, order status, and usage records needed to provide the purchased feature.

We do not store full payment card numbers or CVV details. Payment card data is handled by the relevant payment provider.

3.8 Identity verification (KYC)

To enhance safety and reduce fraud, fake accounts, or abuse, we may require or offer identity verification. We may use third-party verification providers, such as Veriff or similar providers.

Such providers may process:

  • images of identity documents;
  • selfies, liveness checks, or video-based verification steps; and
  • limited identifiers needed to link the verification result to your Soulcial account, such as your Soulcial user ID and, where applicable, your email address.

We may store limited verification data for eligibility, audit, safety, and account administration purposes, such as:

  • verification status and timestamps;
  • reference or session identifiers; and
  • date-of-birth, age-band, or age-eligibility outcomes where provided to us.

Unless expressly stated otherwise in the Service, we do not store full raw identity document images or selfie media in our own database.

3.9 Device, app, and technical information

We may collect limited technical information necessary to operate, secure, and improve the Service, such as:

  • device model, operating system, app version, language settings, and other app or device configuration information relevant to functionality; and
  • logs relating to security, abuse prevention, authentication, troubleshooting, and debugging.

3.10 Crash reports and diagnostics

To maintain the stability, security, and performance of the Service, we may collect crash reports and diagnostic data when the app crashes, fails, or encounters errors. This may include:

  • the time of an error or crash, app state, and error or stack trace information;
  • device and app details relevant to diagnosing the issue;
  • limited usage signals or breadcrumbs leading up to the issue, such as which screen was opened; and
  • identifiers needed to associate a report with your session or account where reasonably necessary for troubleshooting, security, or abuse investigations.

We aim to limit such diagnostics to what is reasonably necessary for reliability, security, and debugging. Crash reports are not intended to collect the content of your private communications. However, in limited situations, diagnostic logs may capture information submitted shortly before an error, such as text entered into a form. You should avoid submitting unnecessary sensitive personal data through the Service.

3.11 Customer support and communications

If you contact us, we may collect:

  • your name, account identifiers, and contact details;
  • the content of your enquiry, complaint, or request; and
  • records of our communications with you and any materials you choose to send us.

4. How we use your personal data

We use personal data for purposes directly related to providing, operating, securing, supporting, and improving the Service, including the following:

4.1 To provide and operate the Service

  • create, maintain, and administer accounts and profiles;
  • provide matching, meetups, and related user features;
  • enable limited in-app chat where applicable;
  • display profile information to other users as part of the Service’s core functionality; and
  • process account settings, permissions, and user preferences.

4.2 To maintain safety, trust, and platform integrity

  • verify age or identity where required or offered;
  • detect, prevent, and investigate fraud, spam, scams, harassment, prohibited content, or misuse of the Service;
  • review content, reports, disputes, and appeals;
  • enforce our Terms, community rules, and safety policies; and
  • protect users, our personnel, and the Service.

4.3 To process payments and provide customer support

  • process transactions and provide paid features;
  • maintain billing, ticket, subscription, membership, and order records;
  • handle payment issues, refunds, disputes, and related support matters; and
  • respond to enquiries, requests, complaints, and operational communications.

4.4 To maintain, analyse, and improve the Service

  • monitor reliability, service quality, and operational performance;
  • troubleshoot, debug, and fix errors;
  • analyse crash reports and diagnostic logs to improve stability, security, and performance; and
  • develop, test, and improve existing or new features, including through aggregated or de-identified insights where practicable.

4.5 For legal, compliance, and risk management purposes

  • comply with applicable laws, lawful requests, and regulatory requirements;
  • maintain records for accounting, audit, insurance, legal, and risk-management purposes; and
  • establish, exercise, or defend legal claims where necessary.

We will not use your personal data for a new purpose that is unrelated to the original purpose of collection or a directly related purpose unless permitted by law or we obtain any consent required under applicable law.

5. What other users may see

The Service is social by nature. Depending on your settings and how the Service operates at the time:

  • other users may see profile information, preferences, prompts, and photos that you choose to display;
  • we may show approximate area information, such as district or broad area, rather than your precise location;
  • meetup counterparties may see information reasonably necessary to arrange or attend a meetup; and
  • contact handles or similar contact information will only be shown where the relevant feature requires mutual action, mutual consent, or equivalent in-service conditions, where applicable.

Please consider carefully what you choose to share.

6. Direct marketing

We do not currently use your personal data for direct marketing, such as mass promotional email, SMS, or similar promotional outreach.

If we wish to do so in the future, we will comply with the PDPO and other applicable requirements before using your personal data for direct marketing, including by providing the required notice, obtaining any required consent or clear indication of no objection, and giving you a free and convenient opportunity to opt out. Silence or non-response will not be treated as consent where the law requires a positive indication.

7. How we share your personal data

We do not sell your personal data.

We may share personal data only to the extent reasonably necessary for the purposes described in this Policy, including with the following categories of recipients:

7.1 Infrastructure, hosting, and product operations

Service providers that host or support our databases, cloud storage, authentication systems, analytics, delivery systems, and other core infrastructure components, including providers such as Supabase and related infrastructure partners.

7.2 Payments and commerce

Payment processors, payment facilitators, app stores, or commerce partners that help us process purchases, subscriptions, memberships, tickets, refunds, and related transactions, including providers such as Stripe, Apple App Store, and Google Play where applicable.

7.3 Identity verification providers

Third-party KYC or identity verification providers, such as Veriff or similar providers, where identity verification is offered or required.

7.4 Push notifications and essential communications

Providers that help us send service-related notifications and operational communications, such as push notification vendors like OneSignal or similar providers. These providers may process device tokens, device identifiers, and user identifiers needed for delivery.

7.5 Content moderation, translation, and safety tooling

Providers that help us detect prohibited content, enforce platform safety rules, moderate profile text or submitted content, or provide translation features, including providers such as OpenAI for moderation and DeepL for translation where such features are enabled.

7.6 SMS and email delivery providers

Providers used to send one-time passwords, verification codes, login notices, account notices, receipts, or other essential communications, including providers used through our authentication or communications stack, such as Twilio via Supabase where applicable.

7.7 Professional advisers and authorities

Our lawyers, accountants, auditors, insurers, banks, and other professional advisers where reasonably necessary, and courts, regulators, law enforcement agencies, government authorities, or other third parties where disclosure is required or permitted by law.

7.8 Error monitoring and diagnostics providers

Third-party providers that help us monitor crashes, bugs, incidents, and service reliability. These providers act on our behalf and are expected to process diagnostic data only for the purposes described in this Policy.

7.9 Corporate transactions and business reorganisation

In connection with an actual or proposed merger, acquisition, financing, investment, asset sale, restructuring, or transfer of all or part of our business, personal data may be disclosed to counterparties, professional advisers, and transaction participants, subject to appropriate confidentiality and lawful handling requirements.

Where we engage service providers or data processors, we take reasonably practicable steps, including contractual or operational safeguards where appropriate, to require them to protect personal data in a manner consistent with this Policy and applicable law.

8. Cross-border transfers

Our service providers and partners may store or process personal data on servers or systems located outside Hong Kong.

By using the Service, you understand that your personal data may be transferred to, stored in, or processed in jurisdictions outside Hong Kong where our providers or systems operate.

Where appropriate, we seek to adopt reasonably practicable safeguards, such as using reputable providers and contractual or organisational measures, having regard to the nature of the data and the circumstances of the transfer.

9. Data retention

We do not keep personal data longer than is necessary for the purposes for which it was collected or for directly related purposes, unless longer retention is required or permitted by law.

In deciding how long to retain personal data, we may consider factors such as the nature and sensitivity of the data, the purpose for which it is held, legal and regulatory requirements, accounting and audit obligations, safety and fraud-prevention needs, dispute handling, and whether deletion, anonymisation, or de-identification is reasonably practicable.

In general:

  • Account and profile data: retained while your account is active and, where reasonably necessary, for a limited period thereafter for account recovery, dispute handling, safety review, fraud prevention, or compliance purposes.
  • Safety and trust records: retained as reasonably necessary to maintain safety, prevent repeated harm, investigate misuse, and handle disputes or enforcement issues.
  • Payment, ticket, membership, and accounting records: retained as necessary for accounting, audit, tax, legal, and operational compliance.
  • Verification results and audit references: retained as reasonably necessary for eligibility, safety, fraud prevention, audit, and compliance purposes.
  • Logs, crash reports, and technical records: retained for a limited period reasonably necessary for security, abuse prevention, troubleshooting, diagnostics, and service improvement, and then deleted, aggregated, anonymised, or de-identified where practicable.

If you request account deletion, we will take reasonable steps to delete, anonymise, or de-identify personal data, subject to legal obligations, security needs, fraud prevention, dispute handling, backup limitations, and other legitimate business purposes.

10. Data security

We take reasonably practicable steps to protect personal data against unauthorised or accidental access, processing, erasure, loss, or use. Such measures may include, where appropriate:

  • access controls, permissions management, and authentication safeguards;
  • encryption in transit and other technical security measures;
  • least-privilege access for personnel and service providers;
  • monitoring, logging, and incident-response processes; and
  • contractual and operational controls for relevant vendors and processors.

No method of transmission over the internet or electronic storage system can be guaranteed to be completely secure. We therefore cannot guarantee absolute security.

11. Your rights under the PDPO

Subject to the PDPO and any applicable exemptions, you may have the right to:

  • request access to personal data we hold about you; and/or
  • request correction of personal data that is inaccurate, incomplete, or misleading.

To make a request, please contact support@soulcial.co and provide sufficient information for us to verify your identity, authority, and the scope of your request.

We may charge a reasonable fee for complying with a data access request, limited to the direct cost of compliance, where permitted by law.

Where the PDPO permits us to refuse or limit a request, we may do so and will give reasons where required.

If you are not satisfied with our handling of your personal data, you may lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong (“PCPD”).

12. Children and under-18 users

Soulcial is intended only for persons aged 18 or above.

We do not knowingly collect personal data from persons under 18 for use of the Service. If we become aware that an under-18 person is using the Service, we may suspend or terminate the relevant account and take appropriate steps in relation to associated personal data, subject to legal obligations and operational requirements.

13. Updates to this Policy

We may update this Policy from time to time.

If we make material changes, we will take reasonable steps to notify you, for example through the app, the website, or other appropriate means, and we will indicate the updated effective date.

Your continued use of the Service after the updated Policy takes effect constitutes acceptance of the updated Policy. If you do not agree to the updated Policy, you should stop using the Service.

14. Contact us

For privacy enquiries, complaints, or requests relating to personal data:

Email: support@soulcial.co
Social: @soulcial.dating

Soulcial 私隱政策(v1.0)

生效日期:2026-04-15

本私隱政策(「本政策」)說明 Soulcial Tech Limited(「Soulcial」、「本公司」、「我們」)在你使用 Soulcial 流動應用程式、網站及相關服務(合稱「本服務」)時,如何收集、使用、儲存、轉移及分享你的個人資料。

我們承諾按照香港特別行政區適用法律處理個人資料,包括《個人資料(私隱)條例》(第486章)(「PDPO」)及其保障資料原則。

當你建立帳戶、存取或使用本服務,即表示你知悉我們可能會按本政策所述方式處理你的個人資料。若你不同意本政策,請勿使用本服務。

本政策備有英文版及繁體中文版。如兩個版本有任何歧義或不一致,概以英文版本為準。

一、我們是誰

Soulcial Tech Limited
香港特別行政區

如你對本政策、我們的資料處理方式,或你的個人資料有任何查詢、投訴或要求,請聯絡我們:

電郵: support@soulcial.co
社交媒體: @soulcial.dating

二、適用範圍及重要說明

本政策適用於我們在以下情況處理你的個人資料:

  • 你註冊或登入本服務;
  • 你建立、完善或使用個人檔案;
  • 你與其他用戶互動,包括配對、見面安排、有限度 App 內聊天(如有啟用)及舉報;
  • 你購買票券、加購項目、會籍、定期計劃或其他付費功能(如有提供);
  • 你聯絡客戶支援或以其他方式與我們溝通;及/或
  • 你完成身份驗證(KYC)(如屬要求或可供使用)。

當我們要求你提供個人資料時,部分欄位可能屬必填,部分則屬選填。我們一般會在收集資料時作出標示。若你未有提供某項功能或程序所需的必要資料,我們可能無法建立或維持你的帳戶、提供相關功能、處理交易,或完成安全/驗證程序。

你自行使用的第三方服務,例如 Apple App Store、Google Play、付款網絡、裝置作業系統或社交媒體平台,不受本政策規管,並受其自身條款及私隱政策約束。

三、我們收集的個人資料

視乎你如何使用本服務,我們可能收集以下類別的個人資料:

3.1 帳戶及識別資料

  • 電話號碼(可作為你的主要登入識別);
  • 電郵地址(如你提供),用作備用登入、聯絡或帳戶支援;及
  • 為營運本服務而合理所需的帳戶識別資料及基本帳戶紀錄。

3.2 你提供的個人檔案資料

  • 顯示名稱,以及你選擇提供的個人檔案資料,例如性別、關係期望、使用語言及檔案偏好;
  • 出生日期、年齡區間或年齡資格資料,包括年齡檢查結果;
  • 自我介紹文字、問題回答及其他個人檔案內容;及
  • 與見面安排有關的偏好資料,例如約會類型、可見面時間及相關選項。

3.3 相片及媒體

  • 你上載的個人相片及其他媒體;及
  • 為儲存、展示、保安、審核及內容管理而合理所需的相關資料。

3.4 位置資料(在你授權或功能需要下)

如你授權定位,或使用依賴位置的功能,我們可能收集:

  • 你選擇分享時的裝置精準位置,例如 GPS 座標;及/或
  • 根據你的裝置位置或其他你提供的資料而得出的約略地區資料,例如地區或大分區標籤。

你可在裝置設定中管理定位權限。若你關閉定位,部分功能可能無法正常運作。

3.5 訊息、見面安排及互動資料

為營運本服務,我們可能收集:

  • 互動訊號,例如喜歡、略過、配對、回覆、約會選項選擇及相關操作;
  • 見面安排相關資料及狀態,例如提議、確認、改期、取消、出席或爭議處理,以便安排及管理見面;
  • 有限度 App 內聊天訊息及時間戳(如該功能有提供);及
  • 安全相關互動,例如舉報、上訴及執行結果。

3.6 安全、信任及內容審核資料

為協助維持本服務及社群安全,我們可能處理:

  • 與個人檔案內容、用戶行為或濫用本服務有關的審核或風險訊號;
  • 用戶作出的舉報及與該等舉報相關而提交的資料(如適用);及
  • 內部處理結果,例如警告、限制、停權及相關審計紀錄。

3.7 付款、票券及訂閱/會籍資料

如你使用付費功能,我們可能處理及儲存以下資料:

  • 交易金額、貨幣、產品類型、付款狀態及時間;
  • 付款、訂單、票券、客戶、訂閱、會籍或交易參考識別資料;及
  • 為提供已購買功能所需的票券結餘、訂單狀態及使用紀錄。

我們不會儲存完整信用卡卡號或 CVV。信用卡資料由相關支付服務供應商處理。

3.8 身份驗證(KYC)

為提升安全,並減少詐騙、假帳戶或濫用情況,我們可能要求或提供身份驗證服務。我們可使用第三方身份驗證供應商,例如 Veriff 或其他類似供應商。

該等供應商可能處理:

  • 身份證明文件影像;
  • 自拍、活體檢測或影片驗證步驟;及
  • 將驗證結果連結至你的 Soulcial 帳戶所需的有限識別資料,例如 Soulcial 用戶 ID,以及(如適用)你的電郵地址。

我們可能為資格判定、審計、安全及帳戶管理目的保留有限驗證資料,例如:

  • 驗證狀態及時間戳;
  • 參考編號或 session 編號;及
  • 出生日期、年齡區間或年齡資格結果(如供應商有向我們提供)。

除非本服務另有明確說明,我們不會在自家資料庫內保存完整原始身份證明文件影像或自拍媒體。

3.9 裝置、App 及技術資料

我們可能收集為營運、保安及改善本服務而必要的有限技術資料,例如:

  • 裝置型號、作業系統、App 版本、語言設定,以及與功能運作有關的其他 App 或裝置設定資料;及
  • 與保安、防止濫用、身份驗證、故障排查及除錯有關的系統紀錄。

3.10 Crash report 及診斷資料

為維持本服務的穩定性、保安及效能,當 App 發生當機、錯誤或異常時,我們可能收集 crash report 及診斷資料。該等資料可能包括:

  • 錯誤或當機發生時間、App 狀態,以及錯誤訊息或 stack trace 等技術資料;
  • 有助診斷問題的裝置及 App 資料;
  • 與錯誤相關的有限使用紀錄或 breadcrumbs,例如開啟過哪些畫面;及
  • 在合理需要下,用以將報告與你的使用階段或帳戶關聯的識別資料,以便進行故障排查、保安或濫用調查。

我們會盡量將此類診斷資料限制於維持穩定性、保安及除錯所合理需要的範圍。Crash report 並非旨在收集你的私人通訊內容;惟在有限情況下,診斷紀錄可能會捕捉到你在錯誤發生前剛提交的資料,例如表格輸入文字。你應避免透過本服務提交不必要的敏感個人資料。

3.11 客戶支援及通訊資料

如你聯絡我們,我們可能收集:

  • 你的姓名、帳戶識別資料及聯絡資料;
  • 你的查詢、投訴或要求內容;及
  • 我們與你的通訊紀錄,以及你選擇向我們提交的附件或其他資料。

四、我們如何使用你的個人資料

我們會將個人資料用於與提供、營運、保障、支援及改善本服務直接相關的目的,包括:

4.1 提供及營運本服務

  • 建立、維持及管理帳戶與個人檔案;
  • 提供配對、見面安排及相關用戶功能;
  • 在適用情況下提供有限度 App 內聊天功能;
  • 按本服務核心功能需要向其他用戶展示個人檔案資料;及
  • 處理帳戶設定、權限及用戶偏好。

4.2 維持安全、信任及平台完整性

  • 在需要或提供時進行年齡或身份驗證;
  • 偵測、防止及調查詐騙、垃圾訊息、騙案、騷擾、禁止內容或濫用本服務的行為;
  • 審查內容、舉報、爭議及上訴;
  • 執行我們的使用條款、社群規則及安全政策;及
  • 保護用戶、我們的人員及本服務。

4.3 處理付款及提供客戶支援

  • 處理交易並提供付費功能;
  • 維持帳單、票券、訂閱、會籍及訂單紀錄;
  • 處理付款問題、退款、爭議及相關支援事宜;及
  • 回覆查詢、要求、投訴及營運通訊。

4.4 維護、分析及改善本服務

  • 監察穩定性、服務質素及營運表現;
  • 排查故障、除錯及修復問題;
  • 分析 crash report 及診斷紀錄,以改善穩定性、保安及效能;及
  • 開發、測試及改善現有或新功能,並在可行情況下使用匯總或去識別化資料。

4.5 法律、合規及風險管理

  • 遵守適用法律、合法要求及監管規定;
  • 為會計、審計、保險、法律及風險管理目的保存紀錄;及
  • 在有需要時建立、行使或抗辯法律權利。

除非法律容許,或我們已按適用法律要求取得所需同意,否則我們不會將你的個人資料用於與原收集目的無關,且並非直接相關的新用途。

五、其他用戶可能看到的資料

本服務具社交性質。按你當時的設定及本服務運作方式:

  • 其他用戶可能會看到你選擇展示的個人檔案資料、偏好、問題回答及相片;
  • 我們可能只顯示約略地區資料,例如地區或大分區,而非你的精確位置;
  • 與你安排見面的對象,可能會看到為安排或出席見面而合理所需的資料;及
  • 聯絡方式或類似資料,一般只會在有關功能要求雙方互相操作、互相同意或符合其他 App 內條件時,才會顯示(如適用)。

請審慎考慮你選擇分享的資料。

六、直接促銷

我們目前不會使用你的個人資料作直接促銷,例如大規模推廣電郵、SMS 或類似宣傳訊息。

如日後我們擬將你的個人資料用於直接促銷,我們會先遵守 PDPO 及其他適用要求,包括提供所需通知、取得所需同意或明確「不反對」表示,並向你提供免費及方便的退出方式。若法律要求須有正面表示,沉默或沒有回應不會被視為同意。

七、我們如何分享你的個人資料

我們不會出售你的個人資料。

我們只會在本政策所述目的下,於合理所需範圍內,向以下類別收件方分享個人資料:

7.1 基礎設施、託管及產品營運

協助託管或支援資料庫、雲端儲存、身份驗證系統、分析系統、訊息投遞系統及其他核心基礎設施的服務供應商,包括 Supabase 及相關基礎設施夥伴。

7.2 付款及商務處理

協助處理購買、訂閱、會籍、票券、退款及相關交易的付款處理商、付款協調方、應用程式商店或商務合作方,包括 Stripe、Apple App Store 及 Google Play(如適用)。

7.3 身份驗證供應商

第三方 KYC 或身份驗證供應商,例如 Veriff 或其他類似供應商(如身份驗證屬提供或要求的功能)。

7.4 推送通知及必要通訊

協助我們發送服務相關通知及營運通訊的供應商,例如 OneSignal 或其他類似推送通知供應商。該等供應商可能處理通知投遞所需的裝置 token、裝置識別資料及用戶識別資料。

7.5 內容審核、翻譯及安全工具

協助我們偵測禁止內容、執行平台安全規則、審核個人檔案文字或其他提交內容,或提供翻譯功能的供應商,包括 OpenAI(用於內容審核)及 DeepL(用於翻譯)(如該等功能有啟用)。

7.6 SMS 及電郵投遞供應商

用於發送一次性密碼、驗證碼、登入通知、帳戶通知、收據或其他必要訊息的供應商,包括我們身份驗證或通訊架構中使用的供應商,例如經 Supabase 使用的 Twilio(如適用)。

7.7 專業顧問及法定機構

在合理需要下,我們的律師、會計師、核數師、保險公司、銀行及其他專業顧問;以及在法律要求或容許下,法院、監管機構、執法部門、政府機關或其他第三方。

7.8 錯誤監察及診斷供應商

協助我們監察 crash、bug、事故及服務穩定性的第三方供應商。該等供應商會代表我們處理相關診斷資料,並應僅按本政策所述目的使用該等資料。

7.9 公司交易及業務重組

如涉及實際或擬議的合併、收購、融資、投資、資產出售、重組,或我們業務全部或部分的轉讓,個人資料可能會披露予交易對手、專業顧問及相關參與方,但須受適當保密責任及合法處理要求所約束。

如我們委任服務供應商或資料處理者,我們會在適當情況下採取合理切實可行措施,包括合約或營運保障,要求其以符合本政策及適用法律的方式保護個人資料。

八、跨境轉移

我們的服務供應商及合作方可能會在香港以外的伺服器或系統上儲存或處理個人資料。

你使用本服務,即表示你明白你的個人資料可能會被轉移至香港境外、在香港境外儲存,或於香港境外被處理。

在適當情況下,我們會按資料性質及轉移情況,盡量採取合理切實可行的保障措施,例如選用具信譽的供應商,以及採用合約或組織性措施。

九、資料保留

除非法律要求或容許作較長時間保留,否則我們不會將個人資料保留超過達成收集目的或直接相關目的所需的時間。

在決定保留期限時,我們可能考慮資料的性質及敏感程度、持有資料的目的、法律及監管要求、會計及審計需要、安全及防止詐騙需要、爭議處理需要,以及刪除、匿名化或去識別化是否合理可行等因素。

一般而言:

  • 帳戶及個人檔案資料: 在帳戶啟用期間保留;帳戶關閉後,如為帳戶恢復、爭議處理、安全審查、防止詐騙或合規目的而合理需要,可能在有限期間內繼續保留。
  • 安全及信任相關紀錄: 在合理需要下保留,以維持平台安全、防止重複傷害、調查濫用行為,以及處理爭議或執法問題。
  • 付款、票券、會籍及會計紀錄: 按會計、審計、稅務、法律及營運合規需要保留。
  • 驗證結果及審計參考資料: 按資格判定、安全、防止詐騙、審計及合規需要,在合理期間內保留。
  • log、crash report 及技術紀錄: 僅在保安、防止濫用、故障排查、診斷及改善服務所合理需要的有限期間內保留,其後會在可行情況下刪除、匯總、匿名化或去識別化。

如你要求刪除帳戶,我們會採取合理步驟刪除、匿名化或去識別化個人資料,但仍須受法律義務、安全需要、防止詐騙、爭議處理、備份限制及其他合理商業目的所限制。

十、資料安全

我們會採取合理切實可行措施,保障個人資料免遭未經授權或意外查閱、處理、刪除、喪失或使用。該等措施在適當情況下可包括:

  • 存取控制、權限管理及身份驗證保障;
  • 傳輸加密及其他技術性保安措施;
  • 對員工及服務供應商實施最少權限原則;
  • 監察、記錄及事故應對程序;及
  • 對相關供應商及資料處理者實施合約及營運控制。

然而,互聯網傳輸方式或電子儲存系統均不能保證絕對安全,因此我們無法保證資料安全達至絕對無風險。

十一、你在 PDPO 下的權利

在 PDPO 及其適用豁免條文規限下,你一般可享有以下權利:

  • 要求查閱我們持有關於你的個人資料;及/或
  • 要求更正不準確、不完整或具誤導性的個人資料。

如欲提出要求,請聯絡 support@soulcial.co,並提供足夠資料,以便我們核實你的身份、權限及要求範圍。

在法律容許下,我們可就資料查閱要求收取合理費用,但只限於直接處理成本。

如 PDPO 容許我們拒絕或限制某項要求,我們可依法作出有關處理,並會在法律要求下說明理由。

如你不滿意我們處理你個人資料的方式,你可向香港個人資料私隱專員公署(「PCPD」)作出投訴。

十二、未成年人(18歲以下)

Soulcial 只供18歲或以上人士使用。

我們不會明知而收集 18 歲以下人士就使用本服務而提供的個人資料。如我們知悉有未滿 18 歲人士使用本服務,我們可能暫停或終止相關帳戶,並在遵守法律義務及營運需要的前提下,就相關個人資料採取適當措施。

十三、本政策更新

我們可能不時更新本政策。

如有重大更新,我們會以合理方式通知你,例如透過 App、網站或其他適當方式,並註明更新後的生效日期。

在更新生效後你繼續使用本服務,即表示你接受更新後的政策。如你不同意更新後的政策,應停止使用本服務。

十四、聯絡我們

如你對本政策、個人資料處理方式或相關要求有任何查詢:

電郵: support@soulcial.co
社交媒體: @soulcial.dating