Privacy Policy

1. Who We Are

This Privacy Policy is issued by TurtleByte (“we”, “us”, “our”, “Company”), a body corporate registered under the laws of India, and the developer and operator of the Amour dating application (“Amour”, “App”, “Service”).

Registered Address:
TurtleByte
G7, SGS Park View, Narayan Nagar 3rd Block,
Bangalore 560062, India

Privacy Contact: privacy-amour@turtlebyte.in

For the purposes of the Digital Personal Data Protection Act, 2023 (“DPDP Act”), TurtleByte is the Data Fiduciary responsible for your personal data. For the purposes of the Information Technology Act, 2000 (“IT Act”) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), TurtleByte is the body corporate that collects, receives, possesses, stores, deals with, or handles your data.

2. Where This Privacy Policy Applies

This Privacy Policy applies to the Amour mobile application, our website, and all related services, features, and content offered by TurtleByte under the Amour brand. If a specific feature or service has a separate privacy notice, that notice will apply in conjunction with this Policy.

3. Eligibility

Amour is intended solely for individuals who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If we become aware that a user is under 18, we will promptly delete their account and all associated data. If you believe a minor is using Amour, please report it through the in-app reporting mechanism or contact us at privacy-amour@turtlebyte.in.

In accordance with the DPDP Act, we do not process the personal data of children (persons under 18) and do not engage in tracking, behavioral monitoring, or targeted advertising directed at children.

4. Consent

4.1 How We Obtain Consent

Before collecting your personal data, we obtain your free, specific, informed, and unambiguous consent through clear affirmative actions within the App. Consent is obtained separately for each distinct purpose of data processing, including:

• Account creation consent — when you register and agree to this Privacy Policy
• Sensitive personal data consent — when you provide information such as sexual orientation, religious beliefs, or health-related details in your profile
• Aadhaar verification consent — a separate, explicit consent obtained before initiating Aadhaar-based identity verification
• Location consent — when you grant permission to access your device's location
• Camera and photo consent — when you grant permission to access your camera or photo library

Your consent constitutes valid written consent under the SPDI Rules for the collection and processing of sensitive personal data or information.

4.2 Withdrawing Consent

You can withdraw your consent at any time by:

• Adjusting your account settings within the App
• Modifying device-level permissions (location, camera, notifications)
• Contacting us at privacy-amour@turtlebyte.in
• Deleting your account

Withdrawal of consent is as easy as giving it. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Consequences of withdrawing consent:

• Withdrawing location consent will disable distance-based discovery and nearby user features
• Withdrawing camera consent will prevent you from uploading new photos
• Withdrawing consent for sensitive profile data (such as sexual orientation or religious beliefs) will result in removal of that data from your profile, which may reduce match quality
• Deleting your account will terminate access to all App features, your matches, and your message history

5. Data We Collect

5.1 Data You Provide to Us

Account Data: Email address, date of birth.

Profile Data: Name, gender, height, photographs, interests, preferences, location, sexual orientation, religious beliefs, and other details you choose to include in your profile through questionnaire responses.

Aadhaar Verification Data: If you choose Aadhaar-based verification, we process your Aadhaar number and related verification details solely for the purpose of identity verification. Aadhaar authentication is performed through Sandbox Technologies (sandbox.co.in), a UIDAI-authorized authentication/eKYC provider.

Aadhaar data is processed in accordance with the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and applicable UIDAI guidelines.

Manual Verification Data: If you choose manual verification, we collect your name, date of birth, and sexual orientation for basic identity confirmation purposes.

Chat and Communication Data: Messages, photos, audio, and other content you send or receive through the App's messaging features. Chat services are powered by GetStream.

Purchase Data: Details of in-app purchases, subscription plans, and transaction history. Payment processing is handled by RevenueCat and the respective app store (Google Play Store / Apple App Store). We do not directly store your full payment card details.

Survey and Feedback Data: Responses you provide to surveys, feedback forms, or promotional activities.

Customer Support Data: Information you provide when contacting our support team, including details of your inquiry and any supporting materials.

Third-Party Account Data: If you sign in using Google or Apple, we receive basic profile information (such as name and email address) from those services as authorized by you.

5.2 Data We Collect Automatically

Usage Data: Login times, features used, search and matching activity, communication patterns, and interactions within the App.

Technical Data: IP address, device type, device identifier, operating system, app version, network information, crash reports, and diagnostic data. Error monitoring is powered by Sentry.

Location Data: With your permission, we collect precise geolocation data (latitude and longitude) to enable location-based features such as discovery and distance display. You will be prompted with a prominent in-app disclosure before location access is enabled for the first time.

System Logs: We maintain system and network logs for a minimum of 180 days, as required by the Indian Computer Emergency Response Team (CERT-In) directions. These logs include access records, IP addresses, and timestamps.

5.3 Data Generated by Us

Analytics Data: We use PostHog to generate insights about how users interact with the App, including aggregated usage patterns and feature adoption metrics.

Compatibility and Recommendation Data: We generate compatibility scores, preference models, and recommendation data based on your profile, activity, and questionnaire responses to improve your matching experience.

Graph Data: We maintain relationship graphs (powered by Neo4j) to model connections, interactions, and social patterns within the App for discovery and safety purposes.

6. How We Use Your Data

Each category of data we collect is used for specific, defined purposes.

6.1 To Provide and Operate the Service

• Create and maintain your account and profile — Account Data, Profile Data
• Enable discovery, matching, and communication features — Profile Data, Location Data, Compatibility Data, Chat Data
• Process your purchases and subscriptions — Purchase Data, Account Data
• Provide customer support — Customer Support Data, Account Data
• Enable video and audio call features (powered by GetStream) — Account Data, Technical Data

Legal Basis: Performance of contract; your consent.

6.2 To Ensure Safety and Security

• Verify your identity through Aadhaar (eKYC) or manual verification (name, date of birth, sexual orientation)
• Detect and prevent fraud, fake accounts, and abusive behavior
• Enforce our Terms of Service and Community Guidelines
• Moderate content and investigate reports
• Maintain platform integrity through automated and manual review

Legal Basis: Legitimate interest in maintaining a safe platform; legal obligations; your consent.

6.3 To Improve and Develop the Service

• Analyze usage patterns and feature performance
• Develop new features and improve existing ones
• Conduct internal research and analysis
• Train and improve our matching algorithms and compatibility systems
• Monitor application performance and fix errors

Legal Basis: Legitimate interest in improving our services.

6.4 To Communicate With You

• Send service-related notifications (matches, messages, account updates)
• Send push notifications (which you can control in your device settings)
• Respond to your inquiries and support requests

You may opt out of promotional or marketing communications at any time through your account settings. However, you cannot opt out of essential service communications (such as security alerts, account notifications, and legal notices) while your account remains active.

Legal Basis: Performance of contract; your consent.

6.5 To Comply With Legal Obligations

• Respond to legal process, court orders, or government requests
• Preserve evidence when required by law
• Report unlawful content or activity as required by Indian law, including the IT Act and associated rules
• Maintain system logs as required by CERT-In

Legal Basis: Compliance with legal obligations.

7. How We Share Your Data

7.1 With Other Members

Your profile information (name, photos, bio, age, interests, and other details you choose to make visible) is shown to other Amour members as part of the discovery and matching experience. Messages you send are visible to the recipients.

7.2 With Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

These providers process data on our behalf under lawful contracts and are contractually bound to:

• Protect your data using appropriate security measures
• Use your data only for the purposes we specify
• Not further disclose your data to any third party without our authorization
• Delete or return your data upon termination of the service arrangement

7.3 With Law Enforcement and Government Authorities

We may disclose your data when required to do so by law, regulation, court order, or governmental request, including requests under the IT Act, the Bharatiya Nyaya Sanhita (BNS), and applicable rules and regulations. Government agencies may access data for identity verification, prevention, or investigation purposes in accordance with applicable law.

7.4 In Connection With Corporate Transactions

If TurtleByte undergoes a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.

7.5 With Your Consent

We may share your data in other circumstances if you give us your explicit consent to do so.

8. Data Storage and Cross-Border Transfers

Your data is primarily stored on servers located in India. Some data may be processed in other jurisdictions where our service providers operate. When data is transferred outside India, we ensure:

• The transfer is made only to jurisdictions not restricted by the Central Government under the DPDP Act
• The receiving entity ensures a level of data protection equivalent to that provided under Indian law
• Appropriate contractual safeguards are in place

9. Data Retention

We retain your data for as long as your account is active and as needed to provide you with the Service. Once the purpose for which data was collected has been fulfilled, we delete or anonymize it unless retention is required by law.

Account Closure: When you close your account, your profile becomes invisible to other members immediately.

Automatic Closure: Accounts inactive for two years are automatically closed.

Post-Closure Retention:

De-identified Data: Data that has been fully anonymized and cannot be linked back to you may be retained indefinitely for research, analytics, and service improvement purposes.

10. Your Rights

Under the Digital Personal Data Protection Act, 2023 and the SPDI Rules, you have the following rights:

Right to Access: You can request a summary of the personal data we hold about you and how it is being processed.

Right to Correction: You can update your profile data directly in the App. For other data corrections, contact us at privacy-amour@turtlebyte.in.

Right to Erasure: You can delete your account through the App settings. You may also submit a formal deletion request by emailing privacy-amour@turtlebyte.in or through our web-based data deletion form at https://api.amour.app/data-deletion. Data deletion is available even if you no longer have the App installed.

Right to Withdraw Consent: You can withdraw your consent at any time as described in Section 4.2. See that section for specific consequences of withdrawal for each data type.

Right to Grievance Redressal: You have the right to raise a grievance with our Grievance Officer (see Section 13). If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India.

Right to Nominate: You have the right to nominate another person to exercise your rights in the event of your death or incapacity, as provided under the DPDP Act. To register a nominee, contact us at privacy-amour@turtlebyte.in with the nominee's name, contact details, and your relationship to them. We will verify the request and confirm the nomination.

To exercise any of these rights, contact us at privacy-amour@turtlebyte.in. We may verify your identity before processing your request. We will respond within a reasonable time and in no case later than the time period prescribed by applicable law.

11. Data Security

We implement reasonable security practices and procedures as required by Section 43A of the IT Act and Rule 8 of the SPDI Rules to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security program includes:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Incident response procedures
• Comprehensive information security policies and procedures commensurate with the sensitivity of the data we handle

Our security practices are aligned with industry-standard frameworks, including ISO/IEC 27001. We conduct periodic security audits as required by the SPDI Rules.

While we strive to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

12. Data Breach Notification

In the event of a personal data breach that affects your data:

• We will report the breach to the Indian Computer Emergency Response Team (CERT-In) within 6 hours of becoming aware of the incident, as required by CERT-In directions
• We will notify the Data Protection Board of India as required under the DPDP Act
• We will notify affected users promptly, informing you of the nature of the breach, the data involved, and the steps we are taking to address it
• We will take immediate remedial measures to contain the breach and prevent further unauthorized access

13. Grievance Officer

In accordance with the IT Act, the SPDI Rules, and the DPDP Act, the details of our Grievance Officer are:

The Grievance Officer will:

• Acknowledge your complaint within 24 hours of receipt
• Resolve your complaint within 15 days of receipt, or within one month in cases involving complex inquiries, in accordance with applicable law

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App or by other appropriate means before the changes take effect. Your continued use of the Service after the updated Policy becomes effective constitutes your acceptance of the changes.

15. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

16. Supplementary Information

16.1 Cookies and Similar Technologies

Amour is primarily a mobile application. We use local storage and similar technologies on your device to maintain your session, remember your preferences, and improve performance. We do not use third-party advertising cookies.

16.2 Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any data to them.

16.3 Sensitive Personal Data

By creating a profile on Amour and providing information about your sexual orientation, religious beliefs, or other sensitive categories, you provide explicit consent for us to process that data as described in this Policy. This consent is obtained through a clear, affirmative action at the time of data collection. You may withdraw this consent at any time as described in Section 4.2.

We do not publish or make publicly available any sensitive personal data or information collected from you.

16.4 Governing Law

This Privacy Policy is governed by the laws of India, including but not limited to the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.