Privacy Policy

Effective date: May 21, 2026

Last updated: May 21, 2026

1. Who We Are & Scope

1.1 This Privacy Policy ("Policy") describes how Howl Dating, Inc. ("Howl," "we," "us") collects, uses, discloses, and protects personal information when you use the Howl mobile application, our website at www.howldating.com, and any related services (collectively, the "Service").

1.2 Controller. For purposes of the EU/UK General Data Protection Regulation, Howl Dating, Inc. is the data controller of personal data processed through the Service.

1.3 Scope. This Policy applies to information collected through the Service. It does not apply to third-party sites, services, or applications, including the Apple App Store, Google Play, or any service you reach by clicking a link in the Service.

2. Information We Collect

2.1 Information You Provide.

• Account & Contact: mobile phone number, email address (if provided), gender for matching purposes, the gender(s) you are looking for, age range you are looking for, and an approximate distance radius.
• Age Confirmation: a representation that you are 18 or older. We may, in our discretion, require additional age verification.
• Mood Indicator: a short profile element (e.g., three emoji) you select before entering a session.
• Verification Selfies: a live selfie taken at the start of each session using your device's front-facing camera.
• Messages & Interactions: chats with matches, "icebreaker" messages, "howls," "save for later" actions, ✓/✗ votes, and similar in-app interactions.
• Support & Reports: the content of communications you send to us (e.g., abuse reports, support tickets, legal notices).

2.2 Information Collected Automatically.

• Device & Technical: device model, operating system, app version, language, time zone, IP address, network type, advertising identifier (only with your permission), crash logs, and diagnostic data.
• Approximate Location: derived from your IP address, the location permission you grant the app, or your stated distance radius. We do not require, and do not retain, precise GPS location history.
• Usage: session times, features used, actions taken, and engagement metrics, used for service operation, debugging, and product analytics.
• Cookies & Similar. See Section 12.

2.3 Information from Third Parties. If you sign in through Apple, Google, or another identity provider, we receive limited account information from that provider (typically email and a unique identifier). If you make a purchase, we receive transaction confirmation (but not full payment-card data) from the applicable platform or payment processor. Fraud-prevention partners may provide signals about suspected fraudulent activity associated with your device or network.

2.4 Sensitive Information We Do Not Solicit. We do not solicit and do not need: government-issued ID numbers (except where required for age or fraud verification), Social Security numbers, payment-card numbers (handled by platforms/processors), precise geolocation history, full contact lists, photo-library access (we use only the live camera capture), health information, religious or political views, racial or ethnic origin, sexual-orientation labels beyond match preference, trade-union membership, or criminal history.

3. Biometric Information — Detailed Disclosure

3.1 What Is Collected. When you take a verification selfie, our software processes the image and, where available, the depth map produced by your device's depth-sensing camera. From these inputs we derive:

• a facial-geometry template (a mathematical representation of facial features);
• a three-dimensional structural map (where supported) used to confirm that a real, live, three-dimensional face is presenting to the camera, rather than a photograph, screen, mask, or generated image; and
• liveness and authenticity scores computed from the foregoing.

We collectively call this "Biometric Information." Under Illinois law (740 ILCS 14, the Biometric Information Privacy Act, or "BIPA"), Texas Capture or Use of Biometric Identifier statute (Bus. & Com. Code § 503.001), Washington H.B. 1493, and analogous laws of other states, this constitutes the collection of biometric identifiers and/or biometric information.

3.2 Specific Purposes. We collect, use, and store Biometric Information for the following specific purposes, and no others:

• to confirm that you are a real, live human presenting in real time;
• to detect impersonation, deepfakes, AI-generated imagery, replay attacks, mask attacks, screen attacks, and similar fraud;
• to match a returning user to the same person across sessions, supporting our anti-duplicate-account safeguards;
• to investigate reports of abuse, fraud, harassment, or impersonation; and
• to train, test, and improve our authenticity-detection models, only on de-identified or technically isolated data, and only in accordance with this Policy and applicable law.

3.3 Retention Schedule. Biometric Information templates are retained no longer than necessary to fulfill the purposes above, and in any event no longer than three (3) years following your last interaction with the Service, after which they will be permanently destroyed in accordance with our written retention schedule and applicable law. Raw selfie images are deleted in accordance with the schedule in Section 7.

3.4 Consent. By creating an account and submitting a selfie, you have provided written consent to the collection, capture, storage, and use of your Biometric Information for the purposes described above. You can review and withdraw consent at any time, as described in Section 8 (Your Rights).

3.5 No Sale; Limited Disclosure. We do not sell, lease, trade, or otherwise profit from Biometric Information. We do not disclose Biometric Information to any third party except: (a) a service provider that is contractually bound to process Biometric Information only on our behalf, only for the purposes above, and only subject to confidentiality and security obligations at least as protective as those in this Policy; (b) when required by warrant, subpoena, or other valid legal process; or (c) with your specific, advance written consent.

3.6 Storage & Security. Biometric Information is stored using industry-standard protections, including encryption at rest and in transit, access controls, and audit logging. We do not store Biometric Information in any manner less protective than the manner in which we store our own confidential information.

4. How We Use Information

We use the information described above for the following purposes:

• To provide the Service: create accounts, authenticate users, show you other users during a session, deliver messages, run the nightly window, and reset state.
• To verify authenticity: process Biometric Information as described in Section 3.
• To keep the Service safe: detect and prevent fraud, abuse, harassment, impersonation, and other Terms violations; respond to reports; investigate incidents.
• To communicate with you: service announcements, support, legal notices, security alerts.
• To debug and improve: diagnose crashes, fix bugs, measure quality, and make the Service better.
• To comply with law: respond to legal process; defend against legal claims; enforce our Terms.
• For transactions: process any purchases or subscriptions you make; provide receipts; prevent payment fraud.

5. Legal Bases (EU/UK Users)

If GDPR applies to you, we rely on the following legal bases:

• Performance of a contract (Art. 6(1)(b)) — to deliver the Service you requested;
• Legitimate interests (Art. 6(1)(f)) — to keep the Service safe, prevent fraud, debug, and improve, balanced against your rights;
• Legal obligation (Art. 6(1)(c)) — to comply with law;
• Consent (Art. 6(1)(a) and Art. 9(2)(a) for special-category biometric data) — for biometric processing, marketing communications (if any), and other consent-based features.

6. Sharing & Disclosure

6.1 With Other Users. Your verification selfie, mood indicator, and any matching attributes you have set are visible to other users in your area during an open session, in accordance with the Service's design.

6.2 Service Providers. We disclose information to vendors who process it on our behalf to operate the Service. Categories include: cloud hosting and storage; communications and messaging infrastructure; analytics and crash reporting; fraud and abuse detection; customer support; legal and accounting; and payment processing. We require each provider to handle data in accordance with this Policy and applicable law.

6.3 Legal Requests. We may disclose information when we believe in good faith that disclosure is required by warrant, subpoena, court order, statute, or regulation; to comply with a legal obligation; to protect the rights, property, or safety of Howl, users, or others; or in connection with an investigation of suspected illegal activity. We will challenge requests we believe are overreaching, and where permitted by law we will notify the affected user.

6.4 Corporate Transactions. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, dissolution, or sale of assets, information may be transferred as part of the transaction, subject to confidentiality protections.

6.5 Aggregated & De-Identified Data. We may use and share aggregated or de-identified information that does not reasonably identify any individual for any purpose, including research, analytics, and public reporting.

7. Retention

We retain personal information only as long as necessary for the purposes described above and as required by law. Specific schedules include:

• Active account data: for as long as your account is active.
• Verification selfies (raw images): retained for up to seven (7) days for fraud and abuse review, then deleted from active systems.
• Biometric templates: see Section 3.3 (no longer than three (3) years after last interaction).
• Messages: retained on active systems only during the open window and for up to 24 hours thereafter.
• Match state: reset daily at sunrise local time.
• Device and technical logs: typically up to 90 days, longer when reasonably necessary for security or legal purposes.
• Support correspondence: up to three (3) years.
• Records required by law: retained for the period required (e.g., tax, financial, regulatory).
• Backups: may persist for a limited period after deletion from active systems and are overwritten on a rolling basis.

8. Your Rights

Subject to applicable law, you may have the following rights:

• Access — to obtain a copy of personal information we hold about you;
• Correction — to correct inaccurate information;
• Deletion — to delete your account and associated data;
• Portability — to receive your information in a machine-readable format;
• Restriction — to restrict certain processing;
• Objection — to object to processing based on legitimate interests;
• Withdrawal of consent — to withdraw any consent you have provided (including for biometric processing);
• Non-discrimination — to exercise any of these rights without retaliation or discriminatory treatment;
• No automated decision-making having legal effect. We do not subject you to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, other than authenticity-detection used to determine eligibility to enter the Service, which is supported by human review on request.

To exercise a right, email privacy@howldating.com or use in-app account-deletion controls. We will respond within the time required by applicable law (typically 30–45 days). We may ask you to verify your identity before responding. You may use an authorized agent to make requests on your behalf where permitted by law; the agent must provide written authorization and we may require the agent to verify the agent's identity.

If we deny a request, you may appeal by replying to our response. EU/UK users have the right to file a complaint with their data protection authority.

9. U.S. State Privacy Disclosures

9.1 California (CCPA/CPRA). Within the prior twelve (12) months, we have collected the categories of personal information described in Section 2 and have not "sold" personal information as that term is defined in the CCPA. We have "shared" personal information for cross-context behavioral advertising: No. Categories disclosed for business purposes: identifiers, commercial information (limited to transaction confirmations), internet/network activity, geolocation data (approximate), audio/visual information (selfies), and biometric information (see Section 3). Sources, purposes, and recipient categories are as described in this Policy.

California residents have the right to know, delete, correct, opt out of sale/share (we do not sell or share for cross-context behavioral advertising), limit use of sensitive personal information, and not be discriminated against for exercising rights. To exercise, email privacy@howldating.com. "Shine the Light" requests (Cal. Civ. Code § 1798.83): we do not share personal information with third parties for those third parties' direct-marketing purposes.

9.2 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon, Montana, Tennessee, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Maryland, Minnesota, Kentucky, Rhode Island, Indiana, and other state laws as they take effect. Residents of these states have rights similar to those described in Section 8, including (depending on state) the right to access, correct, delete, port, opt out of the processing of personal data for targeted advertising, sale, or profiling that produces legal or similarly significant effects, and appeal denials. To exercise, email privacy@howldating.com. We do not engage in profiling that produces legal or similarly significant effects, and we do not engage in "targeted advertising" or "sale" as those terms are defined under these laws.

9.3 Sensitive Data Consent. Where state law treats biometric data, precise geolocation, or other categories as "sensitive personal data" requiring consent, our consent flow in-app provides that consent.

9.4 Nevada. Nevada residents may opt out of any future sale of personal information by emailing privacy@howldating.com. We do not currently sell.

10. International Transfers

We are based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and possibly other jurisdictions. For transfers from the EU/UK/Switzerland, we rely on (a) the EU Standard Contractual Clauses; (b) the UK International Data Transfer Addendum, where applicable; and/or (c) other lawful transfer mechanisms. Contact privacy@howldating.com to request a copy of the relevant transfer mechanism.

11. Children

The Service is strictly limited to adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we become aware that a person under 18 has provided information, we will terminate the account, delete the data, and may notify authorities where required. Parents or guardians who believe their child has provided information should contact privacy@howldating.com immediately.

12. Cookies & Similar Technologies

Our website uses cookies and similar technologies (e.g., local storage, SDKs in-app) for essential functionality (sign-in state, security), measurement, and limited analytics. We do not use third-party advertising cookies. You can control cookies through your browser and your device's privacy settings. You can also opt out of any future use of cookies for analytics by emailing privacy@howldating.com.

Global Privacy Control: Where required by law, we treat a Global Privacy Control ("GPC") signal as a valid opt-out of "sale" and "sharing" for cross-context behavioral advertising.

13. Security

We take reasonable and appropriate technical, administrative, and physical measures designed to protect personal information against unauthorized access, loss, misuse, alteration, and destruction. These include encryption in transit and at rest, access controls based on least-privilege, audit logging, network segmentation, secure development practices, and personnel training. No method of transmission or storage is 100% secure. In the event of a data breach affecting your information, we will notify you and applicable regulators as required by law.

14. Third-Party Links & Services

The Service may contain links to third-party websites or services. We are not responsible for those third parties' privacy practices. We encourage you to review their policies.

15. Changes to This Policy

If we update this Policy in a material way, we will notify users via in-app notification or to the email address associated with the account at least thirty (30) days before the change takes effect, except for changes required by law or to address security incidents. The "Last updated" date at the top of this Policy will always reflect the most recent revision.

16. Do Not Track

Our website does not respond to "Do Not Track" signals because no common standard for responding to such signals has been adopted. We do, however, honor Global Privacy Control as described in Section 12.

17. Contact

For privacy questions, requests, or to exercise your rights:

Howl Dating, Inc.
Attn: Privacy Office
Howl Dating, Inc.
Attn: Legal
1804 East Ocean Boulevard
Long Beach, California 90802
Email: privacy@howldating.com

EU/UK Representative: Not currently applicable. Howl does not target users in the European Union or United Kingdom at this time. An Article 27 representative will be appointed if and when Howl extends service to those regions.

Data Protection Officer (if applicable): Not currently appointed. A Data Protection Officer will be designated if and when Howl is required to appoint one under applicable law (for example, upon expansion into jurisdictions that mandate one).