Privacy Policy
BeeBaby (“BeeBaby”, “we”, “us”, “our”) is an AI-assisted social and dating service. Your personal AI “twin” autonomously breaks the ice and holds early conversations on your behalf, and we bring forward the people worth meeting so you can take the conversation from there. This Privacy Policy explains what personal data we collect, how and why we use it, who we share it with, and the rights and choices you have.
This Policy applies to the BeeBaby mobile apps, websites, and related services (together, the “Service”). Because this is a dating service, some information you provide is personal or sensitive and may be visible to other users. Please read this together with our Terms of Service.
- Who we are & how to contact us
- Data we collect
- Sensitive information
- Face & liveness data
- Your AI twin & LLM processing
- How & why we use your data
- What other users can see
- How we share data
- International data transfers
- Retention & deletion
- Your privacy rights
- Security
- Age requirement (18+)
- Push & marketing choices
- Changes to this Policy
1. Who we are & how to contact us
The data controller responsible for your personal data is BeeBaby HK Limited, a company registered in the Hong Kong Special Administrative Region at RM 603 6/F LAWS COML PLZ 788 CHEUNG SHA WAN RD, CHEUNG SHA WAN.
- Privacy contact: support[AT]beebaby.ai
- Support: support[AT]beebaby.ai
2. Data we collect
Information you give us
- Account & identity. When you sign in with Google or Apple, we receive a verified identifier and basic profile fields such as your email address and name from that provider, plus authentication tokens. (Phone-number sign-in is currently hidden behind a feature flag; if enabled, we would collect your phone number and verification data.)
- Profile & dating data. Photos, date of birth / age, gender and who you’re interested in, bio, interests, lifestyle attributes (such as exercise, drinking, smoking, and family plans, including whether you have or want children), dealbreakers, occupation and industry, education, height, hometown and current city, languages, relationship intent, values (including, where you choose to share them, your openness about politics and religion and the causes you care about), and your answers to profile prompts.
- Personality & preferences. Your answers to in-app assessment questions, from which we derive personality traits (e.g. a “Big Five” profile), values, and the persona that powers your AI twin.
- Face / liveness check. A selfie and a short liveness capture used to confirm you are a real person — see Section 4.
- AI twin training & content. Training chats, profile notes, instructions, preferences, and generated summaries used to create and improve your twin.
- Conversations & social content. Messages you exchange with other members after a match, AI-twin icebreaker conversations, match/handoff records, gifts, reactions, reports, feedback and corrections, and support requests.
- Purchases. Coin balances, gift activity, subscription status, and purchase/refund records. Payments are processed by the Apple App Store or Google Play; we do not receive your full payment-card details.
Information generated through your use of the Service
- Matching & chemistry records. Dispatches, match scores, chemistry signals, AI-twin conversation results, handoff decisions, relationship status, read/peek states, and reply timing.
- Device & technical data. IP address, device model and operating system, app version, language, a device/installation identifier, an app-instance identifier and analytics event data (via Firebase), push-notification tokens, and diagnostic/usage logs.
- Location. The city/region associated with your profile, and approximate location derived from your IP address. If you tap “use my location” when choosing your city, your device shares precise coordinates, which we process momentarily to suggest nearby cities; we store the city/region you select and its coordinates — not your precise GPS location. You can decline the location permission and search for your city instead.
- Usage data. How you interact with features, to operate and improve the Service.
Information from third parties
- Sign-in providers (Google, Apple).
- App stores and payment partners (Apple App Store, Google Play).
- Service providers that support liveness checks, AI/LLM processing, hosting, analytics, crash reporting, moderation, support, email, and push.
- Other users, when they message, report, gift, or otherwise interact with you.
We use Firebase, a Google service, for two purposes: (a) Firebase Cloud Messaging to deliver push notifications, and (b) Google Analytics for Firebase to understand aggregate app usage and improve the Service. Through Firebase, Google may process identifiers such as a push-notification token, an app-instance identifier, device and event data, and approximate (IP-derived) location. We use this for product analytics, reliability, and notifications — not for third-party advertising; we do not use cross-app advertising SDKs or advertising identifiers. Our website serves static pages and sets no cookies and no analytics or advertising trackers. [PLACEHOLDER: counsel to reconcile the Firebase / Google Analytics data above with your Apple “App Privacy” labels and Google Play “Data safety” answers before publishing.]
3. Sensitive information
Some data we process may be sensitive / special-category under applicable law, including biometric or biometric-derived liveness data, photos and selfies, who you are interested in and other dating preferences, political opinions, religious or philosophical views, and the causes you care about (where you choose to share them), message content, location, personality and values data, and inferences about compatibility or attraction. Where the law requires it, we ask for your consent before processing sensitive data. You can withdraw consent where legally available, but some features may not work without the data needed to provide them.
4. Face & liveness data
To keep the community real and reduce impersonation, we ask you to take a selfie and complete a liveness check, performed using Amazon Web Services (AWS) Rekognition Face Liveness. This may involve processing face geometry derived from your image, which is treated as biometric / special-category personal data in many jurisdictions. We process it only:
- with your explicit consent, given before the check and withdrawable at any time; and
- for the sole purpose of verifying you are a live, real person and matching the selfie to your profile photo(s). We do not use it for advertising and do not sell it.
What we keep, and for how long. Your selfie and liveness capture are stored for up to 1 month and then automatically deleted by an automatic storage-lifecycle expiration rule. From the check we retain a liveness reference image and related face-check metadata (such as a face bounding box and image-quality data), which we use to verify that photos you upload later are really you. We keep this reference data for as long as your account is active and we need it for verification, and we delete it — both the reference image and its face metadata — when you delete your account. We use this data only for liveness and identity verification — never for advertising — and your selfie is not displayed anywhere in the app.
U.S. biometric laws (Illinois, Texas, Washington). If you are in a state with a biometric privacy law, the following applies. We collect and store biometric identifiers and biometric information (face geometry derived from your selfie and liveness capture) only after you give a written release (your written consent), and solely to verify you are a live, real person and that later photo uploads are really you. We do not sell, lease, trade, or otherwise profit from your biometric data. We protect it using a reasonable standard of care and retain it only as long as needed for verification: the selfie and liveness capture for up to 1 month, and the liveness reference image and face metadata until you delete your account or within 3 years of your last interaction, whichever comes first — after which it is permanently destroyed. [DRAFT — counsel to finalize the standalone written release / consent flow (separate from this Policy, shown before capture), the exact retention schedule, and the destruction timeline required by BIPA, Texas CUBI, and Washington’s biometric law (RCW 19.375).]
5. Your AI twin & LLM processing
Your AI twin is generated and operated using automated systems, including third-party large-language-model (LLM) providers. To generate its messages and assess compatibility, we send relevant inputs — prompts, your profile and personality context, training history, AI-twin instructions, and conversation context — to those providers, which return generated text, evaluations, or structured output. They process the data to provide the service to us under contractual confidentiality and security terms.
AI output can be imperfect. We use technical and policy controls to reduce unsafe or misleading behavior, but you should review important messages and decisions yourself. We do not promise that AI-generated compatibility or chemistry scores, or handoff recommendations, predict any relationship outcome.
Our current LLM provider is Google (the Gemini API), and avatar images are generated using Google’s Gemini image model. We use the paid Gemini API, under which Google does not use the data we submit to train its models and processes it only to provide the service. LLM providers may process data in countries outside your own (see Section 9). [PLACEHOLDER: confirm Google’s then-current Gemini API data-governance retention window before publishing, and update this section if you add or change LLM providers.]
6. How & why we use your data
| Purpose | Examples | Legal basis (EEA/UK) |
|---|---|---|
| Provide the Service | Create your account, build your AI twin, show profiles, run dispatches, produce match handoffs, deliver messages, maintain coins/gifts/subscriptions, and sync across devices. | Contract; consent for optional/sensitive features where required. |
| Personalize matching & AI twin behavior | Use profile, training, values, preferences, and conversation signals to improve icebreakers, chemistry scoring, and handoff quality. | Contract; legitimate interests; consent for special-category data where required. |
| Liveness, trust & safety | AWS Rekognition liveness checks, abuse/scam detection, moderation, prompt-injection and manipulation defenses, account integrity, report handling, and fraud prevention. | Consent where required for biometrics; legitimate interests; legal obligations. |
| AI / LLM processing | Send relevant prompts, profile context, training content, and conversation context to third-party LLM providers to generate or evaluate AI-twin output. | Contract; legitimate interests; consent where required for sensitive data. |
| Communications | Service notices, push notifications, match updates, safety notices, support replies, and (where allowed) product/marketing announcements. | Contract; legitimate interests; consent where required. |
| Improve & debug | Analyze logs, traces, crashes, aggregate usage, feature performance, and quality outcomes. | Legitimate interests; consent where required. |
| Legal, compliance & enforcement | Enforce our Terms, respond to legal requests, prevent harm, comply with tax/payment obligations, and protect rights and safety. | Legal obligations; legitimate interests; vital interests where applicable. |
You can withdraw any consent at any time (Section 11); this doesn’t affect processing already carried out.
7. What other users can see
A dating service necessarily shares some information with others. Depending on the feature, other members may see your profile photos, display name, age or age range, city or approximate location, bio, interests, lifestyle fields, occupation, values, selected prompts, AI-twin icebreakers, featured quotes, messages you send, gifts, and match/handoff context. Don’t share information you don’t want others to see, save, or re-share. Our Terms prohibit misuse of other members’ content, but we can’t control everything others do.
8. How we share data
- Other members — as needed to operate profiles, matching, icebreakers, messages, gifts, and handoffs (Section 7).
- Vendors & processors — hosting and database providers, AWS (Rekognition liveness + storage), Google (Gemini API for LLM processing; Firebase Cloud Messaging for push; Google Analytics for Firebase), moderation and support tools, email, and payment processors — all under contract and only for the purposes above.
- App stores & payment partners — Apple and Google, to process subscriptions, coins, gifts, refunds, and purchase validation.
- Legal & safety — authorities, regulators, or others where we believe disclosure is required by law or necessary to protect rights or safety, or to enforce our Terms.
- Corporate transactions — a merger, acquisition, financing, reorganization, bankruptcy, or asset sale, subject to this Policy.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined by California law. [PLACEHOLDER: counsel to confirm against the final analytics/SDK inventory — including Firebase / Google Analytics — and whether that analytics use implicates “sharing” under California law before publishing.]
9. International data transfers
We and our service providers may process information in the United States, the European Economic Area, the United Kingdom, Hong Kong, and other countries where we or our providers operate. Privacy laws there may differ from those where you live. For EEA, UK, and Swiss users, where required we rely on appropriate transfer mechanisms such as adequacy decisions, Standard Contractual Clauses, or the UK International Data Transfer Addendum. In particular, our processing involves Google (Gemini API, Firebase) and AWS (Rekognition liveness and storage), which may process data in the United States and other regions; for transfers out of the EEA, UK, or Switzerland we rely on the Standard Contractual Clauses (and the UK Addendum) that these providers incorporate into their data-processing terms. [DRAFT — counsel to confirm each provider’s operating regions and that the executed SCCs / UK IDTA are in place before publishing.]
10. Retention & deletion
We keep personal data only as long as needed to provide the Service, comply with law, resolve disputes, enforce agreements, maintain safety, and prevent fraud — then delete or de-identify it. Indicative periods:
| Data | Retention |
|---|---|
| Account, profile, AI twin, matches, messages, coins/gifts/subscriptions | While your account is active; after deletion, retained during a 30-day deletion cooldown, then deleted or de-identified (typically by our daily purge process) |
| Selfie / liveness capture | Up to 1 month, then automatically deleted (see Section 4) |
| Liveness reference image & face metadata | While your account is active and needed to verify your later photo uploads; deleted when you delete your account (see Section 4) |
| Purchase / tax / accounting records | De-identified where possible; where Hong Kong law requires (Inland Revenue business-record retention), kept for at least 7 years, then deleted |
| Safety / moderation / banned-account & fraud records | De-identified where possible and retained longer to keep banned users off the Service — up to 2 years |
| Support correspondence & logs | Up to 24 months |
| Backups | Rolling backups, overwritten within 30–90 days |
You can delete your account at any time in the app at Settings → Delete account, or by emailing us at support[AT]beebaby.ai. Deleting your account starts a 30-day deletion cooldown during which you cannot sign in or sign up again with the same account; after that, we delete or de-identify the personal data associated with your account, except where we must keep certain data for legal, safety, fraud-prevention, dispute, or accounting reasons.
11. Your privacy rights
Depending on where you live, you may have the right to access, correct, delete, port, restrict, or object to certain processing; withdraw consent; opt out of any “sale”/“sharing” or targeted advertising; limit use of sensitive personal information; and appeal a denied request. To make a request, contact support[AT]beebaby.ai or use in-app settings where available. We may need to verify your identity, and authorized agents may submit requests where permitted by law.
California & other U.S. state rights
California and certain other U.S. residents may have rights to know the categories of personal information collected, the sources, purposes, recipients, and retention, and whether information is sold or shared; and to access, delete, correct, opt out, limit sensitive-information use, and not be discriminated against for exercising rights.
In the past 12 months we have collected the following categories of personal information (as defined under the CCPA/CPRA). Their sources, business purposes, and retention are described in Sections 2, 6, and 10, and the categories of recipients in Section 8. We have not sold, and have not shared for cross-context behavioral advertising, any of these categories. [DRAFT — counsel to verify the categories, recipients, and sale/share status against the final SDK/vendor inventory.]
| CCPA/CPRA category | Examples we collect | Disclosed to (categories of recipients) | Sold / Shared? |
|---|---|---|---|
| Identifiers | Name, email, account ID, device/installation ID, app-instance ID, IP address, push token | Sign-in, analytics & push providers (Google), hosting/infrastructure, payment partners | No |
| Customer records (Cal. Civ. Code §1798.80) | Photos; phone number (if phone sign-in is enabled) | Hosting/storage; other members (profile photos) | No |
| Protected classification characteristics | Age / date of birth, gender, who you’re interested in | Other members; hosting | No |
| Commercial information | Coins, gifts, subscription status, purchase/refund records | App stores & payment partners (Apple, Google); hosting | No |
| Biometric information | Face geometry / liveness data; liveness reference image | Liveness provider (AWS Rekognition); storage | No |
| Internet / network activity | Feature interactions, usage and diagnostic logs, analytics events | Analytics provider (Google / Firebase); hosting | No |
| Geolocation data | City/region you select; approximate (IP-derived) location | Hosting; analytics provider | No |
| Audio / visual & similar information | Selfie and liveness capture; profile photos | Liveness / storage providers; other members (profile photos) | No |
| Professional / employment information | Occupation, industry | Other members; hosting | No |
| Education information | Education level | Other members; hosting | No |
| Inferences | Personality (e.g. Big Five), values, compatibility / chemistry signals, AI-twin persona | LLM provider (Google Gemini); hosting | No |
| Sensitive personal information | Face / biometric data; sexual orientation and dating preferences; religious or philosophical beliefs and political opinions (where you share them); message content; account access tokens; personality and values data | As above, by category; used only to provide the Service and for safety | No |
We use and disclose sensitive personal information only to provide the Service, ensure security and integrity, and for the other purposes in Section 6 — not to infer characteristics about you for any incompatible purpose. Where required, you may ask us to limit our use of sensitive personal information, subject to the features that depend on it. [DRAFT — counsel to confirm the sensitive-PI categories and the limit-use mechanics.]
EEA, UK & Swiss rights
You may have GDPR-style rights, including access, rectification, erasure, restriction, portability, objection, and consent withdrawal, and the right to lodge a complaint with your local supervisory authority. We’d appreciate the chance to address your concern first.
12. Security
We use reasonable technical and organizational measures designed to protect personal data — including access controls, encryption in transit where appropriate, logging, monitoring, and limited internal access. No online service is completely secure, and we cannot guarantee absolute security. If we become aware of a personal-data breach that affects you, we will investigate, act to mitigate it, and notify affected users and the relevant regulators where and within the timeframes required by applicable law (for example, without undue delay and, where the GDPR applies, within 72 hours of becoming aware). [DRAFT — counsel to confirm the notification thresholds and timeframes for each jurisdiction.]
13. Age requirement (18+)
The Service is for adults only — you must be at least 18 (or older where your jurisdiction’s age of majority is higher). We do not knowingly collect data from anyone under 18. If you believe an underage person is using the Service, contact us and we will investigate and delete where appropriate.
14. Push & marketing choices
Control push notifications through your device and in-app settings, and unsubscribe from marketing emails using the link in those emails. We may still send essential service and safety messages.
15. Changes to this Policy
We may update this Policy from time to time. If changes are material, we will notify you in the app or by another appropriate method before they take effect. The “Last updated” date shows when this Policy was last revised.