Privacy Policy
Last updated: 23 April 2026
The short version
- • Every Ether user is age-verified with a live selfie. We don't store the selfie — only the age range and the result.
- • Every photo and video you upload is scanned for harmful content before anyone sees it.
- • We don't sell your data. We don't share it with advertisers.
- • You can export everything we hold about you, or delete your account entirely, at any time.
- • We're a UK company, GDPR compliant, and regulated by the Information Commissioner's Office.
The full, lawyer-reviewed version is below. If you only read one page today, read our Trust & Safety page.
1. Who we are (Data Controller)
The Ether mobile application and related services (the "Service") are operated by ARJL LTD, a private limited company registered in England and Wales.
- Company name: ARJL LTD
- Company number: 17117173
- Place of registration: England and Wales
- Contact: contact@ether.dating
Our registered office address is on the public record at Companies House. If you need to serve legal correspondence by post, please first email contact@ether.dating and we will provide the current address for service.
For the purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, ARJL LTD is the "data controller" of your personal data. In this Privacy Policy, "we", "our" and "us" refer to ARJL LTD.
2. Introduction
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you are unhappy with how we handle your personal data, although we would encourage you to contact us first.
3. Information we collect
Personal information
When you create an account or use the Service, we may collect:
- Name and date of birth
- Email address
- Profile photos and video introductions
- Gender identity and the gender(s) you are looking for
- Approximate location (city/region level, derived from device GPS when you grant permission)
- Content you upload (intros, photos, video reactions, text messages)
- Subscription and in-app purchase status
Age verification data
To verify that you are 18 or older as required by UK law, we use an automated biometric age estimation service provided by Amazon Web Services ("Amazon Rekognition"). You submit a short self-portrait photo (a "selfie") which is processed transiently by Rekognition to estimate your age range. We do not store the selfie image; we retain only the estimated age range, a confidence score, and the result (approved / rejected) as evidence of compliance with the Online Safety Act 2023.
Usage and device data
We automatically collect certain information when you use the Service, including:
- Device type, operating system, and unique device identifiers
- IP address and general location data
- Log data (including timestamps, feature interactions, and error reports)
- Crash reports and performance data (see Section 13 on analytics)
Content moderation metadata
When an upload is flagged by our safety systems, we retain metadata about the decision (outcome, confidence scores, moderation labels) for audit purposes. See Section 7 for details.
4. How we use your information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Create and manage your account
- Match you with other users based on your preferences
- Verify your age before permitting use of the Service
- Process in-app purchases and keep a record of unlocks you've bought
- Send you technical notices, updates, and support messages
- Detect, investigate, and prevent fraud, abuse, and unauthorised activity
- Scan user-generated content for child sexual abuse material (CSAM) and other harmful content (see Section 7)
- Comply with legal obligations, including the Online Safety Act 2023
5. Legal basis for processing (UK GDPR Article 6)
Under the UK GDPR we must have a lawful basis for each purpose for which we process your personal data. Our lawful bases are:
- Performance of a contract (Article 6(1)(b)): providing the Service itself — creating your account, showing you intros, delivering messages, processing in-app purchases, and matching you with other users.
- Compliance with a legal obligation (Article 6(1)(c)): verifying that you are 18 or older (Online Safety Act 2023), scanning content for CSAM (Online Safety Act 2023 and criminal law), retaining transaction records (HM Revenue & Customs record-keeping requirements), and responding to lawful requests from courts or regulators.
- Legitimate interests (Article 6(1)(f)): protecting the safety of our community (fraud detection, abuse reporting, moderation), securing the Service against attack, maintaining operational stability, and preventing misuse. Where we rely on legitimate interests, we balance our interests against your rights and freedoms.
- Consent (Article 6(1)(a)): where we ask for separate consent (for example, device push notifications, optional analytics, or the processing of your device location). You may withdraw this consent at any time via your device settings or in-app preferences.
The age verification selfie involves briefly transmitting a photo of your face to Amazon Rekognition for processing. Under UK GDPR Article 9, this is "special category" biometric processing; we rely on the substantial public interest condition in paragraph 18 of Schedule 1 to the Data Protection Act 2018 ("safeguarding of children and of individuals at risk"), because age verification is required by law to protect minors.
6. Sharing your information
We do not sell your personal information. We may share your information in the following circumstances:
- With other users: Your profile information, intros, and messages you send are visible to users you interact with on the Service.
- With sub-processors (third-party service providers who process data on our behalf): see the list below. Each sub-processor is bound by a written data processing agreement and may only use your data for the purpose we have engaged them for.
- Legal and regulatory requirements: where required to do so by law, regulation, legal process, or a binding request from a public authority (including NCMEC's CyberTipline and NCA CEOP for CSAM incidents).
- Safety and protection of rights: where we believe disclosure is necessary to prevent harm, protect our rights, or enforce our Terms of Service.
- Business transfers: in the event of a merger, acquisition, or sale of business assets, your information may be transferred as part of the transaction. You will be notified of any such change in advance where practical.
Our sub-processors
- DigitalOcean, LLC — cloud infrastructure (application hosting, database, file storage in the London, UK region)
- Amazon Web Services, Inc. — Rekognition (age verification and explicit content moderation; eu-west-2 London region)
- Sentry, Inc. — crash reporting and error tracking
- Resend, Inc. — transactional email delivery
- Mapbox, Inc. — reverse geocoding (converting GPS coordinates to city names)
- Cloudflare, Inc. — CAPTCHA (bot detection on sign-up) and domain services
- Apple, Inc. — App Store distribution and in-app purchase processing
- Expo (650 Industries, Inc.) — mobile push notification delivery
We will update this list if sub-processors change. Contact us if you would like a copy of any relevant data processing agreement.
7. Content scanning and child safety
To protect our community and comply with applicable law, all images and videos uploaded to the Service are automatically scanned before delivery using Amazon Rekognition Content Moderation, which uses machine-learning classifiers to detect child sexual abuse material (CSAM) and other harmful content. For videos, four evenly-spaced frames are sampled and scanned independently — any frame triggering detection blocks the entire upload. The classifier is a behavioural ML model, not a hash-list match against the NCMEC / IWF databases of known CSAM imagery; we will integrate a hash-list match once IWF membership becomes available to us.
If suspected CSAM is detected, the content (specifically the offending frame, where the source was a video) is immediately quarantined, the uploading account is permanently banned with all sessions invalidated, and a CyberTipline report is automatically submitted to the National Center for Missing & Exploited Children (NCMEC) — which routes UK-flagged content to NCA / IWF as part of its international cooperation framework. Our designated safety officer files an independent report with the UK National Crime Agency's Child Exploitation and Online Protection Command (NCA CEOP) at ceop.police.uk/ceop-reporting within a 24-hour service-level commitment, in accordance with the Online Safety Act 2023 and other applicable UK law. Incident evidence (provenance chain, hashes, classifier output, timestamps, IP) is retained for 90 days unless held longer under legal hold.
We operate a fail-closed system — if a scan cannot be completed for any reason, the upload is blocked rather than delivered.
Additionally, all uploads are screened for nudity, violence, and other harmful content. Content that violates our policies is blocked automatically.
8. Data storage and security
Your information is stored on secure servers in the United Kingdom (DigitalOcean's London region). Video introductions, photos, and reaction videos are stored using encrypted object storage with access controls; database backups are encrypted at rest.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including TLS encryption in transit, time-limited signed URLs for media access, role-based access controls for our staff, and continuous security monitoring.
9. How long we keep your data (retention)
We retain different categories of data for different periods, as summarised below:
| Category | Retention |
|---|---|
| Account profile, likes, conversations, messages | Until you delete your account (see Section 11) |
| Video intros | 24 hours, 72 hours, or 7 days from publication (your choice) |
| Age verification (estimated age range + confidence; no selfie) | Retained as evidence of regulatory compliance (Online Safety Act 2023) |
| CSAM incident logs (hash, labels, metadata) | 90 days, or indefinitely where a legal hold applies |
| Moderation logs and safety audit trail | Retained for platform safety and regulatory compliance |
| In-app purchase / transaction records | At least 6 years (HMRC record-keeping requirement) |
| Administrative audit logs | Retained for compliance with UK GDPR Article 30 |
| Data export archive (downloadable ZIP) | 24 hours after generation |
| Reports filed against you (by other users) | Retained for safety audit; references to deleted accounts are pseudonymised |
| Deleted account grace period | 7 days, after which your data is cascade-deleted |
When you delete your account, we perform a cascade deletion that removes your profile, intros, photos, messages, reactions, push tokens, likes, conversations (including messages both you and the other party sent), and live chat memberships. Categories listed above as "retained for regulatory compliance" are preserved but references to your account become pseudonymised once your user record is deleted.
10. International data transfers
Most of your personal data is stored on infrastructure located in the United Kingdom. However, some of our sub-processors are based outside the UK and the European Economic Area (EEA) — in particular Sentry, Resend, Mapbox, Cloudflare, Apple, and Expo are headquartered in the United States.
Where personal data is transferred outside the UK, we rely on one or more of the following legal transfer mechanisms as required by the UK GDPR:
- UK adequacy decisions — for countries the UK Government has determined provide adequate protection (e.g. EEA member states).
- UK International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the EU Standard Contractual Clauses, signed with the recipient.
- The UK Extension to the EU–US Data Privacy Framework where the US recipient is certified.
Contact us if you would like further details of the safeguards in place for any specific transfer.
11. Your rights
Under the UK GDPR you have the following rights in relation to your personal data:
- Right of access: obtain a copy of the personal data we hold about you. The app includes a one-tap data export that produces a downloadable ZIP archive; you can also email us.
- Right to rectification: correct inaccurate or incomplete data. Most profile fields are editable directly in the app.
- Right to erasure ("right to be forgotten"): request deletion of your personal data. The app includes an in-app "Delete Account" flow; after a 7-day grace period (during which you can cancel by signing back in) your data is cascade-deleted from our systems.
- Right to data portability: receive a copy of your data in a structured, commonly used, machine-readable format. The data export feature produces JSON files for this purpose.
- Right to restrict processing: ask us to pause processing of your data while we investigate an objection.
- Right to object: object to processing that is based on legitimate interests.
- Right to withdraw consent: where we rely on consent, you may withdraw it at any time.
- Right to complain: lodge a complaint with the UK ICO at ico.org.uk.
Most rights can be exercised directly in-app via Settings → Privacy & Data. For anything you cannot do from within the app, email us at contact@ether.dating. We will respond within one month as required by the UK GDPR (and may extend this by up to two further months for particularly complex requests, with notice).
12. Automated decision-making
We use automated processing in a number of places, most notably:
- Age verification — an automated biometric age estimate is used to decide whether to allow you to use the Service. This is required by law; if you dispute a decision, contact us and we will arrange a manual review.
- Content moderation — automated scanning decides whether to publish or block an upload. You can appeal a moderation decision by contacting us.
- Feed ranking — automated scoring decides the order in which you see other users' intros. This does not produce legal or similarly significant effects within the meaning of UK GDPR Article 22.
Where automated decisions do produce legal or similarly significant effects (such as age verification and content removal), you have the right to request human review of the decision.
13. Cookies and analytics
The Ether mobile application does not use HTTP cookies. Our marketing website (ether.dating) may use essential cookies only.
We use Sentry to collect crash reports, error traces, and basic performance metrics from the mobile app in order to diagnose bugs and keep the Service stable. Sentry may collect your device type, operating system, app version, and non-identifying error context. We do not use any advertising or behavioural tracking SDKs.
14. Children's privacy
The Service is not intended for anyone under the age of 18. You must complete our age verification check before you are permitted to use the Service. If we become aware that we have collected personal data from someone under 18, we will delete it promptly and terminate the account.
15. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the app and updating the "Last updated" date at the top. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
16. Contact us
If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact us at:
- Email: contact@ether.dating
For postal correspondence, please email us first and we will provide the current address for service.