Skip to Content

TwoHearts™ Dating — Privacy Policy

Effective Date: April 4, 2025 | Version: v2025.04.04

Developer: Deep Lab (PVT) LTD

At TwoHearts™, your privacy is paramount. This Policy explains how Deep Lab (PVT) LTD ("Company," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you use the TwoHearts™ mobile application ("App") and related services ("Services"). By using the App, you agree to the practices below. We comply with the Sri Lanka Personal Data Protection Act No. 9 of 2022 (PDPA), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws.

1. Information We Collect
1.1 Personal Information (provided at sign-up or later updates)

  • Full Name, Date of Birth, Ethnicity, Civil Status — each may be edited up to two times after registration

  • Partner Preference Country (permanently locked after sign-up)

  • Country of Residence, Email, Mobile number

  • Profile content: photos, gender, lifestyle details, occupation, education, interests, languages, family info, horoscope details (informational only), any other data you add

1.2 Sensitive Personal Information (voluntary)

Ethnic origin, religious or philosophical beliefs, health data, biometric data for selfie/ID verification

1.3 Usage Data

Device type and OS, identifiers (IDFA/AAID), IP address, log times, pages used, crash data, referral URLs, approximate IP location, precise GPS location (only with explicit consent), events from in-app SDKs (not browser cookies)

1.4 Data from Third Parties

Social-login info (Facebook, Google, etc.), payment-platform confirmations, user reports or referrals


2. How We Use Your Information
2.1 Service Delivery

Create and manage your account; enable matchmaking and horoscope comparisons; store any birth details you provide (date, time, place, gender) with your profile for later viewing or editing; and, for each compatibility request, transmit only those birth details—never name, email, or phone—to our third-party astrology engine, which discards the data after returning the score. We also support in-app messaging and personalized recommendations.

2.2 Safety & Security

Selfie + ID checks, fraud detection, enforcement of Terms and our Child Safety Policy (zero tolerance for CSAM, under-18 use, or exploitation)

2.3 Communication

Mandatory service notices; optional marketing (opt-out any time)

2.4 Analytics & Development

Measure performance, improve features, train moderation systems

2.5 Legal & Compliance

Fulfill legal duties, resolve disputes, prevent fraud

3. Legal Bases for Processing

Consent (optional data, marketing, horoscope), Contractual necessity (service delivery), Legal obligation (records, tax, law-enforcement), Legitimate interests (security, analytics) — always balanced against your rights.

4. In-App Tracking & Analytics

SDKs record essential, functional, analytics, and (for free users) advertising events. You can limit advertising IDs or revoke GPS permission via device settings; core functionality may require certain data.

5. How We Share Your Information
5.1 With Other Users

Only profile elements you choose to display (never email, phone, social or horoscope details unless you share it yourself)

5.2 With Service Providers

Payments, cloud hosting, image-moderation AI, analytics — each bound by confidentiality and data-protection contracts

5.3 With Partners or Affiliates

Only if you give consent

5.4 Legal & Safety

When required to comply with law or protect rights

5.5 Business Transfers

Merger, acquisition, or asset sale

5.6 With Your Consent

Any other sharing not listed

6. Data Security

We use encryption in transit and at rest, strict access controls, secure hosting, regular risk assessments, and moderator training in privacy and child-safety protocols. No system is 100% secure; keep your credentials confidential.

7. Your Rights

Depending on your region, you may access, correct, delete, restrict, or object to processing; withdraw consent; and request human review of automated decisions. Email support@twohearts.dating. We may verify identity; most requests are handled within 30 days.

8. Data Retention

  • Profile & messages: up to 12 months after account deletion (fraud and safety investigations)

  • Transaction logs: 3 years (legal and tax)

  • Financial records: 7 years (audit laws)

  • Anonymized, non-identifiable analytics: retained indefinitely

All periods follow Section 25 of Sri Lanka PDPA and industry standards. After expiry, data is erased or irreversibly anonymized.

9. Account Deletion

Delete any time in App (Menu → Settings → Delete Account) or email support@twohearts.dating ("Account Deletion Request").

  • Account hidden and marked for deletion; 30-day restoration window

  • After 30 days, deletion is permanent; data retained only as described above

  • Subscriptions must be cancelled separately; uninstalling the App does not cancel billing

Full details: see our Data Deletion Policy.

10. International Transfers

Where data moves outside your country we rely on adequacy decisions, Standard Contractual Clauses, or your explicit consent, and implement appropriate safeguards.

11. Advertising & Analytics

Ads appear only for free-tier users and use device advertising IDs (which you can reset/limit). We use Firebase and similar tools for performance insights. We do not respond to browser-based "Do Not Track" signals.

12. Children's Privacy & Safety

The App is strictly for users 18 years and older. We manually verify new profiles, delete any under-18 accounts, and enforce a zero-tolerance CSAM policy. For full details see our Child Safety Policy.

13. Automated Decisions & Profiling

Algorithms suggest matches and compatibility scores. You may request human review, contest results, or obtain an explanation of the logic and consequences.

14. Payments & Financial Information

All card transactions are processed by Apple or Google. TwoHearts™ never stores full card data. Where users make direct bank transfers (rare), we keep minimal payment metadata strictly for fraud prevention and legal compliance.

15. Social Media Integrations

When you link a social account, we access only the profile data you authorize and use it solely for login or profile setup.

16. User-Generated Content & External Links

Anything you post publicly (bio, photos) is visible to others. External websites linked in the App have their own privacy practices.

17. Data Breach Notification

In the unlikely event of a breach, we will notify affected users and regulators as required by law.

18. Governing Law

This Policy is governed by the laws of Sri Lanka.

19. Language

English is the controlling language; translations are for convenience only.

20. Updates

We may revise this Policy periodically. Major changes will appear in-app; minor edits may appear on our website. Continued use of the App after an update means you accept the revised Policy.

21. Contact Information

Privacy & User Support: support@twohearts.dating

Address: Deep Lab (PVT) LTD, No. 272, Anguruwathota Road, Wewala, Horana, Kalutara, Sri Lanka 12400

By using TwoHearts™, you confirm that you have read, understood, and agreed to this Policy. We may update it from time to time, and continued use of the App after updates means you accept the revised version.