The Colours Parlor

Privacy Policy

Effective date: 15 March 2026

The Colours Parlor ("we", "us") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why, how we use it, and your rights. If you have questions, contact us through the in-app Help Center.

1. Data We Collect

Account Data

Name, email address, and password (hashed) when you create an account.

Profile Data

Gender identity, pronouns, sexual orientation, biological sex (for pool assignment only), age, relationship style, life goals, spiritual background, cultural descent, and any other information you voluntarily provide during setup or when editing your profile.

Biometric Data

When you complete identity verification, we collect a profile photo and a live selfie. These images are processed by Google Cloud's vision infrastructure to confirm you are a real person and that both images show the same individual. We do not use your biometric data for any purpose other than identity verification and fraud prevention. Selfies are stored securely and are never shown to other users.

Soul Print & Compatibility Data

The answers you provide during setup and daily questions are analysed by our systems to produce a "Soul Print", a compatibility profile represented as a text report and a numerical vector. This analysis is stored and used to suggest matches.

Messages & Arena Content

Messages you send in private conversations and in Friendship Arena group chats. These may be scanned for policy violations by automated systems.

Usage Data

Log data including IP address, browser type, device type, pages visited, features used, and timestamps. This is used for security, debugging, and improving the Platform.

Payment Data

If you purchase credits, payment is processed by our payment provider. We do not store full card numbers. We receive a transaction record including amount, currency, and status.

2. How We Use Your Data

  • To create and manage your account.
  • To match you with compatible users using soul vector compatibility scores.
  • To verify your identity and prevent fake accounts.
  • To moderate content and enforce our Community Guidelines.
  • To operate Arena sessions, messaging, and group chat features.
  • To process credit purchases and maintain your credit balance.
  • To send you essential service communications (security alerts, policy updates).
  • To analyse aggregate usage patterns and improve the Platform.
  • To comply with legal obligations.

We do not use your data for advertising to third parties. We do not sell your data.

3. Third-Party Services

We share data with the following third-party services to operate the Platform:

  • Supabase, database hosting, authentication, file storage, and real-time messaging. Data is stored on Supabase infrastructure.
  • Google Cloud, photo safety moderation and identity verification. Profile photos and selfies are transmitted to Google's infrastructure for this purpose only.
  • Google LLC and Anthropic PBC, automated text analysis for Soul Prints, daily questions, match analysis, and conversation features. Your profile data and answers are transmitted to these services to generate personalised insights. Both providers are bound by data processing agreements and are not permitted to use your data for their own purposes.

We have agreements with these providers to process data only as instructed and to maintain appropriate security. We do not authorise these providers to use your data for their own purposes.

4. Biometric Data, Special Notice

Your verification photos (including your selfie) are biometric data. We collect them solely to verify identity. We do not use biometric data to track you, build advertising profiles, or identify you in any other context.

Biometric data is retained for as long as your account is active and for up to 90 days after account deletion, to prevent re-registration by bad actors. After this period, biometric data is permanently deleted.

If you are a resident of Illinois (USA), Texas (USA), Washington (USA), or any jurisdiction with biometric privacy laws, you have additional rights under those laws. Contact us to exercise them.

5. Data Retention

  • Active accounts: Data is retained for as long as your account is active.
  • Deleted accounts: Profile data, messages, and soul print data are deleted within 30 days of account deletion.
  • Biometric data: Deleted within 90 days of account deletion.
  • Transaction records: Retained for 7 years for tax and legal compliance.
  • Moderation logs: Retained for 2 years for safety and legal purposes.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, request a copy of the personal data we hold about you.
  • Rectification, correct inaccurate data.
  • Erasure, request deletion of your data ("right to be forgotten").
  • Portability, receive your data in a machine-readable format.
  • Objection, object to certain processing activities.
  • Withdraw consent, withdraw consent for AI analysis, though this will prevent us from offering compatibility features.

To exercise any of these rights, use the in-app Help Center or contact us directly. We will respond within 30 days.

You may delete your account at any time from your Profile settings. Account deletion triggers the data retention schedule above.

7. Children's Privacy

The Platform is strictly for users aged 18 and over. We do not knowingly collect data from minors. If we discover that a minor has created an account, we will immediately terminate the account and delete all associated data. If you believe a minor is using the Platform, please report it through the Help Center immediately.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

  • All data transmitted over HTTPS/TLS encryption.
  • Database access controlled via Row-Level Security (RLS), you can only access your own data.
  • API routes require verified authentication tokens for all sensitive operations.
  • Service role keys (which bypass RLS) are never exposed to client-side code.
  • Passwords are hashed and never stored in plain text.

No system is perfectly secure. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

9. International Data Transfers

Your data may be transferred to and stored in countries other than your own, including countries where data protection laws may differ. By using the Platform, you consent to this transfer. We ensure appropriate safeguards are in place for international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice before they take effect. The effective date at the top of this page will always reflect the most recent version.

11. Contact

For privacy-related questions, requests, or complaints, please contact us through the Help Center in the app. We take privacy seriously and will respond promptly.

Also read our Terms of Service and Community Guidelines.