PRIVACY POLICY

Last updated: 26 June 2026

1. Who is responsible for your data?

The controller of your personal data is Giorgi, the independent developer and operator of the Dovian mobile application (the "App"), based in Georgia.

This Privacy Policy explains what personal data we process when you use Dovian, why we process it, who we share it with, and the rights you have over it.

Privacy contact: [email protected]
Support: [email protected]

2. Who can use Dovian

Dovian is a location-based dating and social-events platform for adult men (18+). The App is strictly for users aged 18 or over. By using Dovian you confirm that you are at least 18 years old.

3. What data we collect

We only process data that is necessary to run the service. Depending on how you use the App, this includes:

• Account data: email address, and either a password (stored only as a secure hash) or your Google account sign-in (basic Google profile: name, email, profile picture) when you choose "Continue with Google".
• Profile data: display name, age, role, ethnicity, body type, what you are looking for, encounter and meeting preferences, public photos, private ("Book") photos, and any text you add to your profile.
• Special-category data: because Dovian is an app for gay and bisexual men, your use of it may reveal data about your sexual orientation. Under the GDPR this is a "special category" of data, which we process only on the basis of your explicit consent, given when you create your account and use the App.
• Location data: approximate or precise device location, used to show you nearby profiles and events. You can choose precise or approximate location, and you can disable location access in your device settings (some features will not work without it).
• Content you create: chat messages (stored encrypted at rest), event participation, winks, favourites, blocks and reports.
• Device & usage data: IP address, device model, operating system, app version, a push-notification (FCM) token, and basic device identifiers, used for delivery of notifications, security and troubleshooting.
• Purchase data: subscription/premium status and the purchase confirmation token issued by Google Play. We never receive or store your card details — payments are processed entirely by Google Play.

4. Why we process your data (legal bases)

For users in the European Union / EEA, we rely on the following legal bases under the GDPR:

• Performance of a contract — to create your account and provide the App's core features (profiles, matching, chat, events).
• Explicit consent — for special-category data (sexual orientation), location access, and any optional marketing messages. You can withdraw consent at any time.
• Legitimate interests — to keep the service secure, prevent fraud and abuse, and improve and debug the App, applying data-minimisation wherever possible.
• Legal obligation — to detect, remove and report illegal content (see section 11).

5. What we use your data for

• Providing the location-based dating and events service and creating your personal account.
• Delivering chat, push notifications and event functionality.
• Handling your requests, reports and support enquiries.
• Keeping the platform safe (anti-abuse, blocking, moderation).
• Sending you service or, with your consent, optional product communications.

6. Who we share data with

We do not sell your personal data. We share it only with service providers that help us operate the App, under appropriate data-processing terms:

• Google — Sign-In, Maps, Firebase Cloud Messaging (push notifications) and Google Play Billing.
• Brevo — to send transactional emails (account verification, password reset, account changes).
• Hosting & network providers — our server host and Cloudflare (content delivery and security).

Some of these providers (e.g. Google) may process data in the United States. Where data leaves the EEA, transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs).

7. How long we keep your data

We keep your personal data for as long as your account is active. When you delete your account, your account, profile, messages, photos and activity are deleted from our active servers. Residual copies may remain in encrypted backups for a limited period (generally up to 30 days) before being permanently erased; backups are kept only for security and service continuity and are not used for any other purpose.

8. Your rights

Subject to applicable law, you have the right to:

• Access your personal data;
• Request rectification of inaccurate data;
• Request erasure of your data;
• Request restriction of processing;
• Object to processing;
• Request data portability;
• Withdraw consent at any time (without affecting processing carried out before withdrawal).

You can delete your account at any time directly in the App (see our Account Deletion page) or exercise any of these rights by emailing [email protected].

If you are in the EU/EEA and believe your data is not handled lawfully, you also have the right to lodge a complaint with your local data-protection supervisory authority.

9. Data security

We take the protection of your data seriously. Chat messages and private photos are stored encrypted at rest, authentication tokens are stored encrypted on your device, data is transmitted over encrypted (HTTPS/TLS) connections, and access to user data is restricted to authorised operation only. No method of transmission or storage is completely secure, but we apply reasonable technical and organisational measures appropriate to the risk.

10. International users

Dovian is operated from Georgia and made available in multiple countries. By using the App you understand that your data is processed as described in this policy. Where the GDPR or other local laws grant you additional rights, we honour them.

11. Protection of minors & zero tolerance

Dovian is exclusively for users aged 18 and over. Use of the App by minors is strictly prohibited.

Zero-tolerance policy: we have a strict zero-tolerance policy toward any content or behaviour that depicts, promotes or distributes child sexual abuse material (CSAM) or the exploitation of minors. Where such content is identified:

• the content is permanently removed immediately;
• the responsible account is permanently suspended and banned;
• the matter is reported to the competent authorities, including organisations such as NCMEC (National Center for Missing & Exploited Children) and/or local authorities, providing the available user data for investigation.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, notified in the App.

13. Contact

For any question about this Privacy Policy or how your data is handled, contact us at [email protected].