Privacy Policy

Effective date: April 21, 2026

This Privacy Policy explains what personal information LetsBeParents collects, why, and how you can control it. It applies to our website (letsbeparents.com), our mobile applications for iOS and Android, and our admin and partner portals (the "Services").

1. Who we are

LetsBeParents is operated by BYITSMART DOO (Montenegro). For users in the European Economic Area, the United Kingdom, or Switzerland, we act as the data controller for the information described in this Policy. For California residents, we are the "business" that collects your personal information under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). To reach us about any privacy matter, use our contact form.

2. What we collect

We collect only the information we need to run the Services:

  • Account: email, hashed password, preferred language, role.
  • Profile: display name, date of birth, city and country, approximate coordinates, physical characteristics, background, lifestyle, and the reproductive and family-formation information you choose to share (for example, user type, willingness to donate or carry, contact preferences). Profile photos and avatar.
  • Communications: chat messages and attachments, likes, matches, profile visits, reports. Voice and video call metadata only; call media is not recorded.
  • Photo verification (optional): the outcome of a verification check (approved or declined) and numeric confidence scores. The selfie, session video, and any biometric information are processed and kept by the verification provider, not by us — see «Photo verification and biometric information» below.
  • Device and connection: IP address, coarse location derived from it, device model and operating system, app version, installation identifier, push-notification tokens.
  • Usage: in-app and on-site events such as screens viewed, features used, and actions taken, linked to your account identifier, used to measure and improve the Services.
  • Payments: in-app purchase receipts from the Apple App Store and Google Play. We never see your card details.

Some of the profile information, including health or fertility-related information, religion, or details from which sexual orientation can be inferred, is treated as "special category" data under GDPR / UK GDPR and as "sensitive personal information" under the CPRA. You are never required to provide it; you provide it only to be matched with compatible users, and you can remove it at any time by editing your profile. We do not use or disclose sensitive personal information for any purpose other than operating the Services for you.

Sources of personal information: we collect information (a) directly from you when you register, build your profile, or use the Services; (b) automatically from your device and browser when you access the Services; and (c) from service providers acting on our behalf (for example, the result of an identity-verification check you requested, or a city-to-coordinates lookup when you pick a city).

What happens if you do not provide data: your email and a minimum profile are required to use the Services; without them we cannot create an account for you. Everything else is optional, you can skip it and still use the Services, though some features (such as matching, identity verification, or subscriptions) may not be available.

We use privacy-respecting product-analytics and mobile-attribution providers (hosted in the EU) to measure how the Services are used and to improve them; the events are linked to your account identifier. We do not use session replay, advertising pixels, or cross-site behavioural trackers, we do not sell your data, and we do not use it for cross-context behavioural advertising. On our website these analytics run only with your consent (see the Cookies section below); you can withdraw consent at any time.

Photo verification and biometric information

To keep our community safe, members verify their profile photo. During verification you take a short video selfie; this involves the processing of biometric information (facial geometry) for liveness detection and for comparing your selfie with your profile photo. This processing is performed entirely by our specialist identity-verification provider, Didit, acting as our data processor — LetsBeParents never receives or stores your selfie, the session video, or any facial geometry. Our systems receive only the verification outcome (approved or declined) and numeric confidence scores.

Retention and destruction schedule: the provider retains verification session data (including the selfie and session video) for no longer than 6 months from the verification, after which it is permanently destroyed. If you delete your account, we additionally instruct the provider to delete your verification session as part of the final data erasure (within 30 days). Our own verification records (outcome and scores) are erased within 30 days of account deletion.

Purpose limitation: biometric information is processed solely to verify your profile photo and to prevent impersonation and fraud. We never use it for any other purpose, never sell it or otherwise profit from it, never use it for advertising or profiling, and never share it with anyone other than the verification provider.

Consent: verification begins only after you review the disclosure and give your consent on the verification screen. If you prefer not to undergo automated facial verification, contact us via the support chat — a manual review by our team may be available.

3. How we use it

We use your information to create and secure your account, show your profile to other users so you can match, operate chat and calls, send transactional email and push notifications, moderate uploaded photos, verify identity on request, process subscriptions, prevent fraud and abuse, respond to your requests, and comply with law.

4. Legal bases (EEA / UK / Switzerland)

We rely on contract to provide the Services, legitimate interests for security and fraud prevention, legal obligation where required, and explicit consent for optional identity verification and for any special-category information you choose to include in your profile (for example, fertility-related information, religion, or inferences about sexual orientation). You can withdraw that consent at any time by editing or deleting the information, or by deleting your account.

5. Who we share it with

We do not sell your personal information. We share it only with:

  • Other users, your public profile is visible to other logged-in users. Your email, phone, IP, exact coordinates, and payment details are never shown.
  • Service providers acting on our instructions under a data-processing agreement, in the categories of cloud hosting, content delivery and security, automated content moderation, geolocation, identity verification, push notifications, in-app payments, transactional email, and product analytics and mobile attribution. Identity verification is performed by Didit (didit.me) under a data-processing agreement, solely on our instructions. A list of specific providers is available on request via our contact form.
  • Authorities or third parties where required by law, to enforce our Terms, or to protect rights, property, or safety.
  • A successor entity in the event of a merger, acquisition, or asset transfer.

6. International transfers

Our servers are primarily in the European Union. Some providers operate outside the EEA / UK. Where that happens, transfers are protected by the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or an equivalent lawful mechanism.

7. How long we keep it

We keep your data while your account is active. When you delete your account, your profile, photos, and messages are immediately hidden from other users. Within 30 days, all your data is permanently erased from our systems. This includes our verification records (outcome and confidence scores); we also instruct our identity-verification provider to delete your verification session, and in all cases the provider retains verification session data for no longer than 6 months. After 30 days, the email address you used becomes available for a new account, but the new account starts fresh with no history of the previous one. If you believe your account was deleted by mistake within those 30 days, contact us via our contact form and we will assist with manual restoration. Apple Inc. is the merchant of record for in-app purchases on iOS and retains transaction history per their own retention policies. Backups are kept for up to 90 days.

8. Your rights

You can request access to, correction, deletion, or portability of your personal information. You can also restrict or object to our processing, and, where we rely on your consent, withdraw it at any time. To exercise any of these rights, submit a request via our contact form; we will respond within 30 days (or 45 days for California residents, extendable by a further 45 days on notice).

If you are in the UK, you may lodge a complaint with the Information Commissioner's Office. If you are in the EEA or Switzerland, you may lodge a complaint with your local data-protection authority.

If you are a California resident, you have the rights, under the CCPA/CPRA, to: know what personal information we collect, use, disclose, and share; correct inaccurate personal information; delete personal information we hold about you; limit our use of your sensitive personal information; opt out of any sale or sharing of personal information; and not be discriminated against for exercising any of these rights. We do not sell or share your personal information for cross-context behavioral advertising, and we have not done so in the preceding 12 months. We do not use or disclose sensitive personal information beyond the purposes permitted by California law. You can also designate an authorized agent to make a request on your behalf.

9. Security

We protect your data with transport-layer encryption, bcrypt password hashing, short-lived session tokens, rate-limiting and bot-challenge on sensitive endpoints, role-based access control, and audit logging of administrative actions. No online service can guarantee absolute security; if a breach affects your personal information, we will notify you and the relevant authorities as required by law.

10. Cookies

Strictly necessary first-party cookies always run so the Services work: a session cookie to keep you signed in, a CSRF-protection token, and a locale preference cookie. With your consent, we also use first-party analytics and attribution cookies to measure product usage and how visitors first reached us; you choose these in our cookie banner and can change your choice at any time. We do not use advertising cookies, and we do not sell your data or use it for behavioural advertising.

11. Children

The Services are strictly for adults aged 18 and over. If you believe a minor has created an account, report it via our contact form and we will remove it.

12. Automated decision-making

We do not make decisions with legal or similarly significant effects based solely on automated processing. Catalog ranking and photo moderation affect only your visibility and the status of individual photos; you can request human review of any moderation or account-status decision. Photo verification involves an automated comparison of your selfie with your profile photo; if verification is declined, you can request human review by our moderation team via the support chat.

13. Changes

We may update this Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you by email or in-app notice before the change takes effect.

14. Contact

For any privacy question, request, or complaint, reach out through our contact form.

Privacy Policy — LetsBeParents