MyDateLibrary
Privacy and personal data protection
1. Data controller
Controller: MyDateLibrary.
Privacy email: privacy@mydatelibrary.com.
Country: Spain.
Service purpose: Manage accounts, plan dates, and personalize recommendations.
2. Data we process
Account data
Username, email address, and access credentials (the password is stored using hashing on the server).
Profile data
First name, last name, biography, date of birth, and location (latitude/longitude and derived address: city, country, and postal code).
Service activity
Created dates, favorites, reviews, scheduled dates, and profile-related counts.
Technical session data
Access and refresh tokens, session expiry, and last access for security and authentication continuity.
Some data is required to create and maintain an account (such as email address and access credentials). Without it, the service cannot be used. Other profile data is optional and can be updated or deleted from your account settings.
3. Purposes and legal basis
Performance of the contract (Art. 6.1.b GDPR)
Account registration, sign-in, profile management, use of date features, and basic support for the service.
Legitimate interest (Art. 6.1.f GDPR)
Security, fraud prevention, session management, and operational improvement of platform performance and stability.
Consent (Art. 6.1.a GDPR)
Optional use of an external sign-in provider (Google) and voluntary selection of location for personalization.
4. Cookies and local storage
The application uses technical cookies necessary for authentication and security:
- accessToken: keeps the session authenticated.
- refreshToken: allows the session to be renewed without signing in again.
- refreshExpiresAt: controls the refresh token expiration.
These cookies are first-party cookies and are deleted when you sign out or delete your account from the app.
5. Providers and international transfers
Personal data may be processed by providers acting as data processors to deliver technical services necessary for the operation of the platform (for example, hosting, authentication, or geocoding).
We may share strictly necessary data with data processors in order to provide the service.
We do not sell or share personal data with third parties for commercial purposes.
If you use Google sign-in, Google Identity services are loaded and the token is validated against Google endpoints.
If you save your location, the Nominatim (OpenStreetMap) service is queried to obtain an approximate address from latitude and longitude.
These providers may involve international data transfers; when a provider is located outside the EEA, we use mechanisms recognized by the GDPR, including standard contractual clauses (SCCs), to ensure an adequate level of protection.
6. Data security
We apply appropriate technical and organizational measures to protect personal data.
- Encrypted communications via HTTPS.
- Secure storage of credentials using password hashing on the server.
- Authentication and access controls to protect accounts and sessions.
Newsletter and promotional emails
If you subscribe to the MyDateLibrary newsletter from the footer or by checking the newsletter box during registration, we process your email address, subscription status, locale, source of consent, and unsubscribe token to send you product updates, curated date ideas, and occasional promotional emails.
The legal basis for this processing is your consent. You can withdraw it at any time through the unsubscribe link included in every email or by writing to privacy@mydatelibrary.com.
Newsletter delivery and audience synchronization may be managed by our email provider. We keep newsletter data while your subscription remains active or as long as necessary to maintain a suppression record after unsubscribing.
7. Data retention
Your data is kept while your account is active or as long as necessary to comply with legal obligations.
When you delete your account, the system applies logical deletion and immediately anonymizes personal fields (email address, username, first name, last name, date of birth, location, and other profile data), and invalidates session tokens.
Technical security and access logs may be kept for a limited period for security and fraud-prevention purposes.
8. Minimum age
The service is intended for users aged 16 and over.
We do not knowingly collect data from children under that age.
If we detect an account created by a minor, we will proceed with its deletion or blocking in accordance with applicable regulations.
9. User-generated content
Content created by users (date ideas, reviews, or other published elements) may be visible to other users depending on the service settings.
Anti-bot and abuse prevention measures
To protect registration, content creation, and support forms against bots, spam, and abusive use, we use Cloudflare Turnstile together with automated security controls such as rate limits and risk checks.
During these checks, we may process technical data such as IP address, user agent, browser identifiers, interaction metadata, and the security verification result. This information is used exclusively to detect and block abuse, keep the service available, and prevent fraud.
Cloudflare acts as a processor or technical security provider for this functionality. If a verification fails or suspicious behavior is detected, the submission may be temporarily rejected.
10. Automated decisions
We do not carry out automated decisions or automated profiling with legal or similarly significant effects for users.
11. Your rights
Access and rectification: you can review and update your data from your profile.
Erasure: you can delete your account from Delete account.
Other rights: restriction, objection, portability, and withdrawal of consent where applicable.
Withdrawal of consent: you can withdraw it at any time from your account settings or by contacting privacy@mydatelibrary.com.
How to exercise your rights: to exercise any of these rights, you can contact us at privacy@mydatelibrary.com indicating your request and the email address associated with your account.
Complaint: you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).
12. Changes to this policy
We will publish any relevant update on this page indicating the review date. If the change materially affects your rights or the purposes of processing, it will be notified through the account channels available.