MyDateLibrary

Privacy and personal data protection

1. Data controller

Controller: MyDateLibrary.

Privacy email: privacy@mydatelibrary.com.

Country: Spain.

Service purpose: Manage accounts, plan dates, and personalize recommendations.

data_usage

2. Data we process

  • Account data

    Username, email, and login credentials (password is stored hashed on server).

  • Profile data

    First name, last name, bio, date of birth, and location (latitude/longitude and derived address: city, country, and postal code).

  • Service activity

    Created dates, favorites, reviews, scheduled dates, and profile-related counters.

  • Technical session data

    Access and refresh tokens, session expiration, and last access for security and authentication continuity.

Some data is mandatory to create and maintain an account (such as email and login credentials). Without it, the service cannot be used. Other profile data is optional and can be updated or removed from account settings.

3. Purposes and legal basis

Contract performance (Art. 6.1.b GDPR)

Account registration, sign-in, profile management, date feature usage, and basic service support.

Legitimate interest (Art. 6.1.f GDPR)

Security, fraud prevention, session management, and operational improvements to platform performance and stability.

Consent (Art. 6.1.a GDPR)

Optional external login provider usage (Google) and voluntary location selection for personalization.

4. Cookies and local storage

The app uses necessary technical cookies for authentication and security:

  • accessToken: keeps the authenticated session.
  • refreshToken: renews the session without a new login.
  • refreshExpiresAt: controls refresh token expiration.

These are first-party cookies and are removed when you log out or delete your account from the app.

5. Providers and international transfers

Personal data may be processed by providers acting as processors to deliver technical services required for platform operation (for example, hosting, authentication, or geocoding).

We may share strictly necessary data with processors to deliver the service.

We do not sell or share personal data with third parties for commercial purposes.

If you use Google login, Google Identity services are loaded and the token is validated against Google endpoints.

If you save your location, Nominatim (OpenStreetMap) is queried to obtain an approximate address from latitude/longitude.

These providers may involve international transfers; when a provider is outside the EEA, we use GDPR-recognized safeguards, including Standard Contractual Clauses (SCC), to ensure an adequate level of protection.

6. Data security

We apply appropriate technical and organizational measures to protect personal data.

  • Communication encryption through HTTPS.
  • Secure credential storage using password hashing on server.
  • Authentication and access controls to protect accounts and sessions.

Newsletter and promotional emails

If you subscribe to the MyDateLibrary newsletter from the footer or by selecting the newsletter checkbox during registration, we process your email address, subscription status, locale, consent source and unsubscribe token to send you product updates, curated date ideas and occasional promotional emails.

The legal basis for this processing is your consent. You can withdraw it at any time from the unsubscribe link included in every newsletter email or by contacting privacy@mydatelibrary.com.

Newsletter delivery and audience synchronization may be handled by our email service provider. We only keep newsletter data for as long as your subscription remains active or as long as needed to keep a suppression record after you unsubscribe.

7. Data retention

Your data is retained while your account is active or as long as required to comply with legal obligations.

When you delete your account, the system applies logical deletion and immediately anonymizes personal fields (email, username, first name, last name, date of birth, location, and other profile data), and invalidates session tokens.

Technical security and access logs may be kept for a limited period for security and fraud prevention.

8. Minimum age

The service is intended for users aged 16 or older.

We do not knowingly collect data from children below that age.

If we detect an account created by a minor, we will remove or block it according to applicable law.

9. User-generated content

Content created by users (date ideas, reviews, or other published elements) may be visible to other users depending on service settings.

10. Automated decisions

We do not perform automated decisions or profiling with legal or similarly significant effects for users.

11. Your rights

person_edit

Access and rectification: you can review and update data from your profile.

delete_forever

Erasure: you can delete your account from Delete account.

download

Other rights: restriction, objection, portability, and withdrawal of consent where applicable.

settings

Withdrawal of consent: you can withdraw it at any time from your account settings or by contacting privacy@mydatelibrary.com.

mail

How to exercise your rights: to exercise any of these rights, contact us at privacy@mydatelibrary.com indicating your request and the email associated with your account.

gavel

Complaint: you have the right to file a complaint before the Spanish Data Protection Agency (AEPD).

12. Changes to this policy

We will publish relevant updates on this page indicating the revision date. If a change materially affects rights or purposes, it will be notified through available account channels.