Privacy Policy
Last updated: 14 July 2026. The controller for Resonate27 is Changhai Yu, Bilker Allee 210, 40215 Düsseldorf, Germany. Privacy contact: [email protected].
Account and sign-in: we process email address, password hash, email verification status, language, region, the selected persona figure variant (neutral, female, or male), the px27_session cookie, and security data so you can create an account, sign in, and use the service. The figure preference changes persona artwork only and can be edited in settings. The legal basis is Art. 6(1)(b) GDPR; for security checks we also rely on Art. 6(1)(f) GDPR.
Terms and notice records: we record acceptance of the Terms, which include the 18+ condition, and acknowledgment that the Privacy Policy was read. Optional public sharing, email visibility, and promotional email choices remain separate. Records can include version, timestamp, optional IP address, and user agent. Privacy notice acknowledgment is not described as blanket consent.
PX27 / Resonate27 personality profile: when you submit an AI-generated score, personality line, PX27/Resonate27 vector, or 54-question result, we store the compact 27-dimensional vector, version, upload time, and pool status. We do not store ChatGPT chat logs or full AI export files. Discovery results are derived from your saved PX27 vector, stored as structured language-neutral result data, and can remain viewable even if you later update or delete the current PX27 profile. The legal basis is Art. 6(1)(b) GDPR; optional public sharing additionally relies on Art. 6(1)(a) GDPR.
Guest mode and local storage: before login, your analyzed PX27/Resonate27 draft can be stored in localStorage under resonate27.guestPx27.v1. It stays in your browser until you import it, clear it, or remove browser data.
Matching and contact: for matching we process region, pool status, PX27/Resonate27 vector, match requests, match history, similarity values, profile summary, greeting, avatar, and compact text chat. Each conversation keeps only the latest 200 messages in total; older messages are deleted. The legal basis is Art. 6(1)(b) GDPR.
Conversation safety: either participant can end a conversation, or block the other participant and end it. A block stops that chat and excludes both people from future matching with each other. Conversation and public-share reports are stored as SafetyReport records with a selected reason, optional description of up to 1,000 characters, and optional contact email. Reporter and reported-user links are removed on account deletion. Reports and their notification/outcome delivery records are scheduled for deletion after 90 days unless a legal hold applies.
Email visibility and notifications: after a successful match, both people can see the other person's avatar, greeting, profile summary, and chat access. Your email address is shown to the other person only if matchContactEmailVisible is enabled. Emails already sent cannot be recalled; changes stop only future display or notifications.
Email delivery and SMTP outbox: Resonate27 may send verification, password-reset, match, safety, unsubscribe, and account-deletion emails through an SMTP outbox. Before sending, the system rechecks whether the recipient still exists and allows optional notifications; failed deliveries may be retried. After account deletion, the account record no longer contains the address. A separate, isolated delivery-queue record temporarily retains the destination only to send the deletion confirmation and scrubs it after successful delivery, cancellation, or the final failed attempt. Production mail must use a DPA-backed transactional provider or Google Workspace, not a personal Gmail account.
Public sharing: with explicit current PUBLIC_SHARE consent, you may publish a personality or Discover result as HTML pages and Story, Feed, or OG PNG images. An optional nickname may be included. Safe public output contains no email address, user ID, PX27 vector, evidence, similarity, or internal result ID. Disabling the relevant share stops fresh origin access immediately after the database commit and fresh requests return 404, but downloaded files and images already cached by social platforms cannot be recalled. Re-enabling restores the same opaque URL, so anyone who kept it can regain access.
Payments: the first production release runs as a free service while PAYMENTS_ENABLED=false. Matching and Discover do not deduct Credits, Wallet and top-up controls are hidden, and Stripe is not used for customer payments. A paid launch requires a separate legal, tax, refund, processor, and production-configuration review.
Hosting, Cloudflare, logs, and deployment: Resonate27 uses Hetzner Cloud as hosting provider, currently a CX23 server in Nuremberg, Germany, network zone eu-central. PostgreSQL is currently assumed to run in the same Hetzner production environment. Cloudflare Free with orange-cloud proxy provides necessary DNS and security functions, including Bot Fight Mode; Cloudflare Web Analytics is disabled and no analytics beacon is intentionally loaded. Conditional security cookies and security events may still occur when bot or challenge features are triggered. GitHub Actions handles code and deployment metadata and should not process production user data. Server logs may include IP addresses, request times, technical errors, and security events for operational security. The legal basis is Art. 6(1)(f) GDPR.
Retention and deletion: account data, PX27/Resonate27 profile, match data, and settings are stored while your account exists or until you delete specific data. Account deletion hard-deletes personal account, OAuth, profile, matching, chat, token, public-share, and user-linked pending-email data. The isolated deletion-confirmation delivery row follows the short retry-and-scrub process described above. Amount-bearing recharge or refund accounting rows may be retained only without a user link or original user ID where required. SafetyReport user links are removed and the report follows its separate retention rule.
United States & Canada: we provide the same access, correction, deletion, and complaint contact to users in both countries. We do not sell personal information and do not use cross-site targeted advertising. California users may use that contact for CalOPPA-related policy questions and changes; Canadian users may raise a PIPEDA access or accountability complaint there. If our practices change, we will update this policy and its date before describing new processing.
Your rights: subject to the GDPR, you have rights of access, rectification, erasure, restriction of processing, data portability, objection to legitimate-interest processing, withdrawal of consent, and the right to lodge a complaint with a supervisory authority. Contact [email protected].
Supervisory authority in North Rhine-Westphalia: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2–4, 40213 Düsseldorf, email: [email protected]. You may also complain to the authority of your habitual residence, workplace, or the place of the alleged infringement.