Legal

Privacy Policy

Effective date: 1 May 2026  ·  Last updated: 20 March 2026

Courtship (“we”, “us”, “our”) is a matrimonial matchmaking platform operated in India. This Privacy Policy describes how we collect, use, store, share, and protect your personal data, and the rights available to you under the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable Indian laws.

By creating an account or using the Courtship application, you consent to the practices described in this policy.

1. Who We Are

Courtship is a private matchmaking service for unmarried adults in India seeking a life partner for marriage. Our purpose is matrimonial — not casual dating. We operate with a high bar for identity verification and data stewardship.

For all privacy-related matters, contact our Grievance Officer (see Section 11).

2. Data We Collect

We collect personal data that you provide directly, as well as data generated through your use of the platform.

2.1 Identity and Dossier Data

  • Full legal name
  • Date of birth
  • Gender
  • Phone number
  • Email address (optional)
  • Hometown and current city (encrypted at rest with AES-256-GCM)
  • Organisation name / employer (encrypted at rest with AES-256-GCM)
  • Educational background
  • Height, and other self-reported attributes

2.2 Photos and Media

  • Profile photographs and selfies you upload, used for identity verification (L1 liveness, L2 face-match) and your profile
  • Government-issued identity document images (Aadhaar, PAN, Passport) provided for L3 document verification — processed for verification and not displayed to other users

2.3 Preferences and Matching Data

  • Partner preference settings (age range, location, etc.)
  • Connection requests sent and received
  • Connection status (pending, accepted, closed)

2.4 Communication Data

  • Chat messages exchanged with your connections — stored securely and accessible only to the participants
  • Any content you share within the platform’s private Sanctuary space

2.5 Technical and Usage Data

  • Device type, OS version, and app version
  • Session identifiers and authentication tokens
  • Anonymised event telemetry (feature usage, screen views) via PostHog — no PII is included in analytics events
  • Error reports via Sentry — contains only member ID and onboarding stage, never personally identifiable fields

2.6 Verification Data

  • Verification Trust Score (VTS) — a numeric score derived from completed verification steps
  • Verification stage and status (unverified, L1, L2, L3) stored in your member record

3. Purpose and Legal Basis for Processing

We process your personal data only for the purposes listed below. Our legal basis under the DPDPA is your freely given, specific, and informed consent, provided at account creation and reaffirmed at key stages.

PurposeData Used
Matrimonial matchmakingDossier data, preferences, photos
Identity verificationSelfies, document images, liveness checks
Enabling communicationChat messages, connection status
Platform security and abuse preventionUsage logs, session data, moderation flags
Service improvementAnonymised analytics (no PII)
Legal and regulatory complianceIdentity data, transaction records

We do not use your data for advertising, profiling for commercial purposes unrelated to matchmaking, or any purpose not listed above.

4. Data Retention

We retain your personal data only as long as necessary to fulfil the purposes described in this policy:

  • Active accounts: All personal data is retained while your account is active and your membership is in good standing.
  • Account deletion: When you request account deletion, your data enters a 30-day grace period during which your account is suspended but recoverable. After 30 days, personal data is permanently deleted from our systems.
  • Verification images: Government ID document images are deleted within 7 days of successful verification. We retain only the verification status and score, not the document itself.
  • Chat messages: Retained while the connection is active. When both parties close a connection, messages are deleted within 30 days.
  • Moderation and compliance records: Anonymised records of moderation actions are retained for up to 3 years as required by applicable law.

5. Your Rights Under the DPDPA

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right of Access: You may request a summary of the personal data we hold about you and the purposes for which it is being processed.
  • Right to Correction: You may request correction of inaccurate or incomplete personal data. Note: identity-anchor fields (name, date of birth, gender) are immutable once your dossier is sealed — see our Terms of Service for details.
  • Right to Erasure: You may request deletion of your personal data. We will process this within the 30-day grace period described in Section 4.
  • Right to Grievance Redressal: You may file a complaint with our Grievance Officer (Section 11) and expect a response within 48 hours.
  • Right to Withdraw Consent: You may withdraw consent at any time by deleting your account. Withdrawal does not affect processing done prior to withdrawal.
  • Right to Nominate: You may nominate another person to exercise your rights in the event of your incapacity or death, in accordance with the DPDPA.

To exercise any right, contact grievance@courtship.club.

6. Data Sharing and Disclosure

We never sell your personal data. We do not share your data with third-party advertisers, data brokers, or marketing platforms.

We share your data only in the following limited circumstances:

  • With your connections: When you accept a connection, a limited portion of your profile (as configured by you) is shared with that connection.
  • With Curators (moderators): Our trained Curators may access profile data and reported content solely for moderation purposes. Curators are bound by confidentiality obligations and internal access controls.
  • With service providers: We use limited infrastructure providers (cloud hosting, error monitoring) who process data on our behalf under strict data processing agreements. These providers may not use your data for their own purposes.
  • For legal compliance: We may disclose data when required by a court order, government authority, or applicable law. We will notify you of such requests where legally permitted.

7. Security Measures

We implement technical and organisational measures commensurate with the sensitivity of the personal data we process:

  • Encryption at rest: Sensitive fields (hometown, organisation name) are encrypted using AES-256-GCM before storage.
  • Encryption in transit: All data in transit is protected using TLS 1.2 or higher.
  • Row Level Security (RLS): Database access is governed by Supabase RLS policies that ensure each user can only access their own data and data explicitly shared with them.
  • Immutability triggers: Identity-anchor fields are protected by database-level triggers that prevent modification after dossier sealing, even by internal systems.
  • Authentication: All API requests are validated with signed JWT tokens. No endpoint returns data without a verified user identity.
  • Behavioural firewall: A content moderation layer screens for harmful patterns. Audit logs record the event type and affected field — never the content that triggered the flag.

Despite these measures, no system is 100% secure. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required by the DPDPA.

8. Cookies and Tracking

The Courtship mobile application does not use browser cookies. The web application uses only strictly necessary session cookies required for authentication. We do not use tracking or advertising cookies.

We use anonymised in-app analytics (PostHog) to understand feature usage patterns. No personally identifiable information is included in analytics events.

9. Children’s Privacy

Courtship is strictly for adults aged 18 and above. We do not knowingly collect personal data from anyone under 18. If we become aware that a user is under 18, the account will be immediately terminated and data deleted. If you believe a minor has created an account, contact grievance@courtship.club immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page and notify you in-app at least 7 days before material changes take effect. Your continued use of Courtship after the effective date constitutes acceptance of the updated policy.

You may withdraw consent and delete your account at any time if you do not accept the updated terms.

11. Grievance Officer

In accordance with the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address your privacy concerns.

Grievance Officer

Courtship

Email: grievance@courtship.club

We will acknowledge your grievance within 48 hours and endeavour to resolve it within 30 days.