Privacy Policy

Plain English first: Kyzmyt is a verified dating platform. To verify every member, we collect sensitive data including government ID, biometric liveness checks, and background check results. This policy explains exactly what we collect, why, who handles it, and your rights. We do not sell your data. We never will.

Section 1

Who We Are

Kyzmyt is operated by KYZMYT, LLC, an Ohio limited liability company (EIN 42-1983754, Ohio SOS Document ID 202610702238). Our platform is located at kyzmyt.com. For privacy inquiries, contact us at privacy@kyzmyt.com.

This Privacy Policy applies to all users of kyzmyt.com and the Kyzmyt progressive web application. By creating an account, you agree to this policy.

Section 2

Data We Collect

Because Kyzmyt requires mandatory verification of every member, we collect several categories of data:

Category	What It Includes	Purpose
Account Data	Name, email address, date of birth, password (hashed)	Account creation and authentication
Profile Data	Photos, bio, values, relationship goals, profile soundtrack, compatibility quiz answers	Matching and discovery features
Government ID	A scan or photo of your government-issued ID (driver's license, passport, or equivalent)	ID verification via Stripe Identity — required for every member
Biometric Data	A liveness check (selfie or video) used to confirm the ID belongs to you	Fraud prevention — processed by Stripe Identity, not stored by Kyzmyt
Background Check Data	Criminal history records, sex offender registry results, as returned by Checkr	Member safety — results flow directly from Checkr to our database via signed webhook. No human or admin touches this data.
Financial Badge Data	Asset verification data via Plaid (no account numbers or balances stored by Kyzmyt)	Optional financial badge feature for members who choose it
Payment Data	Payment card and subscription information	Processed entirely by Stripe — Kyzmyt never stores card numbers
Messages	Real-time chat messages between matched members	Communication between matches — encrypted in transit
Safety Data	Date check-in records, safety reports, post-date ratings	Member safety — alerts sent via Twilio if a check-in is not resolved
Usage Data	Pages visited, features used, session length, device type, IP address	Platform improvement via Google Analytics 4
Location Data	General region (city/metro level) as provided in your profile	Discovery and local matching — we do not track precise GPS location

Section 3

How We Use Your Data

To verify your identity and conduct your mandatory background check before allowing platform access
To power the discovery feed, matching, and AI compatibility features
To send transactional emails (match notifications, check-in alerts, account messages)
To operate the date safety check-in system and send Twilio SMS alerts for unresolved check-ins
To process payments for verification fees, membership, and boosts via Stripe
To review safety reports and take action on policy violations
To improve platform features using aggregated, anonymized analytics
To comply with legal obligations including lawful law enforcement requests

✶ The Tamper-Proof Verification Guarantee

Background check results travel directly from Checkr to our database via a cryptographically signed webhook. No user, admin, employee, or system process can modify verification results. This is the architectural core of Kyzmyt's safety model.

Section 4

Third Parties We Share Data With

We share data with service providers who process it on our behalf. We do not sell your data to advertisers or data brokers, ever.

Provider	What They Receive	Purpose
Stripe	Payment information, government ID, liveness biometric	Payment processing, ID verification via Stripe Identity
Checkr	Name, date of birth, SSN (last 4), consent	Criminal background check — results returned directly to DB
Plaid	Banking institution access (if you opt into Financial Badge)	Asset verification for optional Financial Badge
Supabase	All platform data (PostgreSQL database host)	Database infrastructure — SOC 2 compliant
Resend	Your email address and email content	Transactional email delivery
Twilio	Your phone number (if provided for safety check-ins)	SMS safety alerts for date check-ins
Anthropic	Profile data, quiz answers (no PII) used to generate compatibility scores	AI compatibility scoring and icebreaker generation
Spotify	Your Spotify account (if you link it for profile soundtrack)	Profile music feature — optional
Google Analytics	Anonymized usage data, IP (anonymized)	Platform analytics
Netlify / Cloudflare	Web traffic, IP addresses	Hosting, CDN, and security

We may disclose your information to law enforcement or legal authorities when required by law, subpoena, or court order. Legal requests should be directed to legal@kyzmyt.com.

Section 5

Biometric and Sensitive Data

Kyzmyt uses Stripe Identity for ID verification and liveness detection. Your government ID image and biometric liveness data are processed by Stripe under their privacy policy and are not stored by Kyzmyt on our servers.

Background check data (criminal history records) is stored in our database under strict access controls. This data is visible only to you (your own record) and to Kyzmyt administrators with a legitimate need to review safety reports. It is never visible to other members.

Ohio residents: To the extent Ohio law imposes specific obligations regarding biometric or sensitive data, we comply with those obligations. Contact privacy@kyzmyt.com for details.

Section 6

Data Retention

Active account data is retained for as long as your account is active.
Messages are retained while both matched users have active accounts. When a match is ended, message history is retained for 90 days for safety purposes, then deleted.
Stories expire and are permanently deleted after 24 hours.
Background check results are retained for the lifetime of your account and for 3 years after account deletion for safety record purposes.
Safety reports are retained indefinitely to protect the community.
Payment records are retained for 7 years as required for tax and accounting purposes.
Upon account deletion, personal profile data, photos, and messages are deleted within 30 days, except where retention is required by law or safety policy.

Section 7

Your Privacy Rights

Depending on your location, you may have the following rights:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate profile data.
Deletion: Request deletion of your account and associated data, subject to our safety retention policy above.
Portability: Receive a machine-readable export of your data.
Opt-out: Opt out of non-essential communications at any time via your profile settings or by emailing us.
CCPA (California): California residents have the right to know what personal information is sold or disclosed and to opt out of sale. We do not sell personal information.
GDPR (EU/EEA): If you are located in the EU or EEA, you have additional rights under GDPR including the right to lodge a complaint with your supervisory authority.

To exercise any of these rights, email privacy@kyzmyt.com. We will respond within 30 days.

✶ Important Note on Verification Data

Because background check and ID verification results are the foundation of Kyzmyt's safety model, we cannot delete or modify these records for active accounts. If you request full account deletion, verification data will be retained in our safety archives as described in Section 6.

Section 8

Cookies and Tracking

Authentication: Session tokens to keep you logged in securely (essential — cannot be disabled).
Analytics: Google Analytics 4 to understand platform usage patterns. IP addresses are anonymized.
Preferences: Remembering your settings and preferences.

We do not use third-party advertising cookies. You can manage browser cookies in your browser settings. Disabling essential cookies will prevent login functionality.

Section 9

Security

TLS encryption for all data in transit
Row-level security (RLS) in our PostgreSQL database — every query is scoped to the authenticated user
Cryptographically signed webhooks for all background check data (Checkr) and payment events (Stripe)
Service role keys for sensitive operations — never exposed to client-side code
Cloudflare CDN with bot protection and DDoS mitigation

No system is perfectly secure. If you believe you have discovered a security vulnerability, please contact us at safety@kyzmyt.com immediately.

Section 10

Children's Privacy

Kyzmyt is intended exclusively for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18. Our mandatory ID verification process is designed to confirm adult status. If we become aware that a minor has created an account, we will immediately terminate the account and delete all associated data. Contact safety@kyzmyt.com if you believe a minor has accessed the platform.

Section 11

Changes to This Policy

We may update this Privacy Policy as the platform evolves. When we make material changes, we will notify you by email and post a notice on the platform. The "Effective Date" at the top of this page reflects when the current version took effect. Continued use of Kyzmyt after the effective date constitutes acceptance of the updated policy.

Privacy Questions?

We take your privacy seriously. For any questions about this policy or to exercise your privacy rights, reach out directly.

Email: privacy@kyzmyt.com

KYZMYT, LLC · Cuyahoga Falls, OH