Privacy Policy
Last updated: July 10, 2026
Callaloo is a dating app for the Caribbean diaspora — one pot, many flags. Dating apps only work if you trust them with personal things, so we've written this policy in plain English. It explains what we collect, why, who we share it with, and the controls you have. If anything is unclear, email us at privacy@callaloo.app and a human will answer.
Who we are
Callaloo operates the Callaloo mobile app for iOS and Android and the website at callaloo.app. We're launching city by city — starting with Brooklyn and South Florida — across the United States, the United Kingdom, and Canada. For anything in this policy, we're the "data controller" — the party responsible for your information. You can reach us at privacy@callaloo.app for privacy matters and support@callaloo.app for everything else.
What we collect
Account information. When you sign up with Sign in with Apple, Google sign-in, or email, we receive your sign-in identifier (such as your email address) and basic authentication details. We confirm you are 18 or older at signup.
Profile information you choose to share. Your name, age, city or neighborhood, photos, bio, prompt answers, island heritage flag(s), languages, dating intentions, lifestyle details (like height, kids, drinking, smoking, and relationship style), and your music anthem. You decide what goes on your profile — other members see it, so share what you're comfortable with.
Who you want to meet. Your gender and the gender(s) you're interested in matching with. We know this can reveal your sexual orientation, which is sensitive information — we collect it only with your consent, use it solely to show you the right people, never share it with advertisers or data brokers (we have none), and protect it with the location and discretion safeguards described on this page.
Verification selfie. Selfie verification is rolling out. When you choose to verify, your selfie is used only to confirm you match your photos — it is processed by our verification partner, never shown on your profile or to other members, and we keep only the pass/fail result, not the selfie itself.
Location — coarse only, by design. This is something we're proud of, so here's exactly how it works:
- The app takes a low-accuracy location fix from your device — never a precise one.
- That fix goes to our server, which snaps it to a grid cell roughly 1 km across and immediately discards the raw coordinates. Your precise location is never stored, anywhere.
- The distance other members see is approximate and based on grid cells, not your actual position.
- If fewer than 3 members share a cell, we hide distance entirely so nobody can be singled out.
- You can hide your distance completely, for free, any time in Settings.
- In places we classify as higher-risk for LGBTQ+ people, we automatically make location coarser and force distance hidden — this protection can't be switched off.
- We never track your location in the background. Ever.
Messages. Messaging is free for everyone. Messages you send are stored on our servers so we can deliver them and so your conversations sync across devices. They may be scanned by automated content-safety systems to detect abuse, scams, and harmful content. You can block or report anyone, free, at any time.
Photos. Your photos are stored on Google Cloud (Firebase Storage). We strip EXIF metadata — including any embedded GPS coordinates — when you upload, so your photos never leak your location.
Purchases. Callaloo's core experience — matching, messaging, basic filters, and every safety feature — is free. If you choose a subscription (Callaloo+ at $14.99/month or $59.99/6 months; Callaloo Gold at $29.99/month or $149.99/6 months) or buy Roses or Boosts, billing is handled by the Apple App Store or Google Play. We receive purchase and entitlement records (what you bought and whether it's active) via RevenueCat, but we never receive your full payment card details.
Device and push information. We use a push token from Firebase Cloud Messaging to send you notifications (like new matches and messages), and device integrity signals from Firebase App Check to keep bots and abusive automation off the platform.
How we use your information
- Matching and discovery — showing your profile to compatible members nearby and showing you theirs.
- Safety and moderation — verifying profiles (selfie verification, as it rolls out), reviewing reports with automated systems and human reviewers, and detecting scams, harassment, and fake accounts.
- Notifications — push notifications about matches and messages, which you control in Settings and your device settings.
- Transactional email — welcome messages, verification, security alerts, and deletion confirmations, sent via Resend. We don't send marketing email without your consent.
- Analytics and personalization — only if you opt in. Product analytics and personalized suggestions are separate toggles in Settings, both off by default. If you never turn them on, we never use your data for them.
What we never do
- We never sell your personal data. There are no data brokers here.
- We show no ads and ship no ad-tech SDKs in the app. Your data doesn't feed anyone's ad targeting, including ours.
- We never use your heritage or skin tone in ranking, personalization, or filters — and we don't offer ethnicity or skin-tone exclusion filters to anyone.
- We never score members on attractiveness or "desirability."
- We never store your precise location.
- We never track your location in the background.
Who we share information with
We share data only with service providers who help us run Callaloo, and only what they need to do their job:
- Google Firebase — authentication, database, photo storage, push notifications, and website hosting.
- Apple and Google — sign-in and billing for purchases made through their stores.
- RevenueCat — managing subscription entitlements.
- Resend — sending transactional email.
- Google Gemini and Mistral AI — automated content-safety moderation of text (like messages and prompt answers), to help keep the community safe.
- Identity-verification partner — when selfie verification launches, your verification selfie is processed by a specialist verification provider; we keep only the pass/fail result, never the selfie itself. We'll name the provider here before verification goes live.
Beyond that, we may disclose information if the law genuinely requires it (for example, a valid legal order), or when it's necessary to protect the safety of our members or the public. We don't share member data with law enforcement casually, and we review every request.
Your rights and controls
Every control below lives in the app — no emails, no forms, no waiting:
- Export my data — get a full, machine-readable copy of your information.
- Delete my account — deletion starts a 30-day grace window (in case you change your mind), after which everything, including your photos, is permanently erased. You can cancel the deletion any time during those 30 days.
- Pause my profile — take a break from Discover without deleting anything.
- Consent toggles — analytics and personalization are separate, unbundled opt-ins you can change any time.
- Hide my distance — free, for everyone, always. The toggle lives on your profile.
- One-tap logout and honest, one-tap guidance to cancel a subscription through the App Store or Google Play — no retention traps.
Depending on where you live (including under the GDPR in the UK and EU, and the CCPA in California), you may also have legal rights to access, correct, delete, or receive a copy of your data, and to object to or restrict certain processing. The in-app controls above cover these, but you can also exercise any right by emailing privacy@callaloo.app. We'll never treat you differently for exercising your rights.
How long we keep your data
We keep your profile data for as long as your account exists. When you delete your account, the 30-day grace period runs, and then your data — photos included — is permanently erased. One honest exception: records connected to safety reports or legal obligations may be kept longer where that's required to protect members or comply with law.
Children
Callaloo is for adults only. You must be 18 or older to create an account, and we check age at signup. If we learn that someone under 18 has an account, we delete it. If you believe a minor is using Callaloo, please tell us at privacy@callaloo.app.
International transfers
Our data is stored on Google Cloud in the United States. If you use Callaloo from the UK, Canada, or elsewhere, your information is transferred to and processed in the US. Where the law requires it, we rely on recognized transfer safeguards (such as standard contractual clauses) for these transfers.
How we protect your data
Honestly: no service can promise perfect security, and we won't pretend otherwise. What we actually do is encrypt data in transit, limit who on our side can access member data through strict access controls, use Firebase App Check to block tampered or fake app clients, strip location metadata from photos, and design our systems so the most sensitive thing — your precise location — never exists on our servers in the first place. The best protection is not holding data we don't need.
Safety, plainly
Verification (as it rolls out), block and report, the Safety Center (app lock, discreet icon, and support resources), and moderation are free for every member — safety is never behind a paywall. One thing we want to be upfront about: we do not run criminal background checks on members. Please use good judgment when meeting anyone new.
Changes to this policy
If we change this policy in a way that matters, we'll tell you in the app or by email before the change takes effect — not bury it. The date at the top always shows the latest version.
Contact us
Privacy questions, requests, or concerns: privacy@callaloo.app. General support: support@callaloo.app. We read everything.