Privacy Policy

Effective Date: 2026-05-13 · Last Updated: 2026-05-13

Hodie ("we," "us," "our") operates the Hodie mobile application (the "App") — a daily-photo dating app. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over it.

By using Hodie you agree to the practices described here. If you don't agree, please don't use the App.

1. Who We Are

The operator of Hodie is Migla SIA, registered in Latvia.

Privacy contact: support@migla.io
Support contact: support@migla.io
Postal address: Migla SIA, Riga, Latvia

For EU users we act as the data controller for the personal data described below. Because Migla SIA is established in the EU, we are not required to appoint an EU representative under Article 27 of the GDPR.

2. Data We Collect

We only collect what we need to run a dating app safely. Specifically:

Account & Identity

Phone number — used as your login identifier via SMS one-time codes.
First name — shown on your profile.
Date of birth — used to verify you are at least 18 and to display your age. We never share your DOB itself; only the calculated age.
Gender and dating preferences — used so we can show you and your matches the right people.

Profile Content

Photos — your daily Hodie (front + back camera capture). Stored in our object storage and shown on your profile and in other users' swipe feeds.
Bio text — written by you, shown on your profile.
Interests, quiz answers, school, job, height — optional fields you fill in.
Verification status — whether you completed selfie verification.

Location

Precise location (latitude / longitude) — captured once when you grant permission, used to compute distance to other users. We do not continuously track you. You can revoke access at any time in iOS Settings.
City name — derived from your location for display only.

Activity

Swipes (like / pass / spotlight) — to power matching and the recommendation algorithm.
Matches and messages — content of conversations with people you've matched with.
Last-active timestamp — used to display an "Active now" badge to other users.
Reports and blocks — to keep the community safe.

Purchases

Purchase history of in-app subscriptions and consumables — provided by Apple. We store a record of what you bought and your current subscription tier. We never receive your payment card details.

Technical Data

User ID — the anonymous identifier issued by our authentication provider.
Device type and iOS version — for crash reports and analytics aggregates.
Push notification token — only if you grant notification permission.

We do not collect or use: contacts, calendar, microphone (except as required for video recording features, which we don't currently ship), HealthKit, financial account data, or browsing history outside the App. We do not track you across other companies' apps or websites, so we do not show the App Tracking Transparency prompt.

3. How We Use Your Data

Purpose	Data Used
Create and authenticate your account	Phone number, User ID
Show your profile to other users	First name, age, photos, bio, interests, location-derived distance
Power matching and recommendations	Swipes, location, preferences, gender
Run paid features (Hodie+ / Gold, Boosts, Spotlights, Streak Freezes)	Purchase history, User ID
Provide chat	Message content, match status
Prevent abuse, harassment, and fraud	Reports, blocks, activity logs, device signals
Send transactional notifications (new match, new message)	Push token, User ID
Customer support	Anything you send us in a support email
Comply with legal obligations	Any of the above when legally required

We do not use your personal data for advertising or sell it to anyone. Ever.

We do not share your personal data with third-party AI providers for the purpose of training their models.

4. Automated Decision-Making and Profiling

We use automated processing of your data, including some profiling, to:

Generate your swipe feed — using your stated preferences (age range, distance), gender, and signals from your prior swipe activity to surface profiles you may want to see.
Detect and prevent abuse, fraud, and impersonation — using activity patterns, reports filed against an account, and device signals.
Display contextual UI signals — such as "Active now," distance, and badges based on subscription tier.

These uses do not produce legal effects or similarly significant effects on you within the meaning of Article 22 of the GDPR. You can:

Edit your preferences at any time in Settings to change the profiles surfaced to you.
Request human review of any moderation decision (account suspension, content removal) by emailing support@migla.io. We respond within 14 days.

We do not use AI to make final moderation decisions without human review.

5. Legal Bases for Processing (EU / UK Users)

Under the GDPR / UK GDPR we rely on:

Performance of a contract — to run the dating service you signed up for.
Legitimate interests — to keep the community safe (abuse prevention, moderation, fraud detection).
Consent — for optional permissions like location and push notifications. You can withdraw consent at any time in iOS Settings.
Legal obligation — when we have to respond to lawful requests from law enforcement or regulators.

6. Who We Share Data With

We share personal data only with:

Supabase — our backend and storage provider. Hosts our database, authentication, and photo storage. Bound by a Data Processing Agreement. Operates in the EU.
Apple — operates the App Store and processes all in-app purchases. Subject to Apple's privacy policy.
An SMS provider (Twilio, MessageBird, or similar via Supabase Auth) — receives your phone number to deliver the one-time login code. Does not retain it past the verification window.
Push notification provider — Apple Push Notification service. Receives your device token and the contents of notifications you've opted into.
Crash reporting and analytics — if and when we enable them in a future release, we will list them here. We commit to never enabling personalized advertising SDKs.
Law enforcement and regulators — only in response to a valid legal request, and only the minimum data required.
NCMEC and equivalent child-safety bodies — when we are required to report apparent child sexual abuse material under 18 U.S.C. § 2258A or comparable laws.

We do not share your photos, messages, or profile content with anyone other than the other Hodie users you've chosen to be visible to.

7. International Transfers

Our servers are located in the European Union. If you use Hodie from outside the EU, your data is transferred to the EU, which provides equivalent protection. When we transfer data out of the EU/EEA (for example to the U.S. for Apple Push Notification service), we rely on Standard Contractual Clauses approved by the European Commission, or on other lawful transfer mechanisms.

8. How Long We Keep Data

Data	Retention
Active account profile, photos, matches, messages	Until you delete your account
Phone number (after account deletion)	Hashed and retained for 30 days for fraud prevention, then deleted
Reports and moderation logs	Up to 2 years to keep repeat offenders out
CSAM reports and law-enforcement preservation requests	As long as legally required
Anonymized usage aggregates	Indefinitely
Purchase records	As long as Apple or tax law requires

When you delete your account from the in-app Settings → Delete Account screen, we remove your profile, photos, swipes, matches, and message history immediately. Backups are purged on a rolling 30-day schedule.

9. Your Rights

Wherever you are, you can:

Access — see what we have. Open Settings → Privacy → Download My Data to export it.
Correct — fix it. Edit your profile in-app at any time.
Delete — wipe it. Settings → Delete Account removes everything.
Withdraw consent — revoke location, notifications, or photo access in iOS Settings → Hodie.
Complain — to a data protection authority (in the EU, your national DPA; in Latvia, the Data State Inspectorate — dvi.gov.lv).

Additional Rights for EU / UK Users (GDPR)

Right to data portability (machine-readable export — already provided in-app).
Right to object to processing based on legitimate interests.
Right to restriction of processing.
Right to lodge a complaint with a supervisory authority.

To exercise any of these, email support@migla.io. We respond within 30 days.

Additional Rights for California Residents (CCPA / CPRA)

Right to know what personal information we collect (this policy is that disclosure).
Right to delete personal information (same in-app flow).
Right to correct inaccurate personal information.
Right to opt out of "sale" or "sharing" of personal information — we do not sell or share personal information for cross-context behavioral advertising, so this is automatic.
Right to limit use of sensitive personal information — see below.
Right to non-discrimination — we will not deny service for exercising your rights.

Sensitive Personal Information (California residents)

Under the CPRA, the following categories of information we collect are treated as sensitive personal information:

Precise geolocation — collected once when you grant location permission; used only to compute distance to other users.
Information that may reveal sexual orientation — derived from your dating preferences.

We use sensitive personal information only to:

Provide and operate the dating service you signed up for;
Prevent fraud, harassment, and abuse;
Comply with our legal obligations.

We do not use or disclose sensitive personal information for any other purpose. You have the right to limit our use of sensitive personal information. Because we already restrict use to the purposes above, no separate request is required, but you may email support@migla.io for written confirmation.

Shine the Light (California Civil Code § 1798.83)

California residents may request information about our disclosure of personal information to third parties for those parties' direct marketing purposes. We do not disclose your personal information to any third party for their direct marketing purposes.

10. Children's Privacy

Hodie is strictly for users aged 18 and over. We do not knowingly collect data from anyone under 18. During signup we ask for date of birth and block accounts under 18. If you believe a user under 18 has created an account, email support@migla.io and we will remove it immediately. We report apparent child sexual abuse material to the National Center for Missing & Exploited Children (NCMEC) as required by U.S. federal law (18 U.S.C. § 2258A) and cooperate with law enforcement worldwide.

11. Security

We protect your data using:

TLS 1.2+ for all network traffic.
Row-level security on our database so each user can only access their own data (and what we deliberately surface to them).
Phone-only authentication via short-lived one-time codes — no passwords to leak.
Periodic security audits and code reviews.

No system is perfectly secure. If we ever suffer a breach affecting your personal data, we will notify you and the relevant authorities as required by law (within 72 hours under GDPR, where feasible).

12. Cookies and Similar Technologies

The App does not use cookies. We do use:

Keychain to store your session token securely on-device.
UserDefaults for non-sensitive UI preferences.
Apple's IDFV (vendor identifier) for crash reporting attribution. Resets when you uninstall the App.

The hodieapp.one website does not set any tracking cookies.

13. Changes to This Policy

We may update this policy as the App evolves. Material changes are announced via in-app notice and email (if we have one for you). The "Last Updated" date at the top reflects the most recent revision. Continued use of Hodie after a change means you accept the new policy.

14. Contact

For privacy questions, data requests, or complaints:

Email: support@migla.io
Postal: Migla SIA, Riga, Latvia

For all other matters: support@migla.io.