1. Introduction
Austin Nelson, doing business as Enshrine ("Enshrine," "we," "us," or "our"), operates the Enshrine mobile application and related services (the "Service"). This Privacy Policy explains what personal information we collect, how we use it, when we disclose it, how long we keep it, and the choices and rights available to you.
Enshrine is currently intended for users located in the United States and Canada. It is not currently intended for users located in the European Economic Area, the United Kingdom, or Switzerland.
This Policy is designed to address U.S. and Canadian privacy requirements that may apply to the Service, including the California Consumer Privacy Act as amended by the California Privacy Rights Act, Canada's Personal Information Protection and Electronic Documents Act, and Washington's My Health My Data Act.
2. Controller and Contact
Austin Nelson, doing business as Enshrine, is responsible for the personal information handled through the Service.
Austin Nelson, doing business as Enshrine
4010 W Okanogan Ave
Kennewick, WA 99336
General: support@enshrine.cc
Privacy and Compliance: compliance@enshrine.cc
3. Personal Information We Collect
3.1 Account and Profile Information
We collect information you provide when you create or update an account, including name, email address, date of birth, gender or gender identity, city, state or province, photos, bio, dating preferences, relationship goals, education, occupation, height, religion, kids preferences, politics, and other profile fields you choose to provide.
ZIP code may be used as a temporary input to look up city and state, but Enshrine does not maintain a user-profile ZIP-code field as part of the core profile schema.
3.2 Communications and User Content
We collect content and metadata related to messages, chat images, reports, appeals, support tickets, moderation disputes, privacy requests, and other communications you submit through the Service.
Video calls are peer-to-peer through WebRTC and are not recorded by Enshrine. We may process connection metadata needed to support the feature.
3.3 Verification, Age, Liveness, and Biometric Information
Enshrine uses verification systems to help confirm that users are adults, reduce fake accounts, and prevent ban evasion.
We use AWS Rekognition Face Liveness to verify that a user is a live person during signup and periodic re-verification. AWS processes the liveness challenge. Enshrine does not store raw liveness video in its own database. Enshrine may store liveness-related operational records such as verification status, vendor name, session identifiers, timestamps, confidence or result information returned by AWS, and limited diagnostic payloads with raw image bytes removed.
The app may use AWS Cognito identity infrastructure to allow the device to start a liveness session with AWS. Enshrine may store a short-lived local liveness timestamp on the device to avoid requiring a liveness check every time the app is opened.
If an account is banned or under ban-evasion review, Enshrine may index a reference face image into an AWS Rekognition collection and store the resulting face identifier for safety and ban-evasion purposes. A potential match is routed for human review before Enshrine makes a ban-evasion decision.
Age verification may involve a third-party provider if configured. If government-issued ID review is used, the provider's handling of ID data depends on the provider workflow and should be disclosed in the verification flow.
3.4 Photos, Media, and Safety Scoring
Profile photos and chat images may be uploaded to Cloudinary. Enshrine uses on-device image-safety scoring and may use AWS Rekognition cloud review for photo safety, face review, or moderation support. These systems may generate scores, labels, review status, and disagreement reports used for safety and moderation.
3.5 Payment and Subscription Information
The current subscription flow uses Google Play Billing. Enshrine receives purchase records and tokens needed to verify and manage subscriptions. Enshrine does not receive your full payment card number.
If Enshrine later makes the App available through another app store, that store may provide purchase records needed to manage your account.
3.6 Device, Usage, and Technical Information
We collect device and technical information such as device type, operating system, IP address, app version, session events, feature usage, authentication events, security events, error reports, and similar operational logs.
Enshrine does not currently use third-party advertising SDKs, Google Analytics or Firebase Analytics, Meta SDK, Mixpanel, Amplitude, or similar third-party analytics SDKs.
3.7 Location Information
With your permission, Enshrine may collect approximate or precise location information to support proximity matching, map discovery, distance calculations, and location-based features. Location may be stored on your account row or in feature-specific discovery settings.
You can revoke location permission in device settings, but some features may not work or may be limited.
3.8 Local Device Storage
The app uses local device storage such as Android SharedPreferences and iOS NSUserDefaults or equivalent local storage to store session state, preferences, permission disclosure flags, liveness-cache timestamps, onboarding drafts, image-safety cache entries, discovery settings, app activity, and similar app data.
Local device storage is described in more detail in the Cookie Policy.
3.9 Information from Third Parties
We may receive information from service providers and platform providers, including Supabase, AWS, Cloudinary, Resend, Cloudflare, Google Play, app-store providers if added later, identity or age-verification providers if configured, and social-login providers if you choose to use them.
4. How We Use Personal Information
We use personal information to:
- Create, authenticate, maintain, and secure accounts.
- Verify age, liveness, account integrity, and eligibility.
- Operate matching, discovery, messaging, video, games, subscriptions, support, and notifications.
- Display and manage profiles and user content.
- Process purchases and subscription status.
- Detect, investigate, prevent, and respond to fraud, abuse, harassment, scams, ban evasion, illegal activity, safety incidents, and policy violations.
- Score, review, blur, reject, or remove unsafe images or content.
- Process reports, support tickets, appeals, privacy requests, and moderation disputes.
- Improve reliability, debug issues, measure product behavior, and maintain the Service.
- Send service communications and safety notices.
- Send promotional communications only where permitted and with consent where required.
- Comply with legal obligations and enforce our Terms and Community Guidelines.
5. Automated Processing, AI, and Human Review
Enshrine uses automated and semi-automated systems for matching, safety, moderation, liveness verification, face-match review, image-safety scoring, and fraud prevention.
Automated match suggestions do not guarantee compatibility, safety, identity, or user behavior. Automated safety systems may block an upload, blur an image, place a photo in review, flag a disagreement, hold an account for review, or help moderators prioritize reports.
Potential ban-evasion face matches are subject to human review before a final ban-evasion decision. If an automated or semi-automated action materially affects your account, you may request human review by contacting compliance@enshrine.cc or using available in-app controls.
6. When We Disclose Personal Information
We do not sell personal information for money. We do not currently share personal information for cross-context behavioral advertising.
We may disclose personal information to:
- Supabase for authentication, database, edge functions, realtime features, and backend infrastructure.
- Amazon Web Services for Rekognition Face Liveness, Rekognition face or moderation review, and related cloud infrastructure.
- Cloudinary for image upload, storage, transformation, and delivery.
- Resend for transactional email, including account, safety, support, appeal, and privacy-request notifications.
- Cloudflare for edge workers, security, webhook mediation, and TURN services used to support WebRTC connectivity where configured.
- Google Play for subscription purchase verification and billing-related records.
- App-store providers if Enshrine later offers the App through another platform.
- Verification providers if age or identity verification is configured.
- Professional advisors and service providers who help operate, secure, audit, or support the Service.
- Law enforcement, emergency services, courts, regulators, or other authorities when required by valid legal process or when we believe disclosure is necessary to prevent serious harm, investigate illegal activity, protect users, or protect the Service.
- A successor or prospective successor in connection with a merger, acquisition, financing, reorganization, or sale of assets.
- Other users or recipients when you choose to share content or communications with them through the Service.
We may disclose aggregated or de-identified information that is not reasonably linked to you.
7. Cross-Border Processing
Enshrine is operated from the United States. If you use the Service from Canada, your personal information may be transferred to, stored in, or accessed from the United States and other countries where our service providers operate.
Personal information handled in another country may be subject to that country's laws, including lawful access by courts, law enforcement, regulators, or national-security authorities.
8. Data Retention
We keep personal information only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted for legal, safety, security, fraud-prevention, tax, accounting, dispute-resolution, or compliance reasons.
| Data Type | General Retention Approach |
|---|---|
| Account and profile information | Kept while your account is active; removed from active account systems after deletion unless retained for safety, legal, backup, or compliance reasons |
| Messages and chat logs | Kept while needed to provide messaging and safety functions; may be retained after deletion for legal holds, reports, investigations, or backup cycles |
| Support tickets, reports, appeals, and moderation records | Kept as needed for safety, enforcement, dispute resolution, legal compliance, and repeat-offender detection, generally up to 5 years unless longer retention is required |
| Liveness session records | Kept as operational verification records while needed for account integrity, audit, safety, and troubleshooting |
| Raw liveness video | Not stored by Enshrine in its own database |
| Local liveness cache | Stored on device for a limited period, currently about 6 hours per user unless cleared earlier through logout or app data deletion |
| Face identifiers used for ban-evasion review | Kept while needed for safety and ban-evasion prevention, generally up to 1 year unless a different period is required for legal, safety, or appeal reasons |
| Payment and subscription records | Kept as needed for subscription management, tax, accounting, chargeback, and legal obligations, generally up to 7 years |
| Location information | Kept while needed for account, discovery, and proximity features; feature-specific discovery locations may expire or be replaced based on product settings |
| Device, usage, security, and operational logs | Kept as needed for security, debugging, fraud prevention, and operations, generally for a limited operational period unless linked to a safety or legal matter |
| Privacy-rights requests | Kept as needed to demonstrate request handling and legal compliance |
When retention is no longer necessary, we delete, de-identify, aggregate, or restrict the data according to the applicable system and operational process.
9. Your Privacy Rights
Depending on where you live, you may have rights to:
- Access personal information we maintain about you.
- Correct inaccurate personal information.
- Delete personal information, subject to exceptions.
- Obtain a copy of certain personal information.
- Withdraw consent where processing is based on consent.
- Object to or limit certain processing.
- Opt out of sale or sharing for cross-context behavioral advertising, if applicable.
- Limit certain uses of sensitive personal information, where applicable.
You may submit a request by:
- Using the in-app Privacy Rights screen, currently reachable through Help and privacy controls where available.
- Emailing compliance@enshrine.cc.
- Mailing us at the address in Section 2.
We may need to verify your identity before completing a request. We may deny or limit requests where permitted by law, including where information is needed for security, fraud prevention, legal compliance, safety, payment records, disputes, backups, or other permitted exceptions.
10. California Residents
California residents have additional rights under the CCPA/CPRA, including the right to know, access, delete, correct, opt out of sale or sharing, and limit certain uses of sensitive personal information.
Enshrine does not currently sell personal information or share personal information for cross-context behavioral advertising. You may still submit a "Do Not Sell or Share" request through the in-app Privacy Rights screen or by contacting compliance@enshrine.cc.
We respond to California privacy requests within 45 days, unless an extension is permitted and notice is provided. See the California Privacy Policy for more detail.
11. Washington Residents and Consumer Health Data
Washington's My Health My Data Act may apply to certain consumer health data. Enshrine is not a healthcare provider and does not collect medical records, diagnoses, or treatment information as part of the dating service.
Depending on context, the following information may be treated as consumer health data where Washington law applies:
- Biometric information used for liveness verification or ban-evasion review.
- Dating, relationship, or profile information you provide that may reveal or allow inferences about sensitive personal matters.
- Messages, reports, support requests, or appeals that you choose to submit and that contain health-related or sexual-health-related information.
We use this information to provide the Service, verify eligibility and liveness, support dating and discovery features, prevent fraud and abuse, investigate safety issues, enforce policies, and comply with law.
We do not sell consumer health data. We do not share consumer health data for advertising.
Washington residents may request access, deletion, withdrawal of consent, or a list of third parties and affiliates with whom consumer health data has been shared, subject to legal exceptions. Submit requests through the in-app Privacy Rights screen or by emailing compliance@enshrine.cc with the subject line "Washington Health Data Request." We aim to respond within 45 days where required by law.
Withdrawing consent for biometric or liveness processing may prevent you from creating or accessing an account because liveness verification is a safety and eligibility control.
12. Canadian Residents
If you live in Canada, Enshrine handles personal information under PIPEDA and applicable provincial privacy laws.
You may request access to personal information, correction of inaccuracies, information about our practices, or withdrawal of consent, subject to legal and contractual restrictions. Withdrawing consent may limit or prevent access to features that require the information.
We respond to Canadian access requests within 30 days unless an extension is permitted by law. If we extend the time, we will notify you within the first 30 days and explain the reason where required.
You may contact the Office of the Privacy Commissioner of Canada or your provincial privacy regulator if you are unsatisfied with our response.
13. Children's Privacy
Enshrine is for adults 18 and older. We do not knowingly permit minors to create accounts. If we learn that a minor has created an account, we will take appropriate action, which may include restricting or deleting the account and associated data, subject to legal-preservation, safety, reporting, or investigation needs.
If you believe a minor is using the Service, contact compliance@enshrine.cc.
14. Security and Breach Notification
We use technical and organizational measures designed to protect personal information, including encrypted transmission where supported, authentication controls, database access controls, service-role restrictions, moderation workflows, and security monitoring appropriate to the Service.
No system is perfectly secure. If we determine that a security incident requires notice to users, regulators, or authorities, we will provide notice as required by applicable law.
15. Cookies and Similar Technologies
Enshrine is a mobile app and generally does not use browser cookies in the way websites do. We use local storage, tokens, device permissions, vendor logs, and similar technologies as described in the Cookie Policy.
16. Changes to This Policy
We may update this Policy as the Service, law, or operations change. If a change is material, we will provide notice in the App or by another reasonable method where required. The "Last Updated" date shows when this Policy was last revised.
17. Contact
Austin Nelson, doing business as Enshrine
4010 W Okanogan Ave
Kennewick, WA 99336
General: support@enshrine.cc
Privacy and Compliance: compliance@enshrine.cc
California Privacy Notice
Supplemental Notice for California Residents
This California Privacy Policy supplements the Enshrine Privacy Policy and applies to California residents. Terms used in this notice have the meanings given by the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") where applicable.
1. Categories of Personal Information Collected
In the past 12 months, Enshrine has collected or may collect the following categories of personal information:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email address, IP address, device identifiers, account ID | Yes |
| California customer records | Account profile, contact information, subscription records | Yes |
| Protected classifications | Age and gender or gender identity where provided | Yes |
| Commercial information | Subscription status, purchase tokens, purchase history returned by Google Play | Yes |
| Biometric information | Liveness results, face identifiers for ban-evasion review, verification metadata | Yes |
| Internet or electronic network activity | App usage, feature activity, authentication events, operational logs | Yes |
| Geolocation data | Approximate or precise location when permission is granted | Yes |
| Audio, electronic, visual, or similar information | Profile photos, chat images, video-call metadata, uploaded media | Yes |
| Professional or employment information | Occupation or education if provided in profile | Yes |
| Inferences | Match preferences, discovery preferences, safety or moderation signals | Yes |
| Sensitive personal information | Precise geolocation, biometric information, account credentials, message contents, profile information that may reveal sensitive traits or preferences | Yes |
Enshrine does not collect Social Security numbers, driver's license numbers, government financial-account numbers, medical records, or precise health-treatment information as part of the ordinary dating-service profile.
2. Sources of Personal Information
We collect personal information from:
- You, when you create an account, build a profile, upload content, message users, submit reports, file appeals, contact support, or submit privacy requests.
- Your device and app activity, including permissions, local storage, IP address, and operational logs.
- Service providers, including Supabase, AWS, Cloudinary, Resend, Cloudflare, Google Play, and configured verification providers.
- Other users, when they interact with you, report content, submit safety information, or communicate with you through the Service.
- Platform providers, such as Google Play for purchase verification.
Enshrine does not currently use third-party advertising SDKs or third-party analytics SDKs such as Google Analytics, Firebase Analytics, Meta SDK, Mixpanel, or Amplitude.
3. Business or Commercial Purposes for Collection
We collect, use, or disclose personal information for:
- Account creation, authentication, and account security.
- Age, liveness, eligibility, and ban-evasion review.
- Matching, discovery, messaging, video, games, support, and subscription features.
- Location-based discovery and distance calculations.
- Payment verification and subscription management.
- Safety, moderation, fraud prevention, report handling, appeal handling, and legal compliance.
- Image-safety scoring, photo review, and content moderation.
- Debugging, product reliability, service improvement, and operational analytics performed without third-party advertising SDKs.
- Communications about account, safety, support, legal, or privacy matters.
- Enforcing Terms, Community Guidelines, and other policies.
4. Categories of Personal Information Disclosed
In the past 12 months, Enshrine has disclosed or may disclose the following categories of personal information for business purposes:
| Recipient Category | Categories Disclosed |
|---|---|
| Hosting and backend providers, including Supabase | Identifiers, profile data, communications, usage data, location, moderation records |
| Verification and safety providers, including AWS | Identifiers, photos or image data, biometric/liveness data, moderation signals, verification metadata |
| Media providers, including Cloudinary | Photos, chat images, media metadata, identifiers needed for upload and delivery |
| Email providers, including Resend | Email address, account and safety message content, support and privacy-request notifications |
| Edge and connectivity providers, including Cloudflare | IP address, connection data, webhook data, TURN credential data where configured |
| Payment platforms, including Google Play | Purchase tokens, subscription records, commercial information |
| Professional advisors and compliance providers | Information needed for legal, security, accounting, tax, or compliance purposes |
| Law enforcement, emergency services, regulators, or courts | Information required by valid process or needed to prevent serious harm or investigate illegal activity |
| Other users | Content and profile information you choose to share through the Service |
| Successors in a business transaction | Relevant categories needed for the transaction, subject to appropriate protections |
5. Sale or Sharing of Personal Information
Enshrine does not currently sell personal information.
Enshrine does not currently share personal information for cross-context behavioral advertising. Enshrine does not currently use advertising SDKs or advertising identifiers for targeted advertising.
You may still submit a request to opt out of sale or sharing by using the in-app Privacy Rights screen or contacting compliance@enshrine.cc. If Enshrine later introduces advertising or sale/share activity covered by the CCPA/CPRA, we will update this notice and provide required opt-out controls before activating those practices.
Enshrine does not knowingly sell or share personal information of anyone under 18.
6. Sensitive Personal Information
Enshrine collects sensitive personal information, including:
- Precise geolocation when location permission allows it.
- Biometric information used for liveness verification and ban-evasion review.
- Account credentials and authentication tokens.
- Message contents and other private communications.
- Profile information or preferences that may reveal sensitive personal characteristics.
Enshrine uses sensitive personal information to provide requested services, verify users, maintain safety, prevent fraud and abuse, process reports and appeals, maintain account security, provide location-based features, comply with law, and enforce policies.
Enshrine does not use sensitive personal information to infer characteristics for unrelated advertising. Enshrine does not sell sensitive personal information.
You may request that Enshrine limit use of sensitive personal information by using the in-app Privacy Rights screen or contacting compliance@enshrine.cc. Some sensitive personal information is necessary to provide the Service. Limiting liveness, biometric, age, or location processing may restrict or prevent access to features or the account.
7. Retention
We retain each category of personal information as described in the Data Retention section of the Privacy Policy. Retention depends on the data type, account status, safety needs, legal obligations, payment requirements, backup cycles, pending reports, appeals, legal holds, and dispute-resolution needs.
8. Your California Privacy Rights
California residents may have the following rights:
- Right to Know: Request categories and specific pieces of personal information collected about you.
- Right to Access: Receive a copy of certain personal information.
- Right to Delete: Request deletion of personal information, subject to exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing: Direct us not to sell or share personal information for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Personal Information: Direct us to limit certain sensitive-personal-information uses where the right applies.
- Right to Non-Discrimination: Receive equal service and price when exercising rights, except where a difference is reasonably related to the value of data or the information is necessary to provide the requested service.
9. How to Submit a Request
You or your authorized agent may submit a request by:
- In-App: Privacy Rights screen, currently available through Help and privacy controls where available.
- Email: compliance@enshrine.cc.
- Mail: Austin Nelson, doing business as Enshrine, 4010 W Okanogan Ave, Kennewick, WA 99336.
We will verify your identity before processing access, deletion, or correction requests. For authorized-agent requests, we may require proof that the agent is authorized and may ask you to verify your identity directly.
We respond to California requests within 45 days. If an extension is permitted and needed, we will notify you.
10. Global Privacy Control and Mobile Controls
Enshrine is primarily a mobile app and does not currently sell or share personal information for cross-context behavioral advertising. If Enshrine operates a web experience that detects a legally recognized opt-out preference signal, we will honor it where required by law.
Mobile users can also limit app permissions through device settings, including location, camera, microphone, notifications, and advertising identifier settings where applicable.
11. Financial Incentives
Enshrine does not currently offer financial incentives or price or service differences in exchange for the collection, sale, sharing, or retention of personal information.
12. Shine the Light
California residents may request information about personal information disclosed to third parties for their own direct-marketing purposes during the past calendar year. Enshrine does not currently disclose personal information to third parties for their own direct-marketing purposes. Submit requests to compliance@enshrine.cc with the subject line "Shine the Light Request."
13. Contact
Austin Nelson, doing business as Enshrine
4010 W Okanogan Ave
Kennewick, WA 99336
General: support@enshrine.cc
Privacy and Compliance: compliance@enshrine.cc