1. Introduction
Shadkhanim ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our matchmaking platform.
We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our services, you agree to the collection and use of information in accordance with this policy.
2. Data Controller
Shadkhanim Ltd. is the data controller for the personal data processed through our platform.
Contact Information:
Email: dpo@shidouh.com
Data Protection Officer: Available at the email above
3. Information We Collect
We collect the following categories of personal data:
- Account Information: Name, email address, phone number, password (encrypted)
- Profile Data: Candidate profiles you create, including personal details, photos, preferences, and matching criteria
- Usage Data: How you interact with our platform, including pages visited, features used, and actions taken
- Technical Data: IP address, browser type, device information, and cookies
- Communication Data: Messages and correspondence through our platform
- Payment Data: Billing information processed securely through Stripe (we do not store card details)
4. Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our matchmaking services as per our Terms of Use
- Legitimate Interests: Improving our services, fraud prevention, and security
- Consent: For marketing communications and optional analytics
- Legal Obligations: Compliance with applicable laws and regulations
5. How We Use Your Data
We use your information for:
- Providing and maintaining our matchmaking platform
- AI-powered matching suggestions between candidates
- User authentication and account security
- Generating PDF profiles and sharing links
- Sending service notifications and updates
- Processing payments and subscriptions
- Improving our services and developing new features
- Responding to support inquiries
6. Data Sharing
We never sell your personal data. We may share data with:
- Service Providers: Cloud hosting (Google Cloud), authentication (Firebase), payment processing (Stripe), email services (SendGrid)
- Other Users: Only information you explicitly choose to share through our sharing features
- Legal Requirements: When required by law or to protect our rights
All service providers are bound by data processing agreements and must comply with GDPR.
7. International Data Transfers
Your data may be transferred to and processed in the United States through our service providers (Google Cloud, Firebase, Stripe). These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives adequate protection regardless of location.
8. Data Retention
We retain your personal data for:
- Active Accounts: As long as your account is active
- After Account Deletion: Up to 30 days for backup recovery, then permanently deleted
- Legal Requirements: Billing records retained for 7 years as required by law
- Anonymized Data: May be retained indefinitely for analytics
9. Your Rights (GDPR Articles 15-22)
Under GDPR, you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at dpo@shidouh.com. We will respond within 30 days.
10. Data Security
We implement comprehensive security measures:
- End-to-end encryption for sensitive data
- Isolated database per account (multi-tenant architecture)
- HTTPS/TLS encryption for all communications
- Two-factor authentication (2FA) support
- Regular security audits and monitoring
- Access controls and employee training
11. Cookies
We use cookies and similar technologies for authentication, preferences, and analytics. For detailed information, please see our Cookie Policy.
12. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn we have collected data from a child, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our platform. Continued use of our services after changes constitutes acceptance of the updated policy.
14. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the EU, you can contact your local Data Protection Authority. In France, this is the CNIL (www.cnil.fr).
15. Contact Us
For any questions about this Privacy Policy or our data practices, please contact us:
Data Protection Officer
Email: dpo@shidouh.com
Website: shidouh.com