Privacy Policy
1. Data Controller
| Item | Information |
|---|---|
| Controller | Tribu Tabaiba, S. L. |
| Tax ID | B19724582 |
| Registered address | Finca Montijo 4, TF-324 San Antonio, La Orotava 38300, Spain |
| GDPR contact email | legal@thetabaiba.com |
2. What data we collect
| Category | Purpose | What is collected |
|---|---|---|
| Identifiers | Account registration | Name, e-mail, date of birth, gender, pronouns, profile photo |
| Special categories (Art. 9 GDPR) | Affinity and well-being features | Orientation or relational interests, health habits (nutrition, sleep, activity), anthropometric data, voice messages |
| Approximate geolocation | Matches and events | Radius in kilometers from your position (no precise history) |
| Technical | Security and performance | IP, device model, OS, language, advertising IDs, error logs |
| Usage and metrics | Product improvement | Screen views, clicks, filters used, matches, messages sent |
| Payments | Subscriptions | Payment token processed by the app store (we do not store card numbers) |
3. Why we use your data and legal bases
| Purpose | Legal basis | Examples |
|---|---|---|
| Create and manage your account, show matches, messaging | Performance of a contract | Registration, onboarding, profile filtering |
| Process payments and subscriptions | Performance of a contract / legal obligation | In-app purchases, invoicing |
| Send newsletters and promotional push notifications | Consent (opt-in) | News, discounts |
| Approximate geolocation | Consent | Show nearby people and events |
| Store special categories | Explicit consent | Well-being questionnaires |
| Fraud prevention, internal metrics, service improvement | Legitimate interest | Fake account detection, aggregated analytics |
| Compliance with legal obligations | Legal obligation | Tax requirements, official authority requests |
4. Data sharing and processors
| Type of provider | Example | Country | Safeguard |
|---|---|---|---|
| Authentication, hosting, analytics, messaging | Supabase, PostHog, OneSignal, Adapty | EEA | — |
| Payments | Apple App Store, Google Play Store | EEA | Store’s DPA |
| In-person event management | Lu.ma | EEA | Data processing agreement + TOMs |
5. International data transfers
We currently operate with providers located within the European Economic Area. If in the future we need to transfer data outside the EEA, we will apply Standard Contractual Clauses or another valid mechanism and update this Policy in advance.
6. Data retention
| Type of data | Retention period |
|---|---|
| Active account | As long as you are a user |
| After account deletion | Deleted/anonymized within 28 days |
| Billing data | 5 years (legal tax obligation) |
| Logs and metrics | Anonymized after 24 months |
Anonymized data may be retained for statistical purposes, with no possibility of re-identification.
7. User rights
You may exercise your rights to access, rectification, erasure, objection, restriction, and objection to profiling by writing to legal@thetabaiba.com. We respond within a maximum of 30 days.
If you believe your rights have not been respected, you may file a complaint with the Spanish Data Protection Agency (AEPD).
8. Security
- TLS 1.3 encryption in transit
- Minimum access roles and activity logging
- Encrypted backups
9. Minors
The Service is intended for users aged 18 or older only. We may request photo or document verification and will cancel any accounts that do not verify legal age.
10. Marketing and communications
- We will only send commercial communications if you have checked the relevant box during onboarding or later in settings (opt-in).
- You may unsubscribe at any time using the link in each e-mail or via App Preferences (opt-out).
11. Changes to this Policy
Any substantial modification will be notified at least 30 days in advance via e-mail and/or in-app notice. Continued use after this period implies acceptance of the new version.
Questions? Write to legal@thetabaiba.com — we will be happy to help make your experience safe and transparent.