Privacy Policy

← Back to UniMatch

Last updated: March 2026

1. Data Controller

UniMatch ("we", "us") is the data controller responsible for your personal data. For data protection enquiries, contact our Data Protection Officer at dpo@unimatch.co.ke.

2. Information We Collect

We collect information you provide during registration and use of the service:

• Identity data: name, age, gender, university, department, year of study
• Contact data: university email address
• Profile data: photos, bio, interests, preferences
• Usage data: swipe activity, messages, matches, reports
• Technical data: device type, browser, IP address (for security and rate limiting)

3. Legal Basis for Processing

Under the Kenya Data Protection Act 2019, we process your data based on:

• Consent: You consent to data processing when you create an account and agree to our terms
• Legitimate interest: Platform safety, fraud prevention, and service improvement
• Legal obligation: Compliance with applicable Kenyan law

4. How We Use Your Data

Your data is used to: match you with compatible users, display your profile to potential matches, facilitate messaging, enforce community guidelines, and improve UniMatch. We never sell your personal data to third parties.

5. Data Sharing

We share data only with:

• Other users: Your profile information is visible to other verified UniMatch users
• Service providers: Firebase (Google) for hosting, authentication, and storage — governed by Google's Data Processing Terms
• Law enforcement: When required by Kenyan law or to protect user safety

6. Data Security

We use Firebase infrastructure with industry-standard encryption (TLS 1.3 in transit, AES-256 at rest). Passwords are hashed and never stored in plain text. All API calls are protected by Firebase App Check to prevent abuse.

7. Your Rights (Kenya DPA 2019, Section 26)

You have the right to:

• Access your personal data held by us
• Rectify inaccurate or incomplete data via your profile settings
• Delete your account and all associated data (Settings > Security > Delete My Account)
• Object to processing of your data
• Data portability — request a copy of your data by emailing dpo@unimatch.co.ke

8. Data Retention

We retain your data while your account is active. Upon account deletion, all personal data (profile, photos, messages, matches, swipes) is permanently deleted within 30 days. Anonymised usage statistics may be retained.

9. International Transfers

Your data is processed on Google Cloud servers. Google has signed Standard Contractual Clauses and complies with applicable data protection regulations.

10. Cookies & Local Storage

UniMatch uses session storage for temporary app state (not persistent cookies). Firebase uses essential cookies for authentication. We do not use advertising or tracking cookies.

11. Children's Privacy

UniMatch is not intended for anyone under 18 years of age. We do not knowingly collect personal data from minors. If we discover that a minor has created an account, we will terminate it immediately.

12. Complaints

If you believe your data rights have been violated, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya at www.odpc.go.ke.

13. Changes to This Policy

We will notify users of material changes via in-app notification. Continued use after changes constitutes acceptance.

14. Contact

For privacy-related enquiries, contact our Data Protection Officer at dpo@unimatch.co.ke.