Privacy Notice (GDPR)
This notice explains what personal data we process, our lawful bases, and the rights you have under the EU GDPR and UK GDPR.
Last updated: 12 July 2026
Who this applies to
Data subjects in the EU / EEA and the UK using Ocxit. If you’re in India, see our DPDP notice instead.
Data controller
Ocxit Technologies Pvt Ltd is the controller of your personal data. Contact our DPO at dpo@ocxit.app.
Categories of personal data
- Account: phone/email, name, date of birth, city, gender identity, orientation.
- Profile: photos, prompts, voice intros, verification results.
- Usage: matches, messages, device/app data, coarse location (with permission).
- Payments: processed by our payment partners; we don’t store card numbers.
Lawful bases (Art. 6 GDPR)
- Contract: providing the service you signed up for.
- Legitimate interest: safety, fraud prevention, product improvement (balanced against your rights).
- Consent: non-essential cookies, marketing communications, personalisation.
- Legal obligation: tax and law enforcement requests.
Your rights
- Access and portability (get a copy in a machine-readable format).
- Rectification of inaccurate data.
- Erasure (“right to be forgotten”).
- Restriction and objection to certain processing.
- Withdraw consent at any time.
- Lodge a complaint with your local supervisory authority.
Use Settings → Privacy in the app, or email dpo@ocxit.app. We respond within one month, extendable by up to two more months for complex requests.
Retention
We keep account data while your account is active. On deletion, we erase personal data within 30 days, except where retention is required by law.
International transfers
When we transfer personal data outside the EEA / UK, we use the European Commission’s Standard Contractual Clauses (and the UK IDTA where applicable), along with additional technical and organisational measures where required.
Automated decisions
Matching uses machine-learning models, but decisions with legal or similarly significant effects are not made solely by automation.
Security & breach
Encryption in transit and at rest, access controls, and regular reviews. In the event of a breach likely to result in risk to your rights, we notify the relevant supervisory authority within 72 hours and affected users without undue delay.
Contacting us
Data Protection Officer: dpo@ocxit.app
You can also complain to your local supervisory authority (find yours via edpb.europa.eu).
This notice is guidance about our practices, not legal advice.