This Privacy Policy describes how RAW Footage processes your personal data when you use Zapp. We are committed to handling your data carefully and complying with the EU General Data Protection Regulation (GDPR).
1.Who We Are
- Controller — RAW Footage
- KvK — 53329546
- Address — Franselaan 236c, Rotterdam, the Netherlands
- Contact — hallo@roffanova.nl
2.What We Collect
| Category | Data | Purpose |
|---|---|---|
| Account | Phone number | Account creation and SMS verification |
| Identity | Selfie photo | Verifying you are a real person aged 18+ |
| Profile | Profile photos (up to 6) | Shown to other users for matching |
| Profile | Name, date of birth, bio, gender, intent, lifestyle preferences, personality tags, hobbies, languages | Matching and profile display |
| Location | City-level location | Calculating match distance — precise GPS is not stored |
| Usage | Swipes, matches, messages, in-app actions | Service operation and safety |
| Device | Push notification token, device type, app version | Push notifications and technical support |
| Payment | Subscription status, entitlement level | Unlocking Zapp+ features |
3.Legal Basis for Processing
We process your personal data on the following legal bases under Article 6 GDPR:
| Processing activity | Legal basis |
|---|---|
| Creating and managing your account | Contract — Art. 6(1)(b) |
| Matching you with other users | Contract — Art. 6(1)(b) |
| Photo and profile text moderation | Legitimate interest — Art. 6(1)(f) — preventing harm and policy violations |
| Identity verification (selfie) | Legitimate interest — Art. 6(1)(f) — preventing fake accounts; and Legal obligation — Art. 6(1)(c) — 18+ age verification |
| Push notifications | Contract — Art. 6(1)(b) |
| Fraud and abuse prevention | Legitimate interest — Art. 6(1)(f) |
| Subscription and payment processing | Contract — Art. 6(1)(b) |
| Compliance with legal obligations | Legal obligation — Art. 6(1)(c) |
Special Category Data (Article 9 GDPR)
Your selfie and profile photos may reveal sensitive characteristics such as appearance or ethnicity. We process this data solely for identity verification and profile display, on the basis of your explicit consent (Art. 9(2)(a) GDPR) given when you complete onboarding and upload your photos. You may withdraw this consent at any time by deleting your account.
4.Automated Decision-Making and Profiling
Zapp uses automated processing to rank and suggest potential matches based on your profile, preferences, and activity. This constitutes profiling under Article 22 GDPR. It does not produce legal or similarly significant effects — it only influences which profiles are shown to you. You can adjust your filter preferences at any time or stop using the service.
Photo and profile text moderation is performed automatically using AI. If content is flagged, it may be reviewed manually before any action is taken on your account.
5.Third-Party Processors
We use the following sub-processors to deliver the service. Each is bound by a GDPR-compliant data processing agreement. Where processors are based outside the EU/EEA, transfers are governed by Standard Contractual Clauses (SCCs) as approved by the European Commission.
| Processor | Purpose | Location | Transfer |
|---|---|---|---|
| Netcup | Server hosting (VPS) | Germany (EU) | — |
| Cloudflare R2 | Profile photo storage | EU-compatible | — |
| Firebase (Google) | Phone number authentication | USA | SCCs |
| Anthropic | AI moderation of photos and profile text; identity verification | USA | SCCs + DPA |
| Brevo | Transactional email | France (EU) | — |
| Twilio | SMS delivery for phone verification | USA | SCCs |
| RevenueCat | Subscription management and entitlement tracking | USA | SCCs |
| Apple | In-app payment processing (iOS) | USA | SCCs |
| In-app payment processing (Android) | USA | SCCs | |
| Mollie | Payment processing on getzapp.app | Netherlands (EU) | — |
6.Data Retention
| Data | Retention period |
|---|---|
| Active account data | Retained while your account is active |
| Selfie (identity verification) | Deleted within 30 days of upload |
| Deleted account — personal data | Permanently erased within 30 days of account deletion |
| Deleted account — messages | Anonymised immediately upon account deletion (sender identity removed). Message content is permanently purged within 30 days. If the account is subject to an open report or investigation, messages are retained for up to 2 years under Article 17(3)(e) GDPR. |
| Encrypted backups | Retained up to 30 days, then rotated |
| Reported or investigated accounts | If your account is subject to a report, moderation investigation, or legal claim at the time of deletion, we may retain relevant data (including messages and account information) for up to 2 years to establish, exercise, or defend such claims, as permitted under Article 17(3)(e) GDPR. You will be notified of any such hold unless doing so would prejudice the investigation. |
| Legal holds | We may retain specific data longer if required by applicable law (e.g. court orders) |
7.Your Rights (GDPR)
Under the EU General Data Protection Regulation, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — delete your account and all associated data (in-app: Settings → Delete Account). Note: if your account is subject to an active report or investigation, erasure of relevant data may be delayed as permitted under Article 17(3)(e) GDPR
- Portability — receive your data in a structured, machine-readable format
- Object — to processing based on legitimate interests
- Restrict processing — in certain circumstances
- Withdraw consent — at any time where processing is based on consent, without affecting the lawfulness of prior processing
- Lodge a complaint — with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
To exercise any of these rights, email hallo@roffanova.nl. We respond within 30 days.
7b.Moderation & Chat Access
In limited circumstances, authorised Zapp staff may access the content of conversations between users for moderation purposes. This access is restricted to cases where:
- A report has been filed against one or both users involved in the conversation
- There is an active investigation into a potential violation of our Terms of Service
- We are required to do so by law or court order
Chat access for moderation is logged internally and subject to strict access controls. We do not monitor conversations routinely or for commercial purposes. The legal basis for this processing is legitimate interest (Art. 6(1)(f) GDPR) — specifically the safety of our users and the integrity of the platform.
8.Security
- All traffic between your device and our servers is encrypted with TLS 1.2+.
- Data is stored on encrypted servers located in the European Union.
- Access to personal data is restricted to authorised personnel only.
- We use industry-standard practices to protect against unauthorised access, though no system is 100% secure.
- In the event of a data breach likely to result in risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours and inform affected users without undue delay.
9.Children
Zapp is strictly for adults aged 18 and over. We do not knowingly collect data from anyone under 18. If we become aware that an account belongs to a minor, the account and all associated data is deleted immediately.
10.Changes to This Policy
We may update this policy from time to time. When we make significant changes, we will notify you via the app or by email. The effective date at the top of this page reflects the most recent version.
11.Contact
Privacy questions, data access requests, or complaints: hallo@roffanova.nl