1. Who we are
448 is a community for people living with HIV and the people who love them, with introductions, conversations, and a moderated forum as its core features. This Privacy Policy applies to the 448 mobile application and the website at 448datingapp.com ("448," "the app," "we," "us"). The data controller is 448, Inc. You can reach us at info@448datingapp.com.
2. Information we collect
Information you give us
- Account information: phone number (required for sign-up), email address (optional), name, date of birth.
- Profile information: first name, photos, gender, sexual orientation, ethnicity, education, occupation, location, interests, lifestyle choices (smoking, drinking, kids preference), and relationship goals.
- Sensitive health information: if you choose to disclose it — HIV status, treatment status (e.g. undetectable), last test date, PrEP usage. This is always optional. You control whether and where it appears.
- Partner preferences: age range, distance, gender, qualities you value, and dealbreakers you've named.
- Conversations: messages you send through 448's in-app chat, typing indicators, and read receipts.
- Community posts: text content of community-forum posts and comments you publish.
- Reports and blocks: when you report or block another user, the report content and the identity of the reported user.
Information collected automatically
- Device identifiers: Firebase Installation IDs and device tokens used for push notifications.
- Approximate location: city or ZIP-level, used to surface nearby matches. We do not store precise GPS coordinates.
- App usage telemetry: crash reports, screen views, and event-level analytics through Firebase. These do not include the content of your messages or your photos.
Information from third parties
- Sign-in providers: if you sign in with Google or Apple, we receive your name and email address from that provider.
- RevenueCat / Apple / Google Play: we receive subscription state (active, expired, on trial) but not your payment card details. Payment is processed by Apple or Google.
What stays on your device
Face verification — the step that confirms the person uploading photos matches the person taking the live selfie — runs entirely on your phone using Google ML Kit. No biometric template, face mesh, or selfie image leaves your device for this step. We receive only a verified / not-verified signal.
3. How we use your information
- To run the daily match drop and show you people you might connect with.
- To open and route one-on-one conversations between mutual matches.
- To send transactional push notifications (a new match, a new message, a match status change). You can disable these in your phone's settings.
- To moderate the platform — review reports, action blocks, remove abusive accounts.
- To process subscription state via RevenueCat.
- To improve the app's safety, reliability, and matching quality.
- To comply with our legal obligations.
We do not use your messages, photos, or profile data to train any general-purpose AI model.
4. How we share your information
With other users
Your profile (photos, first name, age, neighborhood, the bio fields you've completed, and any health information you opted to disclose) is visible to the people we introduce you to that day. Your phone number, email address, exact location, and last name are never shared with other users.
With service providers
- Firebase / Google Cloud (United States) — hosting, database, push notifications, crash reporting.
- RevenueCat (United States) — subscription receipt management.
- Apple and Google Play — payment processing for in-app purchases.
These providers act on our instructions and are contractually prevented from using your data for their own purposes.
For safety and legal compliance
We may disclose information if required by valid legal process (subpoena, court order), to protect the safety of users, or to investigate fraud or abuse. We will challenge overly broad requests where lawful to do so.
What we never do
- We do not sell your personal data.
- We do not share your HIV status with advertisers, data brokers, or any third party other than as legally required.
- We do not let other apps read your 448 profile.
5. Sensitive health information
HIV status, treatment status, last test date, and PrEP use are sensitive personal information under U.S. state laws (including CCPA / CPRA in California) and may be considered "special category data" under GDPR.
You provide this information voluntarily, with explicit consent, and may withdraw consent at any time by removing it from your profile or deleting your account. We do not use sensitive health data for any purpose other than displaying it on your own profile, with the visibility settings you control.
6. Your rights
Depending on where you live, you have some or all of the following rights:
- Access: request a copy of the data we hold about you.
- Correction: ask us to fix inaccurate data.
- Deletion: delete your account, profile, photos, conversations, and matches. This is available in-app under Settings → Logout / Delete account, or by emailing info@448datingapp.com.
- Portability: receive an export of your data in a portable format.
- Withdraw consent: for sensitive health information, at any time.
- Object / restrict: object to or restrict certain processing.
- Lodge a complaint: with your local data protection authority.
To exercise any of these, email info@448datingapp.com. We will respond within 30 days.
7. Data retention
We keep your account and profile data while your account is active. When you delete your account, we remove your profile, photos, conversations, matches, and community posts from our active systems within 30 days. Some data (reports against you, account activity logs relevant to safety investigations, subscription receipt records required by tax law) may be retained for up to 7 years where required by law.
8. Security
- All traffic between the app and our servers is encrypted in transit using TLS.
- Data at rest in Firestore and Cloud Storage is encrypted using Google's standard encryption.
- Access to production systems is limited to authorized personnel and audited.
- Face verification runs on your device only; the biometric data never reaches our servers.
No system is unbreachable. If we ever learn of a breach affecting your personal data, we will notify you in a timely manner and as required by applicable law.
9. Children
448 is for adults. You must be at least 18 years old to create an account. If we learn we have inadvertently collected data from someone under 18, we will delete it. If you believe a child is using 448, please email us.
10. International users
448 is operated from the United States. If you use 448 from outside the U.S., your information will be transferred to and processed in the United States. Where required (e.g. GDPR), we rely on Standard Contractual Clauses or other appropriate safeguards for international transfers.
11. California residents (CCPA / CPRA)
If you're a California resident, you have the rights described in Section 6, including the right to opt out of "sharing" or "sale" of personal information. We do not sell or share your personal information for cross-context behavioral advertising. You also have the right to limit the use of sensitive personal information; on 448, all sensitive health information is already collected only with explicit consent and used only as you direct.
12. Changes to this policy
We may update this policy. Material changes will be announced in the app and via email at least 30 days before they take effect. Continued use of 448 after the effective date constitutes acceptance.
13. Contact
Questions, requests, or concerns: info@448datingapp.com.