Privacy Policy – Hotline Ring
Last updated: May 15, 2026
This privacy policy informs you in accordance with Art. 13, 14 GDPR about the processing of personal data in the mobile app Hotline Ring as well as on the website hotlinering.app.
1. Controller
David Hoffmann Annastraße 50 50968 Cologne Germany
Email: hi@hotlinering.app
A designated data protection officer is not legally required (< 20 employees, no regular core activity involving special categories of personal data within the meaning of Art. 37 GDPR).
2. What We Process — Overview
Hotline Ring is a voice-first dating and social app. The following data categories are processed:
| Category | Content | Source |
|---|---|---|
| Account data | Email address, account ID, login timestamp, session token | Entry at registration; Supabase Auth |
| Profile data | Display name, date of birth (→ age), gender, sexual orientation, relationship goal, city, height, languages, search preferences, bio | Entry during onboarding + profile edit |
| Photo data | Up to 4 profile pictures (avatar + gallery), storage paths | Upload via app |
| Location data | Latitude/longitude (rounded, approximate), match radius in km | Entry / system access with permission |
| Connection data | Push notification token, last-online time, online status, IP address (technical, on backend calls) | App lifecycle, backend logs |
| Communication metadata | Call start/end, duration, decisions (match/reject/pending), match lists, call mode (flirt/friends) | During app usage |
| Voice during calls | Audio stream during voice calls in real time | Live transmission — not stored, not recorded, not transcribed |
| Reports & feedback | Reports about other users (reason, free text), in-app feedback (stars + text) | Entry |
| Diagnostic data | JavaScript error stack traces, app version, OS version, device model class | Automatic on crash |
No biometric processing of voice: Hotline Ring does not perform speaker identification, voice-print matching, or voice analysis. Audio data is exclusively relayed live between the two call participants via a WebRTC server (LiveKit) and is not persisted. Therefore, no special categories of personal data within the meaning of Art. 9 GDPR are processed.
3. Purposes and Legal Bases
| Purpose | Data | Legal Basis |
|---|---|---|
| Provision of the account (login, password reset) | Email, account ID | Art. 6 (1) lit. b GDPR — performance of contract |
| Matchmaking (flirt mode) | Profile + location | Art. 6 (1) lit. b GDPR |
| Matchmaking (friends mode) | Profile + languages | Art. 6 (1) lit. b GDPR |
| Voice call transmission | Audio stream | Art. 6 (1) lit. b GDPR |
| Direct calls between matches | Push token, match status | Art. 6 (1) lit. b GDPR |
| Push notifications (call, match) | Push token | Art. 6 (1) lit. b GDPR (core function); system permission separately by consent |
| Stability & bug fixing | Diagnostic data | Art. 6 (1) lit. f GDPR — legitimate interest in a functional application |
| Moderation & safety (reports, blocks, bans) | Reports, blocks, violations | Art. 6 (1) lit. f GDPR — protection of the community + avoidance of illegal content |
| Service improvement | Feedback | Art. 6 (1) lit. a GDPR — voluntary entry |
| Compliance with legal obligations | Account master data | Art. 6 (1) lit. c GDPR (tax/retention periods, once paid services apply) |
4. Recipients and Processing on Behalf
External service providers are engaged under data processing agreements (Art. 28 GDPR). The essential processing takes place in the EU. For any additional US activity, transmission is based on the EU-US Data Privacy Framework (adequacy decision of the European Commission of July 10, 2023) for certified recipients, and alternatively on EU Standard Contractual Clauses under Art. 46 (2) lit. c GDPR.
| Service | Provider | Role | Region | Legal basis for third country |
|---|---|---|---|---|
| Database, auth, storage, realtime, edge functions | Supabase Inc. (USA) | Backend / hosting | EU (Frankfurt) | DPF-certified + SCC |
| Voice call infrastructure (WebRTC SFU) | LiveKit Inc. (USA) | Real-time audio relay | EU + US fallback | SCC, DPF (per provider) |
| Push notification routing | Expo / 650 Industries Inc. (USA) | Routing to APNs / FCM | US | SCC |
| iOS push delivery | Apple Inc. | Push transmission to iPhones | global | Apple's privacy terms, DPF |
| Android push delivery | Google LLC / Firebase Cloud Messaging | Push transmission to Android devices | global | Google's privacy terms, DPF |
| Error and crash diagnostics | Sentry / Functional Software Inc. (USA) | JavaScript stack traces, session replay disabled | EU (Frankfurt) | SCC, DPF |
| Website hosting | Vercel Inc. (USA) | Static pages + edge | EU region (Frankfurt) preferred | SCC, DPF |
A current list of the sub-processors used is provided on request by email (Art. 28 (2) GDPR).
5. Retention Periods
| Type of data | Retention |
|---|---|
| Account + profile + matches | Until account deletion |
| Photo uploads | Until deletion from profile or account |
| Call history (metadata) | 30 days (daily cron job cleans older entries) |
| Match queue entries (queue-active) | 7 days (cron job every 6 hours) |
| Voice audio | not stored |
| Push tokens | Until account deletion or token renewal |
| Reports | at least 12 months (protection against repeated abuse) |
| Feedback | Until account deletion |
| Crash diagnostics (Sentry) | 30 days (Sentry default) |
| Backend logs (edge function invocations) | 7 days (Supabase default) |
| Account master/accounting data for paid services | 10 years (§ 147 AO, § 257 HGB) |
6. Your Rights as a Data Subject
- Access (Art. 15 GDPR) — the data visible in the profile can be viewed at any time; a complete structured copy of the data is provided on request by email.
- Rectification (Art. 16 GDPR) — profile data can be changed at any time through the profile edit screen yourself.
- Erasure (Art. 17 GDPR) — the account can be irrevocably deleted at any time in the app under Profile → Settings → Delete account. All profile, match, call, photo, and report data will be deleted. Alternatively by email.
- Restriction (Art. 18 GDPR) — on request by email.
- Data portability (Art. 20 GDPR) — on request by email, you will receive your data in a machine-readable format (JSON).
- Objection (Art. 21 GDPR) — you may object by email to processing based on legitimate interests (e.g., crash diagnostics, moderation).
- Withdrawal of consent (Art. 7 (3) GDPR) — consents granted (push, location, feedback) can be withdrawn at any time with effect for the future. The lawfulness of processing up to that point remains unaffected.
- Complaint (Art. 77 GDPR) — you may contact the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf, https://www.ldi.nrw.de, or the supervisory authority of your country of residence.
For inquiries: hi@hotlinering.app — we usually respond within 7 days, at the latest within 1 month (Art. 12 (3) GDPR).
7. Anonymity in the App
Hotline Ring is built anonymously. During a voice call, neither side sees the other. Name, avatar, profile picture, age, and bio are only revealed to the call partner when both sides actively consent during the call ("match"). Until then, mutual identity is technically protected by backend security policies (row-level security).
8. Location Data
The processing of approximate location (rounded latitude and longitude coordinates) is optional and only active for the flirt mode if the location permission was granted during onboarding or in the system settings. The accuracy is approximately 1 km (city level); the exact position is not captured. In friends mode, location data is not evaluated. The permission can be revoked at any time in the device settings.
9. Cookies, Tracking, Advertising
- The app uses no cookies.
- The website hotlinering.app uses no tracking cookies and no cross-site / cross-app analytics. There are no advertising trackers and no pixel tagging.
- Sentry (crash diagnostics) receives, in case of a crash, the app version, device class, OS version, and the stack trace; a user reference exists via the account ID insofar as the crash occurred within an authenticated session. Sentry session replays are disabled in our configuration.
- No cross-app tracking takes place; in particular, the iOS Advertising ID (IDFA) is not requested. Apple's App Tracking Transparency dialog therefore does not appear.
10. Automated Decision-Making / Profiling
For matching call partners, Hotline Ring uses a deterministic rule-based matchmaking algorithm that compares the preferences you specified yourself (gender, age range, language, radius). An automated decision with legal or similarly significant effect within the meaning of Art. 22 GDPR does not take place. No profiling or scoring based on personality traits is performed.
11. Data Security
- TLS 1.2+ for every connection between app, website, and backend.
- WebRTC SRTP (Secure Real-time Transport Protocol) for the voice connection, routed through LiveKit's Selective Forwarding Unit; audio is not recorded and not cached.
- bcrypt hashing of login passwords by Supabase Auth — plaintext passwords are not stored and never logged.
- Row-level security (RLS) at the database level — every table allows read/write access only to your own data or data in which you are involved as a match partner.
- Backups of the database daily, encrypted, retained for 7 days.
- Apple Privacy Manifest and Required Reason APIs are declared in the iOS build.
12. Privacy on the Website
When hotlinering.app is accessed, technically necessary server logs are processed:
- IP address (shortened after 7 days)
- URL accessed
- Referer (if present)
- User agent (browser, OS)
- Time of access
Legal basis: Art. 6 (1) lit. f GDPR — maintenance of operational security, abuse prevention. Logs are anonymized after 7 days.
13. Changes to This Policy
This privacy policy may be adapted if the processing or the legal situation changes. Significant changes will be communicated in the app and on the website. The current version at the date above is binding.