She & HER, Inc. Privacy Policy

Effective Date: March 13, 2026  ·  Version 1.0

1. Who We Are


She & HER, Inc. (“She & HER,” “we,” “us,” or “our”) is a corporation incorporated in the State of Delaware, United States, with its principal place of business in Houston, Texas. We operate the She & HER mobile application and website (collectively, the “Platform”). We are a data controller in respect of personal data collected through the Platform.

Data Controller Contact: legal@sheandher.io

Principal place of business: Houston, Texas, United States

State of incorporation: Delaware, United States

For EU/UK users, we are in the process of appointing a Data Protection Representative. Details will be published here prior to launch.

2. Data We Collect


2.1 Information You Provide Directly

  • Account information: name, email address, date of birth
  • Profile information: photos, bio, location (city/region)
  • Identity information: gender identity (collected during onboarding)
  • Interest and preference data: Current Obsessions, Open To, My Current Vibe (interest categories)
  • Life Alignment preferences: political alignment, religious/spiritual beliefs, drinking habits, smoking/drug preferences, gender preferences, race/ethnicity preferences
  • Application responses: answers provided during the membership application process
  • Communications: messages sent through the Platform or to our support team

2.2 Information We Collect Automatically

  • Device information: device type, operating system, app version
  • Usage data: features accessed, screens viewed, session duration
  • Log data: IP address, timestamps, crash reports
  • Analytics data: aggregated and de-identified behavioral data

2.3 Special Category Data

We collect and process certain special category personal data as defined under GDPR Article 9 and equivalent UK law. This includes:

  • Sexual orientation (implicit from the nature of our platform as a sapphic/WLW community)
  • Religious or philosophical beliefs (collected via Life Alignment preferences)
  • Racial or ethnic origin (collected via Life Alignment preferences, post-approval profile setup)

We process this data only with your explicit consent and for the purpose of providing community matching and connection services. You may withdraw consent at any time, though this may affect your ability to use certain features.

3. How We Use Your Data


3.1 Platform Operations

  • To process your membership application and verify eligibility
  • To operate, maintain, and improve the Platform
  • To power our community matching and connection features
  • To facilitate communication between members
  • To enforce our Terms of Service and Community Guidelines

3.2 Safety and Security

  • To detect and prevent fraud, abuse, harassment, and other harmful behavior
  • To verify identity and community eligibility
  • To respond to safety reports and conduct incident investigations

3.3 Communications

  • To send you service notifications, application status updates, and platform announcements
  • To respond to your support requests and appeals
  • To send optional marketing communications where you have provided consent

3.4 Legal Obligations

  • To comply with applicable laws and regulations
  • To respond to lawful requests from public authorities


4. Legal Basis for Processing (EU and UK Users)


For users in the European Union and United Kingdom, we rely on the following legal bases under GDPR and UK GDPR:

  • Contractual necessity (Article 6(1)(b)): Processing required to provide our services, including application review, matching, and account management
  • Explicit consent (Article 6(1)(a) and Article 9(2)(a)): Processing of special category data including sexual orientation signals, religious beliefs, and racial/ethnic origin preferences
  • Legitimate interests (Article 6(1)(f)): Safety, fraud prevention, and platform improvement, where not overridden by your rights
  • Legal obligation (Article 6(1)(c)): Where required by applicable law

You have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.


5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

  • Active member data: retained for the duration of your membership
  • Deleted account data: permanently deleted within 30 days of account deletion request, except where retention is required by law
  • Aggregate/anonymized analytics: retained indefinitely as they no longer constitute personal data


6.1 We Do Not Sell Your Data

She & HER does not sell your personal data to third parties. We do not allow advertisers to access your personal data.


6.2 Service Providers

We share data with trusted third-party service providers who assist in operating the Platform, including:

  • Cloud infrastructure and hosting providers
  • Analytics providers (using aggregated, de-identified data where possible)
  • Customer support tooling
  • Email delivery providers

All service providers are contractually bound to process your data only on our instructions and in accordance with applicable privacy law.


6.3 Legal Requirements

We may disclose your data if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of She & HER, our members, or others.


6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.


7. International Data Transfers


She & HER is based in the United States. If you are accessing the Platform from the European Union, United Kingdom, or other regions with data protection laws, your data may be transferred to and processed in the United States.

For EU users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for international transfers.

For UK users: We rely on the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs as applicable.

[LEGAL NOTE: Confirm transfer mechanisms with counsel. SCCs and IDTA must be executed before EU/UK launch.]


8. Your Privacy Rights


8.1 Rights for All Users

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to certain types of processing
  • Withdrawal of consent: Withdraw consent for special category data processing at any time


8.2 Additional Rights for EU and UK Users (GDPR / UK GDPR)

  • Right to restrict processing: Request that we limit how we use your data in certain circumstances
  • Right not to be subject to automated decision-making: We do not make legally significant decisions about you based solely on automated processing
  • Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority (EU: your national Data Protection Authority; UK: the Information Commissioner’s Office (ICO) at ico.org.uk)


8.3 California Users (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to delete personal information we have collected
  • Right to opt-out of sale or sharing of personal information (note: we do not sell personal data)
  • Right to non-discrimination for exercising your CCPA rights
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information

To exercise your California rights, contact us at legal@sheandher.io with the subject line “California Privacy Request.”


8.4 How to Exercise Your Rights

To exercise any of your privacy rights, contact us at legal@sheandher.io. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.


9. Cookies and Tracking


The She & HER mobile application uses minimal tracking technologies. We use analytics tools to understand aggregate usage patterns and improve the Platform. We do not use third-party advertising trackers.

Our website (sheandher.io) may use cookies for essential functionality. A cookie preference manager will be provided on the website in accordance with applicable law.

10. Children’s Privacy


The Platform is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a minor, we will delete it immediately. If you believe a minor has provided us with data, contact us at legal@sheandher.io.

11. Data Security


We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit, access controls, and regular security reviews.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

In the event of a data breach that is likely to result in high risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law.

12. Profile Visibility and Algorithmic Matching


The following data is used in our matching algorithm and search/filter functionality but is NOT displayed publicly on your profile:

  • Gender identity
  • Race and ethnicity

Life Alignment preferences (political, religious, drinking, smoking, gender, race/ethnicity) are used for algorithmic matching only. They are not visible to other members.

Profile photos, bio, interests, and other content you choose to share may be visible to other approved members of the community.

13. Changes to This Policy


We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email, and update the Effective Date above. Your continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

14. Contact and Complaints


She & HER, Inc.

Email: legal@sheandher.io

Website: sheandher.io/privacy

EU/UK users who are unsatisfied with our response to a privacy concern have the right to lodge a complaint with their national Data Protection Authority or, in the UK, the Information Commissioner’s Office (ICO):

ICO: ico.org.uk | Helpline: 0303 123 1113