This is the policy that governs the data BothWant collects from you. It is also a description of the kind of company we are trying to be — one that does not require its customers to read seven thousand words to find out where their answers are stored.
What we collect.
The complete list, with no surprises after the comma:
- —Your
email— used to log you in, and to send you exactly two kinds of email (transactional and the optional weekly journal). - —Your
password— held by our authentication provider (Supabase Auth) as a salted hash only. We never store or log your plaintext password. - —The
profile fieldsyou give us during onboarding — the details you choose to share so the product can address you and pair you with your partner. - —Your
quiz answers— stored in our Postgres database, encrypted at rest (AES-256) and in transit (TLS 1.2+). Row-level security scopes them to you; the only thing ever shown to your partner is the overlap you both matched on. - —
Payment metadatavia Stripe — a customer ID and your subscription status. Your card number goes to Stripe directly and never touches our servers. - —
Analytics events— PostHog, with PII masking enforced. Which screens are visited, which buttons are clicked. Never your answers. - —Operational metadata —
account_created_at,last_login_at,partnership_id. Used to make the product work.
That is the complete list. It does not contain your card number, your contacts, your photos, your location history, your device fingerprint, or anything else you may be reflexively expecting an internet service to ask for.
How we use it.
Your email is used to authenticate you and to send you the two email types listed above. Your answers are used for exactly one thing: computing the reveal. When both partners have finished, the comparison runs on our servers — in a privileged context, never on either partner's device — and only the mutual overlap is returned to either of you. Your unmatched answers are never sent to your partner.
Your answers are not analytics. There is no dashboard at BothWant where someone — engineer, support agent — can browse what couples have said yes to, and internal access to production data is restricted to what operating the service requires. The architecture is described in detail at /security.
We use anonymized, PII-masked product analytics (PostHog, with masking enforced at the SDK level) to understand which screens are confusing and which buttons are getting clicked. The analytics pipeline does not see your email, your answers, or your partnership ID.
Your rights.
You can do the following from your /settings page, without contacting us:
- —Export everything we have on you — one click, an instant JSON download of your profile, your responses, your matches, and your journal.
- —Update your email address.
- —Change your password.
- —Delete your account, in full. See below.
Deletion is immediate and irreversible. The moment you confirm, we remove your auth user and every row that belongs to you — responses, matches, partnership, journal — and we cancel your Stripe subscription as part of the same flow. Deleted data drops out of our daily backups as the 30-day retention window expires. There is no archive. There is no soft-delete. There is no “in case you change your mind”; if you change your mind, you sign up again.
If you are in the EU, the UK, or California, the rights enumerated above already cover what your local law requires (access, rectification, erasure, portability). You do not need to invoke a specific clause to exercise them — the buttons are in Settings. If a button fails you, or you would rather a human did it, write to privacy@bothwant.com and we will handle it by hand.
Children.
BothWant is not designed for, marketed to, or appropriate for anyone under 18. We do not knowingly collect data from minors. If we learn that we have, we delete it.
Contact.
For privacy questions, write to privacy@bothwant.com. A human on our team reads it.
For security disclosures, write to security@bothwant.com. We will acknowledge within 48 hours and we will not threaten you with a CFAA letter.