Privacy policy
DRAFT for legal review. It describes how we handle your data today and must be reviewed by counsel in each country before opening to the public. In Chile it will also be reviewed against Law 21.719 on personal data protection as it comes into force.
Version 1 · draft · July 2026
Who is responsible for your data
Sugalink, operator of sugalink.com, is the controller of your personal data. You can write to us at any time at team@sugalink.com.
What data we process
Account data: email, date of birth, gender, interest and role. Profile data you publish: display name, city, bio, interests, photos and, if you receive invitations, your rate. Verification data: the outcome of your identity and age verification, plus a technical identifier of the process. Invitation and date data: venues, times, statuses, the agreed amount and, if you choose to use them, your arrival record and the date code. Unlock payment data: handled by the payment provider; we keep the transaction record, not your card details. Usage and safety data: technical logs needed to prevent fraud, abuse and impersonation.
Your ID document: what we keep and what we don't
Identity and age verification is carried out by a specialised provider. We do not store your document or its number, and it is never shown to other users. We keep the verdict, your date of birth, and an irreversible value (a hash) derived from country, document and date of birth, used solely to detect that the same person opened two accounts. That value cannot be used to reconstruct your document.
Location: check-in only, never tracking
If you choose to record your arrival at a date, we process your location at that moment to confirm you are near the agreed venue and within the time window. It is one-off, voluntary, and serves as evidence in your favour. We do not track anyone in real time, before, during or after the date.
Private photos
Your photos are stored in a private space and served through temporary links. Photos you mark as private are seen only by those you authorise, person by person, and you can revoke that access at any time. They may be displayed with a mark identifying the viewer, to deter non-consensual sharing.
Why we use your data and on what basis
To provide the service and perform our contract with you (create your profile, show compatible people, manage invitations, dates and the conversation unlock). To comply with legal obligations and protect the community, which is our legitimate interest and also a duty: age verification, moderation of profiles and messages, prevention of fraud, coercion and human trafficking, and cooperation with authorities where the law requires. To communicate with you about your account and your dates. Sensitive data arising from verification is processed with your explicit consent and to the minimum extent necessary.
What we don't do
We do not sell your personal data or share it for advertising. We never show your document to anyone. We do not publish your profile to search engines: profile and browse pages are excluded from indexing. We do not process your date money and do not record its payment.
Who we share it with
With providers acting on our behalf under contract: hosting and infrastructure, database, identity verification, payment processing and email. With the other user, only what belongs to your profile and the date. With competent authorities, where there is a legal obligation or a serious threat to someone's safety. Some providers operate outside your country; in those cases we require adequate safeguards for the international transfer.
How long we keep it
While your account is active and for the periods required by law. If you delete your account, we erase or anonymise your personal data, except what we must keep by legal obligation or to evidence safety incidents. Accounts suspended for safety reasons retain the minimum traceability needed to prevent removed users from returning and to assist in preventing trafficking: that retention is limited, justified and reviewable.
Your rights
You may access your data, rectify it, request its erasure, object to certain processing, request restriction and ask for a portable copy. Exercising them is free: write to team@sugalink.com or use your account settings. In Chile you will be able to exercise them under Law 21.719 as it comes into force, before the data protection authority it establishes; in the UK, under UK-GDPR, with the right to complain to the ICO; in the United States, under the law of your state.
Security
We encrypt communications, restrict data access with database-level rules, use no passwords (access is by email link), and our internal panel requires a second factor. No system is infallible: if a breach affecting your rights occurred, we would notify you and report it to the authority within the legal deadlines.
Changes
If we update this policy, we will announce material changes with reasonable notice. Privacy questions: team@sugalink.com.