Privacy Policy

1. Overview

Lasso ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and safeguard your personal information when you use the Lasso platform.

2. Information We Collect

Account information: email address, display name, age, gender, pronouns, location, and bio.

Reflection data: your responses to the values assessment, which generate your Blueprint (dimension scores and narrative text).

Preferences: gender preferences, age range preferences, and reproductive needs for matching.

Nominations: testimonials and calibration responses you provide when nominating others.

Messages: end-to-end encrypted. We store encrypted message bodies but cannot read their content. Only you and your match partner can decrypt messages.

Usage data: page views, feature interactions, and error logs for improving the platform.

3. How We Use Your Data

• To generate your Blueprint and match you with values-aligned users
• To send transactional emails (match notifications, prompt reminders, support confirmations)
• To enforce safety (reviewing reports, detecting policy violations)
• To improve the platform (aggregate analytics, not individual tracking)

4. What We Don't Do

• We do not sell your personal data
• We do not share your data with advertisers
• We do not read your encrypted conversations
• We do not use your data to build advertising profiles
• We do not share your Blueprint with anyone except accepted match partners

5. Data Sharing

Your profile information (display name, age, pronouns, location, bio) is visible to users you're matched with. Your Blueprint scores are shared with accepted match partners only. We use the following third-party services:

• Supabase: database hosting and authentication (PostgreSQL)
• Vercel: application hosting
• Resend: transactional email delivery

We do not share your data with any other third parties except when required by law.

6. Data Security

We implement industry-standard security measures including: row-level security on all database tables, end-to-end encryption for messages (NaCl/Curve25519), CSRF protection, content security policies, and input sanitization. All data in transit uses TLS encryption.

7. Data Retention

Your data is retained as long as your account is active. When you delete your account, all personal data is permanently removed including your profile, Blueprint, reflections, matches, conversations, nominations, and badges.

8. Your Rights

You have the right to:

• Access: view all data we hold about you (available on your profile page)
• Correct: update your profile information at any time
• Delete: permanently delete your account and all associated data
• Export: request a copy of your data by contacting support
• Opt out: unsubscribe from non-essential communications

For California residents (CCPA) and EU/UK residents (GDPR): these rights apply as described above. To exercise any right, use the in-app features or contact us at hi@tandemcg.com.

9. Cookies

Lasso uses only essential cookies for authentication session management (Supabase auth tokens). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Children's Privacy

Lasso is not intended for users under 21 years of age. We do not knowingly collect data from minors. If we learn that we have collected data from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "last updated" date at the top indicates when the policy was last revised.

12. Contact

Questions about your privacy? Contact us at hi@tandemcg.com.