1. What we collect
We collect the minimum amount of data needed to operate the service. This includes:
- Account data, If you register, we collect your email address and a hashed password. You may also sign in via a phone number.
- Usage data, Anonymised logs including your IP address, browser type, operating system, pages visited, and timestamps. These are used for security and performance monitoring.
- Chat metadata, We record session duration and match counts for service improvement. We do not store the content of chat conversations or video calls.
- Payment data, If you subscribe to VIP, billing is processed by a third-party payment processor. We do not store full card numbers on our servers.
- Voluntarily provided information, Interest tags, feedback submissions, and support messages you send to us.
2. How we use your information
We use collected data to:
- Match you with other users and operate the chat service
- Protect users from bots, abuse, and violations of our community guidelines
- Process VIP subscription payments and manage your account
- Send transactional emails (password reset, subscription receipt), never unsolicited marketing
- Analyze anonymised, aggregated usage patterns to improve performance
- Comply with applicable laws and respond to lawful requests from authorities
We do not sell your personal data to third parties. We do not use your data to build advertising profiles.
3. Cookies
We use a small number of cookies and local storage values:
- Session cookies, Required for login and security (CSRF tokens). These expire when you close your browser.
- Preference cookies, Store your chosen settings (theme, language). Persist for 90 days.
- Analytics cookies, Anonymised page-view data via a self-hosted analytics platform. No third-party trackers are loaded by default.
You can disable cookies in your browser settings. Disabling session cookies will prevent you from logging in.
4. Third-party services
We use the following third-party services, each with their own privacy policies:
- Stripe, Payment processing for VIP subscriptions
- Cloudflare, DDoS protection, CDN, and bot detection
- Google Fonts, Typography (Inter font loaded via Google CDN)
We do not use Facebook Pixel, Google Analytics, or other advertising SDKs.
5. Data retention
We retain data only as long as necessary:
- Chat metadata: deleted after 30 days
- Account data: retained while your account is active, deleted within 30 days of account deletion request
- Security logs: retained for up to 90 days, then purged
- Payment records: retained for 7 years as required by financial regulations
6. Your rights
Depending on your jurisdiction you may have rights including:
- Access, Request a copy of the data we hold about you
- Correction, Ask us to correct inaccurate information
- Deletion, Request that we delete your account and personal data
- Portability, Receive your data in a structured, machine-readable format
- Objection, Object to processing of your data in certain circumstances
To exercise any of these rights, contact us at admin [a] bae.to. We respond within 30 days.
7. Children
BAE is intended for users 18 years of age and older. We do not knowingly collect data from children under 13. If you believe a child has created an account, please contact us immediately and we will delete it.
8. Security
We apply industry-standard security measures: TLS 1.3 for all data in transit, AES-256 encryption for data at rest, bcrypt password hashing, and regular third-party security audits. No method of transmission over the internet is 100% secure, but we take reasonable precautions.
9. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users by email and update the "Last updated" date above. Continued use of the service after changes take effect constitutes acceptance of the revised policy.
10. Contact
For privacy questions, data requests, or concerns, email us at admin [a] bae.to. We respond within 30 days.