Privacy Policy

Last updated: May 27, 2026

This Privacy Policy explains how Dunno Studio ("Dunno", "we", "us") processes personal data when you use the Dunno mobile application and this website (together, the "Service"). We act as data controller for the personal data described below.

1. Who we are and how to contact us

Data controller: Dunno Studio.
Contact for privacy questions, requests under GDPR Articles 15–22, or data complaints: privacy@dunno.app.

2. Data we collect

Account data

• Email address, username, hashed password (or third-party identity via Google Sign-In / Sign in with Apple).
• Optional profile preferences (favourite genres, streaming subscriptions, search language).
• Optional avatar (chosen from preset images).

Usage data

• Movies you swipe like/dislike, matches with your partner, lists you create or save, watched history.
• Couple relationships and pairing requests.

Device and technical data

• Firebase Cloud Messaging token (for push notifications), device platform, app version.
• IP address and user agent at the moment you accept Terms / Privacy (stored in our consent log).

Subscription data

• If you purchase Dunno Pro: subscription status, product identifier, expiration date, and platform (Google Play or App Store). Payment details are processed by Google and Apple — we never receive your card or bank information.

Advertising data

• If you are not a Pro user, Google AdMob may collect advertising identifiers and serve personalized ads, subject to your UMP consent choices in the European Economic Area, United Kingdom and Switzerland.

Live session (guest) data

• If you use a live session without registering, we hold a temporary in-memory record (session code, your chosen genres, ephemeral token) for up to 2 hours, then delete it automatically.

3. Legal basis (GDPR Art. 6)

• Contract (Art. 6(1)(b)) — account creation, matching engine, subscription delivery.
• Consent (Art. 6(1)(a)) — marketing emails (opt-in), personalized advertising (UMP).
• Legitimate interest (Art. 6(1)(f)) — service security, abuse prevention, basic analytics.
• Legal obligation (Art. 6(1)(c)) — retention of consent logs, tax records on subscriptions.

4. How we use your data

• Provide the matching, swiping, list, and notification features.
• Authenticate you and sync state across your devices.
• Send push notifications about matches, partner activity, and account events.
• Process Dunno Pro subscriptions via RevenueCat.
• Show or hide ads based on your Pro status and consent.
• Reply to support requests and enforce our Terms of Service.

5. Who we share data with (processors)

We use the following service providers, who process data on our behalf under written agreements:

• The Movie Database (TMDB) — movie metadata, posters, trailers. Your personal data is not sent to TMDB.
• Google Firebase — push notifications (FCM).
• Google Play Billing / Apple App Store — subscription purchases.
• RevenueCat (RevenueCat, Inc., USA) — subscription management and entitlement state.
• Google AdMob — advertising (for non-Pro users).
• Google Sign-In / Apple Sign In — optional authentication.
• Cloudflare — website hosting and DDoS protection for dunno.app.

We do not sell your personal data to third parties.

6. International transfers

Some processors above are based in the United States. Transfers rely on the EU Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.

7. Retention

• Account data: while your account is active, plus up to 30 days after deletion for backup rotation and abuse logs.
• Consent log: kept for the duration of legal limitation periods (up to 6 years).
• Subscription records: kept for the period required by tax law (up to 10 years).
• Live session data: deleted automatically after 2 hours of inactivity.
• Push tokens: deleted on logout, account deletion, or when the device unregisters.

8. Your rights

Under GDPR you can: access your data (Art. 15), rectify it (Art. 16), erase it (Art. 17), restrict processing (Art. 18), port it (Art. 20), and object to processing (Art. 21).

From the app: Profile → Account → Export my data downloads a JSON copy. Profile → Account → Delete account performs full erasure.

To exercise any other right, email privacy@dunno.app. You also have the right to lodge a complaint with your local Data Protection Authority (in Spain: AEPD).

9. Children

Dunno is not directed to children under 13 (or under 16 in the EEA where stricter age applies). We do not knowingly collect data from minors. If you believe a minor has registered, contact us and we will delete the account.

10. Cookies on dunno.app

This website does not set tracking cookies or analytics by default. Essential cookies may be set by Cloudflare for security.

11. Changes to this policy

We may update this policy. Material changes will be announced in-app and on this page. The "Last updated" date above always reflects the current version.