Privacy Policy
Privacy Policy
How TantraTribe handles your personal data
Last updated: March 2026
In plain words
• Your private messages are end-to-end encrypted — we literally can't read them.
• We only collect the data we need to run your account, profile, and matches.
• We never sell your data, and we don't use ad-tracking cookies.
• Analytics are optional and only run if you give consent.
• You're in control: download, correct, or delete everything anytime in Settings.
• Questions? Email [email protected].
This is a friendly summary to help you get the gist. The full policy below is what legally applies.
1. Who we are
TantraTribe is a conscious connection community platform operated by Touch of Greene, registered at 3132GK Vlaardingen, The Netherlands (Chamber of Commerce: 92346847). The data controller for your personal data is Touch of Greene.
Data Protection Officer / Privacy contact: [email protected].
2. What data we collect
We collect the following categories of personal data:
• Account data — email address, date of birth, password (stored as a secure hash)
• Profile data — display name, bio, location (city/region), photos, gender, spiritual practices, preferences, and connection intents
• Sensitive profile data — some data you choose to share may reveal information about your sexuality, relationship style, or spiritual beliefs. Under the GDPR, this may constitute special category data (Art. 9). We only process this data with your explicit consent, and you control what you share via your profile settings.
• Messages — all 1:1 and group messages are end-to-end encrypted; we store only the ciphertext and cannot read your messages
• Connection data — interest signals you send or receive, mutual matches
• Community participation — daily question answers, group memberships
• Usage data — page views and feature usage (only with your consent, via PostHog analytics hosted in the EU)
• Technical data — IP address (logged temporarily for security), browser type
3. Why we collect it and legal basis
We process your personal data on the following legal grounds:
• Contract performance (Art. 6(1)(b) GDPR) — to provide your account, messaging, matching, and community features
• Legitimate interest (Art. 6(1)(f) GDPR) — for platform safety, moderation, and abuse prevention. We have assessed that these interests do not override your fundamental rights.
• Consent (Art. 6(1)(a) GDPR) — for analytics and optional email notifications. You can withdraw consent at any time without affecting the lawfulness of prior processing.
• Explicit consent for special category data (Art. 9(2)(a) GDPR) — for any sensitive profile data you choose to share (sexuality, relationship style, spiritual practices). You can remove this data at any time via your profile settings.
4. End-to-end encryption
All private messages are end-to-end encrypted using industry-standard cryptography (NaCl/Curve25519). Your encryption keys are derived from your password and never leave your device in plaintext. We cannot read your messages, and if you lose your encryption recovery key, we cannot restore access to your message history.
5. Data processors (sub-processors)
We use the following third-party services to operate the platform:
• PostHog (EU) — privacy-focused analytics, only with your consent
• Mailgun (EU) — sending notification emails
• OpenAI (US) — generating profile embeddings for community discovery (profile text only, no messages)
• Cloudflare R2 (EU) — secure file storage for uploaded images
• Railway (EU) — cloud hosting infrastructure
All processors are bound by data processing agreements. For transfers to the United States (OpenAI), we rely on the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.
6. Data retention
• Active accounts — your data is kept as long as your account is active
• Deleted accounts — immediately anonymized, then permanently deleted after a 7-day grace period
• Analytics data — retained for up to 12 months
• Security logs — retained for up to 90 days
7. Your rights
Under the GDPR, you have the right to:
• Access (Art. 15) — download all your personal data (available in Settings)
• Rectification (Art. 16) — correct inaccurate data via your profile settings
• Erasure (Art. 17) — delete your account and all associated data (available in Settings)
• Restriction (Art. 18) — request that we restrict processing of your data in certain circumstances
• Portability (Art. 20) — export your data in a machine-readable format (available in Settings)
• Object (Art. 21) — object to processing based on legitimate interest
• Withdraw consent (Art. 7(3)) — withdraw analytics consent at any time via the cookie settings
To exercise any of these rights, contact us at [email protected].
You also have the right to lodge a complaint with your local data protection authority. For the Netherlands, this is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl).
8. Cookies and local storage
• Essential — authentication tokens stored in your browser's local storage (required for the platform to function)
• Analytics & campaign measurement — PostHog cookies for anonymous usage statistics, and, if you arrived via one of our ads, that ad's click ID is reported back to Google to confirm which ads work. Both only run after you give consent.
This measures our advertising, not you: no ad platform sees what you do on the platform, we show no ads here, and we never share your name or email. You can change your cookie preferences at any time.
9. Age requirement
You must be at least 18 years old to use TantraTribe. We verify age during registration based on your date of birth.
10. Changes to this policy
We may update this policy from time to time. Significant changes will be communicated via the platform and, where required, we will ask for your renewed consent. The 'last updated' date at the top indicates when the policy was last revised.
11. Contact
For privacy-related questions or to exercise your rights:
• Email: [email protected]
• Platform: Contact us via the Contact page
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) or your local supervisory authority.