OFF-LIMITS – PRIVACY POLICY
Version 1.0 — English (Master Edition)
Effective date: upon publication in the App
1. Introduction
This Privacy Policy (“Policy”) explains how OffLimits (“OffLimits”, “the App”, “we”, “us”, “our”) collects, processes, stores, safeguards, and, where necessary, discloses the personal data of individuals who use our services (“users”, “you”). These practices are governed by applicable privacy and data-protection laws, including but not limited to:
the EU General Data Protection Regulation (GDPR),
the ePrivacy Directive,
the California Consumer Privacy Act (CCPA/CPRA),
the Brazilian LGPD,
the UK GDPR,
the Swiss DPA,
and other relevant global standards.
OffLimits is a mobile dating and social-interaction platform designed to help individuals discover and connect with others through profile browsing, matching functionality, and private messaging.
By creating an account with OffLimits, you acknowledge that you have read, understood, and accepted this Policy. If you do not agree with these terms, you must immediately discontinue your use of the App.
2. Definitions
For the purposes of this Policy:
“Personal Data”
Any information relating to an identified or identifiable natural person. This includes, but is not limited to, profile photos, names, age, location information, user interactions, unique identifiers, and message content.
“Sensitive Data”
Personal data that may pose higher privacy or security risks due to its nature or context. In a dating application, this includes photographs showing a person’s likeness, preferences, behavioral data, and private conversations.
“Processing”
Any operation performed on personal data, whether automated or not, including collection, storage, modification, analysis, sharing, and deletion.
“Controller”
The entity that determines the purposes and means of processing personal data.
Data Controller:
OffLimits – operated by Roland Brhlik (Slovakia)
đź“© support@offlimitsdating.com
“Processor”
Any external entity that processes data on behalf of the Controller. OffLimits uses several processors, including:
Supabase (database hosting, authentication, file storage, messaging),
Google AdMob (advertising partner),
Google Analytics for Firebase (analytics provider).
“User”
Any individual aged 18 or older who creates an account in the OffLimits App and uses the service in accordance with this Policy and the Terms of Service.
3. Scope and Purpose of This Policy
This Policy governs:
personal data voluntarily submitted during registration,
information generated while using the App’s features,
private messages exchanged between users,
data collected for advertising and analytics purposes,
interactions with customer support,
and technical data processed for safety, diagnostics, and security.
This Policy does not apply to external websites or services that may be accessed through links inside the App. OffLimits is not responsible for the privacy practices of external platforms.
4. Identity of the Controller & Contact Information
The Controller responsible for your personal data is:
OffLimits – operated by Roland Brhlik
Slovakia
Email: đź“© support@offlimitsdating.com
A Data Protection Officer (DPO) is not appointed, as such appointment is not mandatory under applicable laws for the nature and scale of processing performed by OffLimits.
All privacy-related requests, including requests for access, deletion, or withdrawal of consent, should be submitted to the above contact address.
5. Legal Bases for Processing Personal Data
OffLimits processes personal data based on one or more of the following legal bases:
5.1 Consent (Article 6(1)(a) GDPR)
We rely on your consent when processing data such as:
uploading and displaying photos,
accessing your device’s precise location (GPS),
enabling personalized advertising,
processing optional profile details.
Consent is voluntary and can be withdrawn at any time (see Section 16).
5.2 Performance of a Contract (Article 6(1)(b) GDPR)
We process data necessary to:
register and maintain your user account,
display compatible profiles,
facilitate matches,
deliver messages between users,
provide essential functionality in the App.
5.3 Legitimate Interests (Article 6(1)(f) GDPR)
We process certain data based on legitimate interests, including:
ensuring user safety,
detecting fraud, bot activity, or abusive behavior,
preventing misuse of the App,
improving and optimizing user experience,
providing non-personalized advertising and basic analytics.
Our legitimate interests never override your fundamental rights and freedoms.
5.4 Legal Obligations (Article 6(1)(c) GDPR)
We may process personal data to comply with legal obligations, including:
responding to lawful requests from authorities,
retaining certain information to comply with statutory requirements,
providing information when required for criminal investigations or legal claims.
6. Categories of Personal Data We Collect
OffLimits processes only the types of personal data necessary to operate, maintain, secure, and improve the functionality of the App. In a dating service environment, users must provide certain information voluntarily and understand that some data is essential for proper matchmaking and safety purposes.
Below is a comprehensive overview of all categories of data we may collect and process.
6.1 Data Provided During Registration
When creating an account, users must provide:
first name, nickname, or any chosen display name,
age or date of birth (strictly for age verification purposes),
gender and match preferences,
valid email address,
password (stored in encrypted form),
at least one profile photograph,
optional personal details such as bio, interests, hobbies, personality traits, or other descriptive elements.
These data points are essential for building the user’s profile and making it discoverable for matchmaking purposes.
6.2 Data Provided After Registration
While using OffLimits, you may add or modify:
additional profile photos,
profile descriptions or prompts,
search preferences,
location details (if enabled),
any other optional profile inputs.
Uploaded photos may be processed through automated content-review mechanisms to detect content that violates community guidelines (e.g., nudity, violence, spam, or otherwise inappropriate material).
6.3 Location Data
Depending on your device settings and permissions, OffLimits may process location-related data in the following ways:
a) Precise Location (GPS-Level)
Collected only when you grant explicit permission.
Used solely to:
display users in your vicinity,
optimize results for distance-based matching.
We do not store precise GPS data long-term.
b) Approximate Location (City/Region Level)
May be derived from:
IP address (in pseudonymized form),
coarse device signals,
general region settings.
This level of location is used to categorize users by broader geographical proximity.
c) Technical Location Indicators
These include:
time zone,
device language,
region settings,
locale-based preferences.
They are used to ensure correct functioning of features such as language selection and distance calculations.
6.4 Messages and User Communications
When users interact through chat, OffLimits processes:
text messages,
photos or media sent within the Chat,
message timestamps,
metadata associated with message delivery (e.g., delivery status),
reactions or engagement indicators.
These data are required for:
message delivery,
fraud and abuse detection,
resolving user reports,
maintaining a safe communication environment.
âť— OffLimits does not use message content for advertising or profiling.
6.5 Behavioral and Interaction Data
To deliver a functional dating experience, we process:
profile views and impressions,
likes/dislikes,
matches (“mutual interest”),
unmatches or blocks,
reports of rule violations,
activity metrics such as time spent in the App,
swiping behavior,
preferences expressed in filters.
These data improve:
match recommendations,
user relevance,
ranking algorithms,
safety mechanisms.
6.6 Device and Technical Data
To ensure stability, diagnostics, and performance, we process:
device type, model, and OS version,
App version installed,
device identifiers such as GAID/IDFA,
IP address in pseudonymized form,
mobile network and connectivity information,
crash logs, performance reports, memory usage patterns,
error diagnostics for troubleshooting.
6.7 Advertising Identifiers and Analytics Identifiers
Used to support advertising, analytics, and performance measurement:
Advertising ID (GAID/IDFA),
Firebase Analytics identifiers,
internal pseudonymous identifiers,
ad interaction metrics.
Advertising IDs may be reset by the user at any time via their device settings.
6.8 Cookies and Similar Tracking Technologies
OffLimits does not use web-based cookies within the mobile App environment.
However, SDK-based technologies may:
store unique tokens for authentication,
measure ad conversions,
track anonymized analytics events,
maintain session continuity,
prevent fraudulent activity.
These technologies are standard in mobile applications and do not give us direct access to your device.
6.9 Customer Support Data
When you contact us, we may process:
your email address,
message content,
screenshots or attachments you voluntarily provide,
device diagnostics,
crash data relevant to your request.
These data are used strictly to resolve issues, verify identity when necessary, and prevent misuse of support channels.
6.10 Sensitive Data
Dating applications inherently involve categories considered sensitive based on context, including:
photos containing your likeness,
romantic preferences inferred from your profile and behavior,
chat content,
interpersonal interactions (likes, dislikes, matches),
location-related information.
Sensitive Data is never shared with advertisers or sold to third parties.
Its use is strictly limited to:
providing the service,
ensuring user safety,
moderating harmful behavior,
preventing fraud.
7. Processing of Data by Supabase (Data Processor)
OffLimits uses Supabase as its primary backend and database service provider.
Supabase processes and stores:
user accounts,
profile data,
uploaded photographs,
chat messages and message metadata,
interaction logs,
location snapshots,
security-related logs.
7.1 Security and Infrastructure
Supabase provides:
encryption in transit (TLS),
encryption at rest,
row-level security (RLS) to isolate user data,
database schema isolation,
access-control policies ensuring data segregation,
logging of database operations.
7.2 Geographic Storage
All data processed by Supabase for OffLimits is stored within the European Union.
7.3 Compliance
Supabase adheres to:
GDPR processor obligations,
Standard Contractual Clauses (SCC),
industry-standard security frameworks.
Supabase acts only under OffLimits’ documented instructions and does not process data for its own purposes.
8. Advertising Partners (Personalized Advertising)
OffLimits displays advertisements via:
Google AdMob,
Google Advertising Services,
and associated ad networks approved under Google’s policies.
Personalized advertising is used only with your explicit consent, in accordance with GDPR and Google’s User Messaging Platform (UMP) requirements.
8.1 Data Used for Personalized Ads
Advertisers may process:
Advertising ID (GAID/IDFA),
pseudonymized IP address,
device information,
OS version,
age or gender (if provided by the user),
ad impression and interaction data.
Under no circumstances do advertisers receive:
chat messages,
private images,
GPS location,
precise user identity.
8.2 Withdrawal of Consent
You may withdraw consent for personalized ads at any time:
via in-App settings,
via device settings (reset Advertising ID).
Upon withdrawal, you will receive only non-personalized (“contextual”) ads.
9. Analytics Providers
OffLimits uses Google Analytics for Firebase to measure:
app usage patterns,
feature performance,
crash frequency,
user engagement,
retention trends.
Analytics data is processed in pseudonymized form and does not directly identify you unless expressly stated.
10. Sharing of Personal Data
OffLimits does not sell personal data.
We share data strictly under the conditions described below:
10.1 Advertising Partners
Limited to data necessary for ad display and performance measurement.
10.2 Technical and Infrastructure Providers
Including Supabase, Firebase, and other cloud-based services.
10.3 Other Users
Only the information you choose to make public:
photos,
name or nickname,
age,
city-level location,
bio and interests.
10.4 Legal Authorities
Only when required by law or when necessary to prevent physical or digital harm.
OffLimits minimizes all disclosures to the narrowest legally permitted scope.
11. International Transfers of Personal Data
OffLimits primarily stores and processes data within the European Union through Supabase’s EU-based infrastructure.
However, certain data may be transferred to, or accessed from, countries outside your jurisdiction, particularly when interacting with Google services for advertising and analytics.
All international transfers are protected by one or more of the following safeguards:
11.1 Standard Contractual Clauses (SCCs)
For transfers outside the EEA, OffLimits uses the European Commission’s approved Standard Contractual Clauses, ensuring equivalent data-protection guarantees.
11.2 Adequacy Decisions
Transfers may be made to countries deemed “adequate” by the EU Commission, meaning they offer comparable levels of data protection.
11.3 Contractual and Technical Safeguards
Partners must implement:
encryption at rest and in transit,
access restrictions,
data-minimization principles,
secure data-handling procedures.
11.4 Limited Scope of Transfers
Only data strictly necessary for advertising, analytics, security, or maintenance is transferred.
OffLimits does not transfer:
chat content,
photos,
precise GPS data,
outside the EU unless explicitly required by law.
12. Data Retention and Deletion
OffLimits retains personal data only for as long as necessary to fulfill the purposes described in this Policy, meet legal obligations, or resolve disputes.
12.1 Active Accounts
Personal data is stored for the duration of your active use of the App.
12.2 Inactive Accounts
If your account remains inactive for 24 months, OffLimits may:
deactivate your account,
anonymize your data, or
delete your account entirely.
12.3 Messages and Chat Data
Upon account deletion, messages:
are deleted or anonymized within 90 days,
may be retained longer if required for fraud prevention or investigation.
12.4 Photos and Media
User-uploaded photos are deleted:
immediately after account deletion,
or within 30 days at the latest.
12.5 Security and Fraud Data
Data collected for security, abuse-prevention, or fraud detection may be retained for up to 36 months, where legally permitted.
12.6 Legal Retention Obligations
Certain data may be held longer if required by applicable laws or judicial authorities.
13. User Rights (GDPR, CCPA, LGPD, Global Standards)
Depending on your jurisdiction, you may exercise a variety of rights regarding your personal data.
Please note that OffLimits is committed to safeguarding your privacy and will assist you in exercising your rights in accordance with applicable laws.
13.1 Right of Access
You may request confirmation as to whether we process your personal data and obtain a copy of your data.
13.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete data.
13.3 Right to Erasure (“Right to Be Forgotten”)
You may request deletion of your account and personal data at any time.
OffLimits will:
delete profile data immediately,
anonymize or delete chat data within 90 days,
remove photos within 30 days.
Certain retention limitations may apply where required by law.
13.4 Right to Restriction of Processing
You may request to temporarily restrict the processing of your data in cases where:
data accuracy is contested,
processing is unlawful,
data is no longer needed but must be retained for legal claims.
13.5 Right to Data Portability
Upon request, OffLimits will provide your data in a structured, commonly used, and machine-readable format.
13.6 Right to Object
You may object to processing based on:
legitimate interests,
analytics,
non-essential processing,
personalized or non-personalized advertising.
Your objection will be reviewed without undue delay.
13.7 Right to Withdraw Consent
If processing is based on consent (such as GPS location or personalized ads), you may withdraw consent:
directly in the App settings,
by adjusting device permissions,
by contacting us at support@offlimitsdating.com
.
Withdrawal does not affect the lawfulness of prior processing.
13.8 Right to Lodge a Complaint
Users in the EU may lodge a complaint with their national data-protection authority.
For Slovakia:
Office for Personal Data Protection of the Slovak Republic
https://dataprotection.gov.sk/
Users outside the EU may have similar rights under local laws (e.g., CCPA in California, LGPD in Brazil).
14. Security Measures
OffLimits implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
14.1 Technical Measures
TLS encryption for all communication,
encrypted storage of personal data,
secure access policies and authentication,
automated scanning for harmful or fraudulent behavior,
database-level isolation using Row Level Security (RLS),
regular updates of software libraries and dependencies.
14.2 Organizational Measures
strict access controls for authorized personnel,
internal incident-response procedures,
audit logging and risk assessments,
minimization of staff access to user data.
14.3 No Absolute Guarantee
While we strive to protect your data, no digital platform can guarantee complete security against:
malicious third-party attacks,
systemic service failures,
unauthorized access due to compromised credentials.
Users must take reasonable steps to safeguard their accounts.
15. Age Restriction (18+)
OffLimits is strictly intended only for individuals aged 18 years or older.
15.1 Verification
OffLimits may:
request proof of age,
restrict access to accounts suspected of misrepresenting age,
delete accounts associated with minors.
15.2 No Use by Minors
We do not knowingly collect personal data from individuals under 18.
If such data is discovered, it will be deleted promptly.
16. Consent Mechanisms
16.1 Granting Consent
Consent is required for:
GPS-based location access,
personalized advertising,
optional profile fields,
uploading photos.
Consent can be given in-App through clear, affirmative actions.
16.2 Withdrawal of Consent
Users may withdraw consent:
within the App settings,
by revoking permissions in their device settings,
or by contacting us at support@offlimitsdating.com
Withdrawal may restrict access to features dependent on the withdrawn consent.
17. Automated Decision-Making and Profiling
OffLimits may use automated systems to assist with:
match recommendations,
ranking of profiles,
detection of fraudulent or harmful behavior.
17.1 No Legal or Significant Effects
Profiling does not:
produce legal consequences,
significantly affect user rights,
involve decisions that would produce substantial effects without human oversight.
17.2 Safety-Related Profiling
We may use automated methods to detect:
spam accounts,
bots,
harmful content,
suspicious behavior patterns.
These measures protect the community and ensure platform integrity.
18. Updates to This Privacy Policy
OffLimits may amend, modify, or update this Privacy Policy from time to time to:
reflect changes in applicable laws and regulatory requirements,
introduce new features or modify existing functionality,
improve clarity, transparency, and user understanding,
enhance privacy and security practices,
comply with updated standards from technology partners (e.g., Google’s advertising or consent requirements).
18.1 Notification of Changes
Significant changes to this Privacy Policy will be communicated through:
in-App notifications,
or other appropriate channels (such as email, where applicable).
Minor editorial changes that do not affect the substance of the Policy may be implemented without direct notification.
18.2 Effective Date
All changes become effective upon publication within the App unless stated otherwise.
Your continued use of OffLimits after updates are published constitutes acceptance of the revised Policy.
19. Contact Information
For any questions, requests, complaints, or concerns regarding this Privacy Policy or the processing of personal data, you may contact us at:
đź“© support@offlimitsdating.com
OffLimits – operated by Roland Brhlik
Slovakia
We will respond to all legitimate requests within a reasonable timeframe and in accordance with applicable laws (including GDPR-mandated deadlines, typically within 30 days).
If your request involves deletion, access, or withdrawal of consent, we may require identity verification to prevent unauthorized access to your account or data.
20. Final Provisions
20.1 Governing Law
This Privacy Policy is governed by the laws of the Slovak Republic, European Union data protection regulations (including GDPR), and applicable international privacy principles.
Local laws in your jurisdiction may provide additional rights.
20.2 Severability
If any provision of this Policy is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
20.3 No Waiver
Failure by OffLimits to enforce any provision of this Policy does not constitute a waiver of that provision or any other rights.
20.4 Language and Interpretation
This English version serves as the master reference version for all translations.
In case of discrepancies between language versions, the English version shall prevail to ensure consistent interpretation.
21. Acceptance of This Privacy Policy
By creating an account and using OffLimits, you acknowledge that:
you have read and understood this Privacy Policy,
you agree to the collection, use, and processing of your personal data as described herein,
you consent to any processing operations that require consent,
and you understand your rights and how to exercise them.
If you do not agree with any part of this Policy, you must discontinue use of the App and request deletion of your account.
COOKIES & TRACKING POLICY – OffLimits (EN, Master Version)
Version 1.0 — Global (EU / US / UK / International)
1. Introduction
This Cookies & Tracking Policy (“Policy”) explains how the OffLimits mobile application (“App”, “Service”, “we”, “us”) uses cookies, software development kits (SDKs), device identifiers, and other tracking technologies to provide, personalize, analyze, secure, and improve the App.
This Policy forms an integral part of our Privacy Policy.
By using the App, you acknowledge and agree to the practices described herein.
2. What are cookies and tracking technologies?
Although mobile apps typically do not use traditional “web cookies”, OffLimits uses similar tracking mechanisms embedded within mobile SDKs, including:
Advertising ID (GAID / IDFA)
Firebase Analytics Identifiers
Google Ads SDK identifiers
in-app session tokens
device fingerprints
local storage within the App
These technologies function similarly to cookies and allow the App to:
store essential technical information,
provide personalized or non-personalized ads,
measure analytics and App performance,
protect users from fraud and misuse.
3. Types of tracking technologies we use
3.1 Advertising identifiers (GAID / IDFA)
Used for:
serving personalized advertisements,
serving non-personalized advertisements,
measuring ad performance and conversions.
This identifier is managed by your device operating system and can be reset at any time.
3.2 Third-party SDKs and trackers
The App uses the following SDKs:
Google AdMob SDK
For advertising, ad selection, measurement, and anti-fraud protection.
Google Analytics for Firebase
For usage analytics, performance metrics, feature optimization.
Firebase Crashlytics
For crash reporting and debugging.
These SDKs may process device-related and interaction data strictly for their intended functions.
3.3 Local storage within the App
Local storage is used to save:
App settings,
language preferences,
session tokens,
consent preferences (such as ad personalization status).
Local storage is never used to store sensitive personal information.
4. Purposes of tracking technologies
Tracking identifiers are used for the following:
4.1 Essential App functionality
authentication and login
fraud protection
secure session management
feature configuration
4.2 Analytics
measuring feature usage and engagement
detecting crashes and performance issues
improving App speed and stability
4.3 Advertising
personalized ads (requires consent)
non-personalized ads (no consent required)
ad frequency capping
ad impressions and performance measurement
4.4 Security & fraud prevention
bot detection
suspicious activity monitoring
prevention of spam or misuse
5. Personalized advertising (requires consent)
If personalized advertising is enabled, OffLimits may use:
Advertising ID,
Ad interaction data,
Device metadata,
Demographic signals (if available),
Preferences related to ad categories.
Personalized ads are displayed only if you give explicit consent through the App in compliance with GDPR and Google UMP requirements.
You may withdraw consent at any time.
6. Non-personalized advertising (no consent required)
If you decline personalized advertising, the App will serve:
contextual ads,
randomized ads,
ads not tailored to your behavior or profile.
These rely on minimal technical information strictly necessary for ad delivery.
7. Third-party cookies and tracking technologies
Third parties integrated into the App may use their own identifiers, including:
Google AdMob
ad delivery
anti-abuse detection
performance measurement
Google Ads / Google Marketing Platform
ad analytics
conversion measurement
Firebase & Crashlytics
diagnostics
crash reporting
App stability analysis
OffLimits does not grant these partners access to:
❌ chat content
❌ private photos
❌ precise GPS location
❌ user-to-user interaction patterns
8. How you can manage cookies and tracking
Users have several control options:
8.1 In-App (consent / withdrawal)
The App will present a consent dialog for personalized ads.
You may:
accept,
decline,
or withdraw your consent at any time via the App settings.
8.2 Device-level settings
Android
Settings → Google → Ads → Reset advertising ID
“Opt out of Ads Personalization”
iOS
Settings → Privacy → Tracking
Disable “Allow Apps to Request to Track”
Reset Identifier for Advertisers (IDFA)
8.3 Withdrawal by email
You may also request withdrawal of consent via:
đź“© support@offlimitsdating.com
9. Who has access to tracking data
Access is limited to:
OffLimits (Controller),
Supabase (technical processor),
Google AdMob (advertising),
Google Analytics & Firebase (analytics, diagnostics).
All access is governed by strict contractual and technical controls.
10. Retention of tracking data
Tracking-related identifiers are retained:
during your active use of the App,
or according to Google’s retention policies,
session tokens are temporary,
ad personalization consent is stored for a maximum of 12 months (per Google’s guidelines).
You may reset your Advertising ID at any time.
11. Data protection compliance
All tracking technologies are used in accordance with:
GDPR,
ePrivacy Directive,
Google UMP (User Messaging Platform),
Google Consent Mode,
applicable regional privacy laws.
Sensitive personal data (photos, messages, profile details) is never included in cookies, identifiers, or trackers.
12. Updates to this Policy
This Policy may be updated due to:
changes in legal requirements,
updates to Google Ads or Firebase SDK policies,
improvements to App security,
introduction of new features.
Significant changes will be communicated in-App.
13. Contact
For any questions regarding cookies or tracking technologies, contact:
đź“© support@offlimitsdating.com
OffLimits – operated by Roland Brhlik