Escondido Development LLC. ("Melly," "we," "us," or "our") operates the Melly mobile application and website located at www.meetmelly.com (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you access or use the Service. It also explains the rights and choices available to you regarding your data.
By creating an account or using any part of the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, you must discontinue use of the Service immediately.
For the purposes of the EU General Data Protection Regulation ("GDPR"), Escondido Development LLC is the data controller. For questions about this policy or our data practices, contact our Data Protection Officer at hello@meetmelly.com.
1. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable law including the GDPR and the California Consumer Privacy Act ("CCPA").
"Sensitive Personal Data" means Personal Data that reveals racial or ethnic origin, religious or philosophical beliefs, sexual orientation, gender identity, or health information. Given the nature of a dating application, Melly may process certain categories of Sensitive Personal Data as described below.
"Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
2. Information We Collect
2.1 Information You Provide Directly
| Category | Examples | Legal Basis (GDPR) |
|---|---|---|
| Account & identity | Name, email address, phone number, date of birth, gender, profile photographs | Performance of contract; legitimate interest |
| Profile & preference | Quiz responses, bio text, relationship preferences, lifestyle information, interests | Performance of contract; consent for sensitive data |
| User-generated content | Messages sent to other users, photos and media shared in conversations | Performance of contract |
| Payment & transaction | Purchase history, subscription tier. Full payment card details are processed by our PCI-DSS-compliant payment processor and are never stored on our servers. | Performance of contract; legal obligation |
| Support & correspondence | Emails, in-app support tickets, feedback, and any attachments you provide | Legitimate interest; performance of contract |
| Verification | Government-issued ID or selfie photos submitted for identity or age verification, if applicable | Legal obligation; consent |
2.2 Information Collected Automatically
| Category | Examples | Legal Basis (GDPR) |
|---|---|---|
| Device & technical | Device model, operating system and version, unique device identifiers (e.g., IDFA, GAID), app version, browser type and version, IP address, mobile carrier | Legitimate interest |
| Usage & behavioral | Features accessed, screens viewed, tap and scroll interactions, session duration, referral source, crash logs | Legitimate interest |
| Location | Approximate location derived from IP address. Precise GPS location is collected only with your explicit, revocable consent via your device's operating system permission prompt. | Consent (precise); legitimate interest (approximate) |
| Cookies & tracking technologies | Cookies, pixel tags, web beacons, local storage, and SDKs used on our website and within the app | Consent (where required); legitimate interest |
2.3 Information from Third Parties
If you register or log in using a third-party authentication service (e.g., Apple Sign-In, Google Sign-In), we receive your name, email address, and profile picture as authorized by you and permitted by that provider's policies. We may also receive information from analytics partners, advertising networks, and fraud-prevention services to improve the Service and protect users.
2.4 Sensitive Personal Data
Because Melly is a dating application, certain information you choose to provide — such as sexual orientation, gender identity, religious beliefs, or ethnicity — may constitute Sensitive Personal Data under applicable law. We process this data solely to provide our matching and compatibility features, and only with your explicit consent. You may withdraw consent at any time by deleting the relevant information from your profile or by contacting us at hello@meetmelly.com. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
3. How We Use Your Information
We process your Personal Data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and operating the Service, including account creation, profile display, messaging, and quiz-based compatibility matching | Performance of contract |
| Generating compatibility scores and match recommendations based on quiz responses and profile data | Performance of contract; consent for sensitive data |
| Personalizing your experience, including content recommendations and feature suggestions | Legitimate interest |
| Communicating with you regarding account activity, service updates, and responding to support requests | Performance of contract; legitimate interest |
| Sending promotional and marketing communications (only with your opt-in consent where required by law) | Consent |
| Safety, security, and fraud prevention — including detecting fake accounts, preventing harassment, and enforcing our Terms of Service and Community Guidelines | Legitimate interest; legal obligation |
| Analytics and product improvement — understanding usage patterns, diagnosing technical issues, and improving our features | Legitimate interest |
| Complying with applicable laws, regulations, legal processes, and enforceable governmental requests | Legal obligation |
4. How We Share Your Information
We do not sell your Personal Data. For the purposes of the CCPA, we do not "sell" or "share" (as those terms are defined under Cal. Civ. Code § 1798.140) your Personal Data to third parties for monetary or other valuable consideration, nor do we share it for cross-context behavioral advertising.
We may disclose your data to the following categories of recipients:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Other Melly users | Your profile information, quiz results, compatibility scores, and messages are visible to other users as part of the core Service functionality | You control what you share on your profile; messaging content is only visible to conversation participants |
| Service providers & processors | Cloud hosting (e.g., AWS, GCP), analytics, payment processing, push notification delivery, customer support tooling, content moderation | Data Processing Agreements (DPAs) with each vendor; access limited to what is necessary to perform their service |
| Safety & moderation partners | Detecting and preventing fraud, spam, harassment, and illegal activity | DPAs; processing limited to safety purposes |
| Law enforcement & legal authorities | Responding to valid legal process including subpoenas, court orders, or requests where disclosure is necessary to protect the safety of any person | We review each request for legal validity and narrow scope before disclosing |
| Corporate transaction parties | In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets | Acquiring entity bound by this Privacy Policy or equivalent protections; users notified in advance |
| With your consent | Any additional sharing not described above requires your explicit, informed consent | Consent is freely given, specific, and revocable |
5. Data Retention
We retain your Personal Data only as long as reasonably necessary for the purposes outlined in this policy. Specific retention periods are as follows:
| Data Category | Retention Period |
|---|---|
| Active account data | Duration of your account plus 30 days following deletion request (grace period for account recovery) |
| Messages | Deleted within 90 days after both participants have deleted their accounts, unless retention is required for an active safety investigation or legal obligation |
| Verification data (ID, selfies) | Deleted within 30 days after verification is complete, unless required for dispute resolution |
| Payment records | Retained for 7 years as required by applicable tax and financial regulations |
| Usage & analytics logs | Aggregated or anonymized within 24 months |
| Safety & moderation records | Up to 3 years following the incident, or as required by law |
When data is no longer needed, it is irreversibly deleted or anonymized so that it can no longer be associated with you.
To request deletion of your account and all associated data, visit our Account Deletion Request page, use the in-app Settings > Account > Delete Account option, or email us at hello@meetmelly.com.
6. Data Security
We implement technical and organizational measures designed to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
- Role-based access controls ensuring employees access only the data necessary for their function.
- Regular penetration testing and vulnerability assessments by independent third parties.
- Incident response procedures with notification to affected users and relevant authorities within timeframes required by applicable law (e.g., 72 hours under the GDPR).
No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
7. Your Rights
7.1 Rights Under the GDPR (EEA, UK, and Switzerland)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR (and equivalent local legislation):
- Right of access (Art. 15) — obtain confirmation of whether we process your data and request a copy of it.
- Right to rectification (Art. 16) — correct inaccurate or incomplete data.
- Right to erasure (Art. 17) — request deletion of your data where it is no longer necessary, you withdraw consent, or processing is unlawful.
- Right to restriction of processing (Art. 18) — request that we limit processing in certain circumstances.
- Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interest, including profiling.
- Right to withdraw consent (Art. 7) — withdraw consent at any time where processing is consent-based, without affecting prior lawful processing.
- Right to lodge a complaint — file a complaint with your local supervisory authority.
7.2 Rights Under the CCPA / CPRA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to know — request disclosure of the categories and specific pieces of Personal Data we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
- Right to delete — request deletion of your Personal Data, subject to statutory exceptions.
- Right to correct — request correction of inaccurate Personal Data.
- Right to opt out of sale or sharing — as stated above, we do not sell or share your Personal Data. Should this change, we will provide a conspicuous "Do Not Sell or Share My Personal Information" link.
- Right to limit use of sensitive Personal Data — you may direct us to limit use of sensitive categories to what is necessary to provide the Service.
- Right to non-discrimination — we will not discriminate against you for exercising any of these rights.
To exercise any right under this Section 7, contact us at hello@meetmelly.com or through the in-app Settings > Privacy menu. To request account and data deletion specifically, you may also use our Account Deletion Request page. We will verify your identity before processing your request and respond within 30 days (GDPR) or 45 days (CCPA), with extensions as permitted by law.
8. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence, including the United States. When we transfer data outside the EEA, UK, or Switzerland, we rely on one or more of the following safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- The UK International Data Transfer Agreement or Addendum, as applicable.
- An adequacy decision by the European Commission or UK Secretary of State recognizing the recipient country's data protection standards.
- Your explicit consent, where applicable.
You may request a copy of the relevant transfer mechanism by contacting hello@meetmelly.com.
9. Children's Privacy
The Service is not directed to, and we do not knowingly collect Personal Data from, anyone under the age of 18 (or the age of majority in your jurisdiction, if higher). We implement age-screening measures during account creation. If we become aware that we have collected data from a person under the applicable minimum age, we will promptly delete that data and terminate the associated account. If you believe a minor has provided us with Personal Data, please contact us immediately at hello@meetmelly.com.
10. Automated Decision-Making & Profiling
Melly uses algorithmic processing to generate compatibility scores and match recommendations based on your quiz responses and profile data. This processing constitutes profiling under the GDPR. You have the right to request human review of any automated decision that significantly affects you, to express your point of view, and to contest the decision by contacting us at hello@meetmelly.com.
11. Cookies & Tracking Technologies
Our website uses cookies and similar technologies for the following purposes:
- Strictly necessary cookies — required for the website to function (e.g., session management, security). These cannot be disabled.
- Functional cookies — remember your preferences and settings.
- Analytics cookies — help us understand how visitors interact with our website (e.g., Google Analytics). These are set only with your consent where required.
We do not use advertising or behavioral tracking cookies. You may manage cookie preferences through our cookie banner or your browser settings. Disabling certain cookies may affect website functionality.
12. Third-Party Links & Services
The Service may contain links to websites or services operated by third parties. We are not responsible for the privacy practices or content of those services. We encourage you to review their privacy policies before providing them with any personal information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will provide prominent notice through the app (e.g., an in-app notification or banner) and, where required by law, obtain your consent before the changes take effect. The "Last updated" date at the top of this page indicates when the most recent revisions were published. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us through the following channels:
| Contact | Details |
|---|---|
| Data Protection Officer | hello@meetmelly.com |
| Privacy inquiries & rights requests | hello@meetmelly.com |
| General inquiries | hello@meetmelly.com |
If you are located in the EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.