Back

Privacy Policy

Last updated: March 1, 2026

1. Preamble and Commitments

Tchin Tchin (hereinafter "the Platform" or "the Company") is a dating application enabling adults to organize in-person meetings in cities across French-speaking Africa. We place paramount importance on your privacy and the protection of your personal data.

This Privacy Policy sets out the fundamental principles governing the processing of your personal data. We are committed to respecting the confidentiality of your information and to informing you in a transparent and understandable manner about how we collect, process, store, and protect your data.

Our commitments to you:

  • Transparency: We clearly inform you about our data practices
  • Lawfulness: We comply with the GDPR (EU), Law No. 2013-450 (Côte d'Ivoire), Law No. 2024/017 (Cameroon), and all applicable laws
  • Security: We implement appropriate technical and organizational measures to protect your data
  • Control: You have rights of access, rectification, erasure, portability, and objection
  • Data Minimization: We only collect data that is necessary and retain it only as long as required

2. Data Controller and DPO Contact

Responsible Entity (Data Controller):

  • Name: Hugues Clement DTANKOUO WOPIWO (individual), operating under the name "Tchin Tchin"
  • Address: Sainte-Thérèse, QC, Canada
  • Contact email: [email protected]

Data Protection Officer (DPO): [email protected] (or direct contact via support)

Legal Basis for Processing: Explicit consent (Article 6.1.a of the GDPR). By creating your account and checking the acceptance box during registration, you consent to the processing of your personal data as described in this Policy. You may withdraw your consent at any time by deleting your account or by contacting us at [email protected]. Withdrawal of consent does not affect the lawfulness of processing carried out before such withdrawal. Certain specific processing activities rely on other legal bases: legitimate interest (Article 6.1.f) for fraud prevention and user security, and legal obligation (Article 6.1.c) for retention of identifier history for non-repudiation purposes.

3. Collected Data

We collect the following data based on your use of the Platform:

3.1 Mandatory Data (at registration)

  • Identity: First name, date of birth, gender (male/female)
  • Contact: Email address and/or mobile phone number
  • Location: Country and city of residence (approximate data)
  • Authentication: Encrypted password (secure hash), unique user identifier
  • Profile: Minimum 1 photo (authentic, representing you)

3.2 Optional Data (profile enrichment)

  • Displayed first name, bio/personal description
  • Additional photos (up to 10)
  • Age preferences, location, types of dates
  • Alternative contact phone number (different from account phone)
  • Alternative contact email address (different from account email)
  • WhatsApp, Telegram, or other messaging platform identifiers

3.3 Data Generated During Activity

  • Announcements: Proposed date/time, type of date, location, descriptive text
  • Expressed Interests: When you express interest, contacts you have chosen to share
  • Created Matches: Match confirmation, contacts exchanged between two users
  • Feedback: Ratings (1-5 stars), comments, data on confirmed/unconfirmed dates
  • Blocks: Users blocked by you or blocking you, reasons for blocking

3.4 Technical and Tracking Data

  • Login Logs: Date, time, IP address, device, browser/app version
  • Photo Metadata: Upload timestamp, size, format
  • Cookies and Trackers: Session tokens, preferences (see Cookie Policy)
  • Analytics: Pages visited, duration of visit, interactions (aggregated, anonymized where possible)
  • Notifications: Notification read status, timestamps

3.5 Historicized Identity Data

To ensure non-repudiation and prevent fraud, we maintain a history of all identifier changes:

  • All email addresses used (current and former)
  • All phone numbers used (current and former)
  • All contact phone numbers (current and former)
  • Declared dates of birth and modifications
  • Declared genders and modifications
  • Timestamps and IP addresses of each modification

Justification: This retention is necessary to detect multiple accounts, identify identity impersonation attempts, and comply with legal non-repudiation obligations in the event of disputes or investigations.

4. Data Retention Periods

We retain your data as long as necessary to:

  • Active Account Data: As long as your account exists
  • After Account Deletion: Data anonymized after 30 days; identified data retained up to 3 years for non-repudiation and legal compliance purposes
  • Login Logs: Maximum 90 days
  • Identifier History: 3 years after account deletion
  • Support Correspondence: 2 years
  • Payment Data: Not applicable (free service in V1)
  • Abuse Reports: Minimum 2 years

Legal Exceptions: If you are subject to a legal obligation (e.g., court order, police investigation), we may be required to retain or produce your data beyond normal retention periods.

5. Sharing Data with Third Parties

5.1 Intentional Sharing (by you)

After a confirmed match, you voluntarily choose which contacts to share with the other user:

  • Phone number
  • Email address
  • Messaging identifiers (WhatsApp, Telegram, etc.)

Responsibility: Once shared, these contacts are beyond our control. The other user may use, save, or share them with third parties. Tchin Tchin is not responsible for the subsequent use of this data.

5.2 Service Providers (Data Processors)

We use or may use the following providers, who process your data on our behalf:

  • Application Hosting: Railway Corporation (USA) — server and database hosting
  • Photo Storage and DNS: Cloudflare, Inc. (USA) — photo storage via Cloudflare R2 and DNS management
  • Email Provider: Brevo (Sendinblue, France) — sending OTP verifications and email notifications
  • Error Monitoring: Sentry (USA) — technical error detection and tracking (no personal data transmitted)

Data Processing Agreements: Our providers are subject to their own data protection policies and offer GDPR-compliant Data Processing Agreements (DPA). We rely on the standard DPAs published by each provider and available on their respective websites. We commit to working only with providers offering sufficient guarantees regarding the protection of personal data.

5.3 Legal Obligations (public authorities)

We may be required to share your data if:

  • A judicial authority orders us to do so (warrant, court judgment)
  • A data protection authority requests it
  • A law enforcement agency (police, gendarmerie) is investigating an offense
  • We must comply with legal obligations (e.g., mandatory reporting of crimes)

Notification: Unless legally prohibited, we will attempt to inform you of such requests.

5.4 No Sharing with Commercial Third Parties

Tchin Tchin DOES NOT SELL your data for commercial purposes. We do not share your data with any marketing agency, data broker, or third-party company for their commercial profit.

6. Your Rights Regarding Personal Data

Under the GDPR and applicable laws, you have the following rights:

6.1 Right of Access (Article 15 GDPR)

You have the right to request a copy of all data we hold about you, in a comprehensible format.

6.2 Right to Rectification (Article 16 GDPR)

You have the right to correct inaccurate or incomplete data. However, certain data (identifier history) cannot be modified but may only be flagged as contested.

6.3 Right to Erasure (Right to be Forgotten, Article 17 GDPR)

You have the right to request deletion of your account and personal data. Exceptions:

  • Data retained for legal compliance (3 years of identifier history)
  • Pseudonymized or anonymized data
  • Data required for ongoing investigations

6.4 Right to Data Portability (Article 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format (e.g., JSON, CSV), and to transmit it to another service.

6.5 Right to Object (Article 21 GDPR)

You may withdraw your consent at any time and object to certain processing. We will review your request; if justified, we will cease the processing. Withdrawal of consent does not affect the lawfulness of processing carried out before such withdrawal.

6.6 Right to Restrict Processing (Article 18 GDPR)

You may request that we restrict the use of your data (e.g., store it without actively processing it) pending resolution of a dispute.

6.7 Rights Related to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing that produces legal or significant effects. [Tchin Tchin currently does not implement automated profiling for account restrictions.]

7. How to Exercise Your Rights

To exercise a right:

  1. Send a written request to: [email protected] or [email protected]
  2. Include: Your full name, account email address, user ID (if known), precise description of the right requested
  3. Attach a copy of a valid identity document (for identity verification)
  4. We will confirm receipt within 2 business days
  5. We will process your request within 30 calendar days (extendable to 60 days if complex)
  6. If denied, we will explain the reasons and your possible remedies

7.1 Escalation and Complaint to an Authority

If you are unsatisfied with our response, you have the right to lodge a complaint with the data protection authority of your country:

  • Europe (France): CNIL (cnil.fr)
  • Côte d'Ivoire: ARTCI (Telecommunications/ICT Regulatory Authority of Côte d'Ivoire)
  • Cameroon: ANTIC (National Agency for Information and Communication Technologies)
  • Other countries: Local data protection authority

8. Data Security

We implement the following technical and organizational security measures:

8.1 Technical Measures

  • Encryption in Transit: HTTPS/TLS for all communications
  • Encryption at Rest: Sensitive data encrypted in the database
  • Password Hashing: Secure algorithms (bcrypt, Argon2 or equivalent)
  • Multi-Factor Authentication: OTP via email/SMS available
  • Firewalls and Network Segmentation: Restricted access to data
  • Secure Backups: Encrypted backups tested regularly

8.2 Organizational Measures

  • Access Control: Data access limited to employees with a need to know
  • Confidentiality Agreement: All employees sign a confidentiality agreement
  • Security Audit: Penetration testing and regular audits
  • Incident Response Plan: Documented procedure in case of data breach
  • Security Training: Data protection awareness

8.3 Notification in Case of Data Breach

If a personal data breach occurs, we will:

  1. Notify the data protection authority within 72 hours (if risk to rights/freedoms)
  2. Inform you without undue delay if the breach affects your data and poses a high risk
  3. Take measures to minimize damage

9. Cookie and Tracker Policy

Strictly Necessary Cookies (no consent required):

  • Session tokens (user authentication)
  • Language preferences
  • CSRF cookies (form security)

Analytical and Advertising Cookies (consent required): Not currently used. If implemented in the future, your consent will be requested. You may refuse these cookies; the Platform will remain fully functional.

Cookie Management: You can manage your cookie preferences at any time in your browser or through the Platform settings.

10. Protection of Children and Minors

Tchin Tchin is reserved for adults aged at least 18 years. We do not intentionally process any personal data of children under 18 years of age.

If we discover a minor's account: We will delete it immediately and take appropriate measures, which may include notifying parents or authorities.

11. Data Transfers Outside Your Jurisdiction

Your data is hosted and processed in the United States by our providers Railway Corporation (application server and database) and Cloudflare, Inc. (photo storage and DNS). Your data may therefore be processed outside your country of residence. We are committed to:

  • Making transfers only to jurisdictions providing an adequate level of protection under the GDPR
  • Using appropriate legal instruments (Adequacy Decisions, Standard Contractual Clauses, Binding Corporate Rules) if necessary
  • Informing you in advance if we change processing jurisdictions

12. Regulatory Declarations

In accordance with applicable legislation in the countries where Tchin Tchin operates, we commit to completing the required prior declarations with competent authorities:

  • Côte d'Ivoire: Prior declaration to ARTCI in accordance with Law No. 2013-450 of June 19, 2013 on the protection of personal data. Personal data processing on Ivorian territory will only be carried out after completion of this formality. The declaration number will be published on this page upon receipt.
  • Cameroon: Declaration to ANTIC in accordance with Law No. 2024/017 on the protection of personal data. The declaration number will be published on this page upon receipt.
  • Europe: Record of processing activities maintained in accordance with Article 30 of the GDPR, available upon request at [email protected].

13. Changes to This Privacy Policy

Tchin Tchin may modify this Policy at any time to reflect legal, technological, or operational changes. Changes will be published on this page with an update date.

Material Changes: If we make significant changes affecting the processing of your data, we will notify you by email at least 30 days before they take effect.

Continued Acceptance: By continuing to use the Platform after changes, you accept the updated Policy.

14. How to Contact Us and Your Available Remedies

General Support: [email protected]

Data Protection Officer (DPO): [email protected]

Response Times:

  • Confirmation of receipt: 2 business days
  • Full processing: 30 calendar days (extendable to 60 if complex)
  • DPO escalation: In case of dissatisfaction with support response
  • Authority complaint: Right to lodge a complaint with the data protection authority of your country

Applicable Law and Jurisdiction:

  • This Privacy Policy is governed by the GDPR in Europe, Law No. 2013-450 in Côte d'Ivoire, Law No. 2024/017 in Cameroon, and applicable laws of other countries where Tchin Tchin operates
  • For disputes, jurisdiction: courts of the judicial district of Laval, Quebec, Canada
  • You retain the right to legal action in your jurisdiction of residence (Article 82 GDPR)

Updated Contact Information: This Policy and contact details are current as of March 1, 2026. Please check this page regularly for updates.