01Who we are
Spring is operated by Kindred Labs Pte Ltd (UEN: 202616321G), a company incorporated in Singapore. In this policy, "Spring", "we", "us", and "our" refer to Kindred Labs Pte Ltd.
We are committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 ("PDPA") of Singapore and other applicable data protection laws.
Our Data Protection Officer can be contacted at dpo@spring.dating.
02What data we collect
We collect the following categories of personal data.
2.1 Information you provide
- Account information: phone number, name, date of birth, gender, gender preferences, and email address (optional). If you sign in via Apple or Google, we receive your name and email from that provider.
- Profile information: photos (up to 8), bio, prompt responses, interests, relationship goals, and lifestyle details (such as education, occupation, religion, smoking, and drinking preferences).
- Messages and communications: text messages, images, and voice notes you send to other users through Spring.
- Payment information: subscription tier and transaction details. Full payment card information is processed directly by our payment processors and is not stored by us.
- Verification data: if you use photo verification, we temporarily process facial geometry data from a liveness check to confirm your identity. This biometric data is deleted after verification is complete.
- Support requests: any information you provide when contacting our support team.
2.2 Information generated through your use
- AI-derived data: when you complete our onboarding conversation, our AI generates a personality profile including trait scores, communication style indicators, and a compatibility embedding used for matching. These are probabilistic assessments, not definitive evaluations.
- AI companion data: conversations with our AI companion are processed to provide personalised responses. The AI extracts and stores key facts, preferences, and conversation summaries as "memories" to improve your experience. You can view, edit, and delete these memories at any time.
- Usage data: how you interact with Spring, including matches, reactions, Date Quest progress, feature usage, and session information.
- Device data: device type, operating system, app version, and push notification tokens.
- Approximate location: if you grant location permission, we collect your approximate location (rounded to ~1km) to show distance on profiles and suggest nearby venues for dates. We do not track your precise real-time location.
2.3 Information from other sources
- If other users report you, we collect the report details.
- We may receive information from app stores related to your subscription transactions.
03How we use your data
We use your personal data for the following purposes:
To provide the service — creating your account, displaying your profile, generating matches, facilitating messaging, and powering Date Quest features.
To power AI features — running your personality assessment, generating compatibility scores, and providing personalised AI companion responses. AI processing involves sending relevant conversation data to our AI processing service providers.
To process payments — managing subscriptions, processing transactions, and sending receipts.
To keep you safe — moderating content, detecting and preventing fraud, enforcing our Terms and Community Guidelines, detecting and reporting child sexual abuse material ("CSAM"), and responding to safety incidents.
To communicate with you — sending match notifications, messages, Date Quest reminders, service updates, and (with your consent) promotional communications.
To improve Spring — analysing aggregated usage patterns, conducting A/B tests, monitoring performance, and fixing errors. We do not use your personal conversations or profile data to train AI models without your separate, explicit consent.
To comply with legal obligations — responding to lawful requests from authorities and meeting our obligations under applicable law.
05International data transfers
Spring is based in Singapore, but some of our service providers operate in other countries, including the United States.
Where your data is transferred outside Singapore, we ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection comparable to that under the PDPA, in accordance with Section 26 of the PDPA. Safeguards include contractual data protection clauses, encryption in transit and at rest, and access controls.
By using Spring, you acknowledge and consent to the transfer of your data to jurisdictions outside Singapore as described in this policy.
06How long we keep your data
We retain your personal data only as long as necessary for the purposes described in this policy, or as required by law.
General retention periods
- Active account data — retained while your account is active.
- AI companion memories — managed through a summarisation process: recent conversations are stored in detail, older conversations are progressively summarised, and you can delete any memory at any time.
- Account deletion — when you delete your account, we permanently delete your data after a 72-hour grace period (during which you can reverse the deletion). Certain data may be retained for up to 12 months after deletion where necessary for safety or fraud prevention.
- Transaction records — retained for up to 7 years as required by tax and accounting laws.
- Biometric verification data — deleted immediately after the verification process is complete.
- Moderation and safety records — retained for up to 7 years for legal compliance and to prevent repeat violations.
- Analytics data — retained in aggregated, de-identified form only.
07How we protect your data
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS) and at rest
- Secure storage of authentication tokens using platform-native secure storage
- Role-based access controls for our internal systems
- Input validation and rate limiting to prevent abuse
- Regular monitoring for security issues
No system is completely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.
In the event of a data breach that is likely to result in significant harm to you, we will notify the Personal Data Protection Commission within 3 business days and notify affected individuals as soon as practicable, in accordance with the PDPA. Notification will include the nature of the breach, the data affected, and the steps we are taking in response.
08Your rights and choices
Under the PDPA and applicable data protection laws, you have the right to:
- Access your personal data — request a copy of the data we hold about you
- Correct inaccuracies in your personal data
- Withdraw consent for any processing based on your consent (this may affect your ability to use certain features)
- Delete your account and associated data through the app settings
- Export your data in a portable format through the app
- Manage AI memories — view, edit, or delete what the AI companion knows about you
- Control notifications — adjust notification preferences in the app settings
- Control location sharing — enable or disable location permissions through your device settings
To exercise your rights, contact us at dpo@spring.dating. We will respond within 30 days.
If you are unsatisfied with our response, you may lodge a complaint with the Personal Data Protection Commission of Singapore.
If you are located in the European Economic Area, you may also have additional rights under the GDPR, including the right to lodge a complaint with your local data protection authority.
09Children
Spring is not intended for anyone under 18 years of age. We do not knowingly collect personal data from minors.
If we discover that we have collected data from a user under 18, we will delete their account and associated data as quickly as possible. If you believe a minor is using Spring, please report it to safety@spring.dating.
10Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before they take effect.
For significant changes to how we process your data, we may ask you to re-confirm your consent.
The "Last Updated" date at the top of this policy reflects the most recent revision.
11Contact us
12Schedule A — Service provider categories
The categories below reflect our service providers as of the effective date. Material changes to data processing arrangements will be reflected in updates to this Privacy Policy.
| Category | Purpose | Jurisdiction |
|---|---|---|
| Cloud hosting and database | Account data, profiles, messages | Singapore, US |
| AI processing | Personality assessment, companion, matching | United States |
| Vector database | Compatibility matching embeddings | United States |
| Payment processing | Subscription and transaction management | United States |
| SMS delivery | Phone number verification | United States |
| Email delivery | Transactional communications | United States |
| Photo storage and CDN | Profile photo hosting and delivery | Global (distributed) |
| Content moderation | Photo and message safety screening | United States |
| Analytics | Aggregated usage analysis (de-identified) | European Union |
| Error monitoring | App stability and crash reporting | United States |
| Push notifications | Match and message alerts | United States |