This Privacy Policy explains how LCR ONE OÜ ("we", "us", "our"), operator of the ChatBoom² mobile application and related services (the "Service"), collects, uses, shares, and protects your personal data. We are the data controller. By creating an account you agree to this Policy.
ChatBoom² is a 18+ dating and social application. We take the privacy of a dating community seriously and design for data minimization.
The Service is strictly for adults aged 18 or older. We collect your date of birth at registration and block anyone under 18. If we learn that a user is underage, we suspend and delete the account.
We collect only what the Service needs to work. Categories:
| Category | Examples | Why |
|---|---|---|
| Account & identity | Phone number, email address (if you use social login), the sign-in provider you use (Google, Apple, LINE) | Create and secure your account, sign you in |
| Profile | Display name, date of birth, gender, orientation, bio, city, languages, height, interests, lifestyle attributes (education, drinking, smoking, zodiac, children), preferences | Build your dating profile and match you |
| Photos & media | Profile photos, optional voice intro, optional short video clip | Show your profile to others |
| Approximate location | Coarse (rounded) latitude/longitude and city — never your exact position | Distance-based discovery and the map explore feature |
| Verification (KYC) | A liveness selfie and a government-issued ID image, when you choose to get verified | Confirm you are a real, of-age person and issue a verified badge |
| Communications | Chat messages, message translations, call sessions (consent-based), and posts/stories you create | Let you talk and interact with matches |
| Activity | Swipes, likes, matches, blocks, reports, dates you plan | Operate matching, safety, and features |
| Device & technical | Device model, OS, app version, push-notification token, IP address, crash and diagnostic data | Deliver notifications, keep the app working, prevent abuse |
| Purchases | Subscription status and transaction identifiers (payment is processed by the app stores / payment providers — we do not receive your card number) | Provide premium features and receipts |
We do not sell your personal data. We do not run third-party advertising networks inside the app.
As an Estonian (EU) company we process personal data under the EU General Data Protection Regulation (GDPR); the Thailand Personal Data Protection Act (PDPA) and other local laws also apply to users in those countries. We rely on: performance of a contract (to provide the Service you signed up for), consent (e.g. location, marketing, KYC media — which you can withdraw at any time), legitimate interests (safety, fraud prevention, improving the Service), and legal obligation.
We use the following categories of providers. Each processes only the data needed for its function:
| Provider / type | Purpose | Data involved |
|---|---|---|
| Google, Apple, LINE | Social sign-in | Your provider account ID and email |
| SMS provider | Send one-time login codes | Phone number |
| Anthropic (Claude) | Message & profile translation, content moderation | Message/bio text to translate or scan (not used to train models) |
| Push notification service | Deliver notifications | Device push token |
| Real-time media (LiveKit) | Voice/video calls and livestreams | Audio/video streams during a call/stream |
| Object storage / CDN | Store and serve photos and media | Photos, media, verification images (encrypted) |
| Map provider | Show the explore map | Coarse coordinates |
| Payment / subscription (app stores, RevenueCat) | Process subscriptions | Purchase and entitlement data (no card numbers) |
| Identity verification vendor | Liveness & ID checks (if enabled) | Selfie and ID document |
Some providers process data outside Estonia. Where we transfer personal data internationally, we use appropriate safeguards (such as standard contractual clauses or an adequacy determination) consistent with the PDPA and GDPR.
We keep personal data only as long as needed to provide the Service and meet legal obligations. Specifically: operational logs are purged after 90 days; ephemeral stories expire after 24 hours; when you delete your account we anonymize or erase your personal data and free your phone number (see section 10). Some records may be retained longer where the law requires.
Subject to applicable law, you may: access your data, correct it, export a portable copy, delete your account, withdraw consent (e.g. location or marketing), and object to or restrict certain processing. You can exercise most of these directly in the app under Settings → Privacy (data export and delete are built in), or by contacting us at support@chat2boom.com. You also have the right to lodge a complaint with your data protection authority — in Estonia, the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon); in Thailand, the Personal Data Protection Committee.
You can delete your account at any time in Settings → Privacy → Delete my data, or by emailing support@chat2boom.com from your registered address. On deletion we erase or irreversibly anonymize your personal data, remove your photos and verification media, and release your phone number. See our dedicated Data Deletion page for full instructions.
We protect your data with encryption in transit, encryption of verification media at rest, access controls and audit logging of sensitive actions, and data minimization. No system is perfectly secure, but we work to protect your information and will notify you and regulators of a breach where required.
The Service is not directed to and may not be used by anyone under 18. We do not knowingly collect data from minors.
We may update this Policy. We will post the new version here with a revised "Last updated" date and, for material changes, notify you in the app.
LCR ONE OÜ
[Registered address, Estonia — to be added]
Privacy / Data Protection: privacy@chat2boom.com
General: support@chat2boom.com
Website: https://chat2boom.com